|
|
|
|
| Author |
|
|
Still Doin Time
Join Date: Nov 2004
Location: Nokesville, Va.
Posts: 8,225
|
Physical Firewall for New Coax-in Wireless Router
I recently installed RG6 copper cabling in my home. One line of which is connected to COX high-speed IE access. On other end is a compatible wireless router that I purchased out right. All works as designed.
Software-wise you can adjust the settings for the firewall in the advanced tab/config via the router internal menu But is there a way to provide a physical block / firewall between the coax in and the router itself to protect my IP from incoming crap and take-overs? Advice please.
__________________
'15 Dodge - 'Dango R/T Hauls groceries and Kinda Hauls *ss '07 Jeep SRT-8 - Hauls groceries and Hauls *ss Sold '85 Guards Red Targa - Almost finished after 17 years '95 Road King w/117ci - No time to ride, see above '77 Sportster Pro-Street Drag Bike w/93ci - Sold |
||
05-14-2020, 09:44 AM
|
|
|
The Unsettler
Join Date: Dec 2002
Location: Lantanna TX
Posts: 23,885
|
Quote:
Are you talking about your public facing IP? If yes, think about that.
__________________
"I want my two dollars" "Goodbye and thanks for the fish" "Proud Member and Supporter of the YWL" "Brandon Won" |
||
|
05-14-2020, 02:51 PM
|
|
|
Back in the saddle again
Join Date: Oct 2001
Location: Central TX west of Houston
Posts: 56,168
|
What's your exact setup, coax straight into wifi-router or coax into modem/router into wifi-router?
And just to be clear, there's no "physical" block for what amounts to electrons short of unplugging it. I'm not sure that adding another piece of equipment would really buy you anything other than increased complexity, more possibility for maintenance and something else to break or cause problems. I'm assuming that the coax goes into the wifi-router directly which has a built in firewall as well as the wifi on the back end. The firewall that's built into the wifi-router should be fine, and should work at the front edge of the router. If you got a firewall that went in front of the wifi-router, then the public facing IP would then have to go on the public facing side of that firewall, so it wouldn't be protected any differently other than if the firewall was just a better device.
__________________
Steve '08 Boxster RS60 Spyder #0099/1960 - never named a car before, but this is Charlotte. '88 targa  SOLD 2004 - gone but not forgotten
|
||
|
05-14-2020, 04:09 PM
|
|
|
Back in the saddle again
Join Date: Oct 2001
Location: Central TX west of Houston
Posts: 56,168
|
If my assumption is true about the coax going into the wifi-router, then this might help.
The top is what you have now. Below that is what you would have.  The only real benefit that I can see is that a dedicated firewall might be a better firewall than a firewall built into a wifi-router, but maybe not. And then you're still adding all of that complexity and extra stuff to require maintenance or break.
__________________
Steve '08 Boxster RS60 Spyder #0099/1960 - never named a car before, but this is Charlotte. '88 targa SOLD 2004 - gone but not forgotten
|
||
|
05-14-2020, 04:23 PM
|
|
|
Still Doin Time
Join Date: Nov 2004
Location: Nokesville, Va.
Posts: 8,225
|
Yes- coax RG6 in to wireless router- then connect devices in the home wirelessly. No hard cabling from router connected to anything. I guess what I'm asking is what IP does the 'outside' world 'see'? If someone can see what that is, can't they use that to obtain the device addresses to hack?
__________________
'15 Dodge - 'Dango R/T Hauls groceries and Kinda Hauls *ss '07 Jeep SRT-8 - Hauls groceries and Hauls *ss Sold '85 Guards Red Targa - Almost finished after 17 years '95 Road King w/117ci - No time to ride, see above '77 Sportster Pro-Street Drag Bike w/93ci - Sold |
||
|
05-14-2020, 05:57 PM
|
|
|
The Unsettler
Join Date: Dec 2002
Location: Lantanna TX
Posts: 23,885
|
Quote:
Any hardened firewall you added to what you already have would still have the same public IP You are adding complexity and not solving your problem which really is not a problem. If you want to obfuscate your true IP you should be looking at a VPN service. I have to logon to developer systems hosted by Sony, Microsoft, Nintendo, for some of my work. I can only login from an IP that's whitelisted on their end which sucks when travelling or remote, as in not in my home or office, IP addresses that are known to them and authorized for access. I pay for a dedicated IP from Nord so not matter where I am I look like i'm coming from the same place which is not where I really am. Nord is dirt cheap if you don't need a dedicated IP which you don't. VPN's do impart a bit of a bandwidth hit but a consumer grade user would never really notice. VPN's can be useful to get around geo fences. Last week I had to check on something in Australia and kept hitting a CAPTCHA from the partner every time I hit their site. Got really annoying so I logged into Nord, picked Australia as where I wanted to appear to be coming from and problem solved, no more CAPTCHA because I was now inside the geo fence.
__________________
"I want my two dollars" "Goodbye and thanks for the fish" "Proud Member and Supporter of the YWL" "Brandon Won" Last edited by stomachmonkey; 05-14-2020 at 08:22 PM.. |
||
|
05-14-2020, 08:13 PM
|
|
|
|
Still Doin Time
Join Date: Nov 2004
Location: Nokesville, Va.
Posts: 8,225
|
I think there is a way to do a VPN through the router software settings- I believe. Could it be that easy?
__________________
'15 Dodge - 'Dango R/T Hauls groceries and Kinda Hauls *ss '07 Jeep SRT-8 - Hauls groceries and Hauls *ss Sold '85 Guards Red Targa - Almost finished after 17 years '95 Road King w/117ci - No time to ride, see above '77 Sportster Pro-Street Drag Bike w/93ci - Sold |
||
|
05-15-2020, 03:52 AM
|
|
|
Back in the saddle again
Join Date: Oct 2001
Location: Central TX west of Houston
Posts: 56,168
|
Quote:
The type of VPN that SM was talking about is a bit different. That VPN involves you connecting to someone else's public IP. THen an encrypted tunnel is created from your public IP to their public IP. All of your traffic is routed through that tunnel, and then when it pops out onto the Internet, it looks like it's coming from their public IP. Even with VPN, people on the Internet will constantly be scanning your ISP's network to find unprotected hosts. Folks may not know "AG is behind IP address x.x.x.x", but it will be common knowledge that ATT home internet is using ip addresses x.x.x.x through y.y.y.y and Comcast is using w.w.w.w through z.z.z.z and .... Even if you use a VPN to browse the Internet, your public IP will always be visible and always be public, just like you can't hide the fact that your home is at 123 Main St because it's sitting there in between your neighbors homes and is a matter of public record. All the VPN does is hide your public IP from the websites that you browse to while you're using it.
__________________
Steve '08 Boxster RS60 Spyder #0099/1960 - never named a car before, but this is Charlotte. '88 targa SOLD 2004 - gone but not forgotten
|
||
|
05-15-2020, 04:17 AM
|
|
|
The Unsettler
Join Date: Dec 2002
Location: Lantanna TX
Posts: 23,885
|
Quote:
And yes on all the rest. Well yes and no on this Quote:
OP, you are worrying about something that you really can't do anything about and really should not be giving a second thought because it's simply the way it works and the billions of people connected to the internet are all in the same boat. This is sorta like when folk post pics of their car and blur the plate but drive around every day where everyone can see it. If you do want to hide from sites you visit use Opera browser, has a built in VPN you can enable. Never used it myself so have no opinion, I just know it's there.
__________________
"I want my two dollars" "Goodbye and thanks for the fish" "Proud Member and Supporter of the YWL" "Brandon Won" Last edited by stomachmonkey; 05-15-2020 at 04:45 AM.. |
||
|
05-15-2020, 04:36 AM
|
|
|
Still Doin Time
Join Date: Nov 2004
Location: Nokesville, Va.
Posts: 8,225
|
Wow- ok lots of great, specific information in the above answers -thanks!
__________________
'15 Dodge - 'Dango R/T Hauls groceries and Kinda Hauls *ss '07 Jeep SRT-8 - Hauls groceries and Hauls *ss Sold '85 Guards Red Targa - Almost finished after 17 years '95 Road King w/117ci - No time to ride, see above '77 Sportster Pro-Street Drag Bike w/93ci - Sold |
||
|
05-15-2020, 10:52 AM
|
|
|
Registered
Join Date: Jul 2003
Location: Glorious Pac NW
Posts: 4,184
|
Quote:
So a service outside responds to your routers' IP address and the port that your internal machine opened a connection on. Any incoming connection to your router on a random port gets dropped on the floor; there's nothing in the NAT table for it. Only "well-known" services on the router itself or connections you've chosen to have port-forwarded to internal hosts will work inbound. This isn't even firewalling as such; just how a NAT router works. Inbound connection that doesn't line up with an existing outbound connection? It has nowhere to go... There are times when this isn't true (like when you pay for a static IP block). But it's rare for any ISP to give that out without you specifically asking/paying extra, so you'd probably know. Also, most won't do it on residential service at all these days - need business class. RFC1918 addresses, like the hosts on the internal network use, are not routed over the public internet. Anyone outside your network trying to reach the address that corresponds to one of your internal hosts will get their packets dropped on the floor. Which isn't to say that you machines can't be exploited or compromised via connections that you initiate, either from dodgy website or links/attachments etc in emails ...
__________________
'77 S with '78 930 power and a few other things. |
||
|
05-15-2020, 12:22 PM
|
|
|
The Stick
|
Next door neighbor turns his cable modem/router off when he is not getting on the internet.
If you have a router based VPN, software is on the router not the computer. It will not allow connections your devices don't initiate. Like NAT with an extra step of obfuscation at the VPN provider, ie your router only accepts packets from the VPN provider specifically. Connections from anywhere except the VPN to your public IP are dropped. I have a home business connection with static IPs and the only devices not behind my NAT router/firewall are firewall hardened servers that only allow access to sepecific ports/services.
__________________
Richard aka "The Stick" 06 Cayenne S Titanium Edition Last edited by RKDinOKC; 05-15-2020 at 12:42 PM.. |
||
|
05-15-2020, 12:34 PM
|
|
|
|
Get off my lawn!
|
I too am on Cox cable as my internet provider. I have the COX GIGABLAST internet service. I get "only" and average or 900 Mbps so it is not really giga fast.
I had to buy a new router and modem to get the speed I do have. I have the Asus T-AX92U router and a Motorola modem that Cox says to get to have it work. That router has a ton of setup options that I have pretty well locked down. I would love to have some computer geek com test my security, and show me how to make it stronger, but I feel like it is very secure. Hopefully I am not deluding myself.
__________________
Glen 49 Year member of the Porsche Club of America 1985 911 Carrera; 2017 Macan 1986 El Camino with Fuel Injected 350 Crate Engine My Motto: I will never be too old to have a happy childhood! |
||
|
05-15-2020, 12:37 PM
|
|
|
It'll be legen-waitforit
Join Date: Jan 2002
Location: Calgary, Canada
Posts: 6,996
|
We tell clients to turn off the provided Wifi, put a firewall and Access Point in behind the firewall...
__________________
Bob James 06 Cayman S - Money Penny 18 Macan GTS Gone: 79 911SC, 83 944, 05 Cayenne Turbo, 10 Panamera Turbo |
||
|
05-15-2020, 01:28 PM
|
|
1994 Porsche 928 GTS
Carrera
