I have the Actiontec MI424WR-Rev E modem. My general firewall settings are "Typical Security (Medium)." I'm using port forwarding to send port 22 (SSH) to a computer behind the router. This works great, except for the fact that the software firewall logs on that computer show two or three attempts per day (usually from China) to brute-force the login. Not a big deal, since there's no prayer they'll ever guess the ridiculously long, random character strings making up the username and password, and since my denyhosts script just bans that IP after a few failed logins anyway.
NEVERTHELESS, I'd like to knock these script kiddies out before they even reach my computer. So I got a hold of a list of Chinese IP address space. I'd like to use the advanced filtering feature of the router to block those IPs. Problem is, it's not working.
How do I know? I tested it with ShieldsUp. I blocked the ShieldsUp IP with advanced filtering. Ran ShieldsUp against just that port, and sure enough the software firewall on my computer logs an attempt. Nothing I do will make it work. It's almost as if port forwarding is taking precedence over advanced filtering. Is this case? Has anyone had success with advanced filtering?
I've googled a bit on this, and have found other folks complaining in various forums about this not working, but haven't found any solutions.
Barring that, does anybody have a recommendation of a good firewall appliance I could simply add as a gateway? Ideally, one that allows for easy upload of block lists, instead of typing them in by hand as I have to do with the Actiontec user interface?
Hi there, are you using these steps?
Set up Advanced Filtering
With the BHR's advanced filtering options, you can prevent a particular computer on the BHR network from accessing a protocol, such as a game, website, or application.
1. Open a Web browser and enter "http://192.168.1.1" in the Address bar. Then, press the "Enter" key on the keyboard.
2. In the "Login" screen, enter the BHR's username and password (default login: username – "admin"; password – "password" or "password1"), then click OK.
3. In the next screen, click Security.
4. Select Advanced Filtering from the left side the "Security" screen.
5. Advanced filtering can be used on any connection controlled by the BHR, including Network (Home/Office), Broadband Connection (Ethernet and Coax), Ethernet, etc. In this procedure, we will implement advanced filtering for Network (Home/Office). Under the heading ‚"Network (Home/Office) Rules," click Add.
6. Select the computer to filter in both the "Source Address‚" and "Destination Address" sections of the screen from the appropriate drop-down lists.
7. Select the protocol to be filtered from the "Rule Name" section drop-down list. Activate "Drop" in the "Operation" section by clicking the appropriate radio button. Finally, click Apply at the bottom of the screen.
8. When the previous screen (Security) reappears, note that the rule has been added under the heading "Network (Home/Office) Rules." Click OK at the bottom of the screen to apply the changes made. The selected computer will be blocked from accessing the selected protocol.
"Hi there, are you using these steps?"
Let's just pretend that I am and move on. I say "pretend" because there's a lot wrong with your copypasta (which is old and stale).
For starters, step 2, anyone still using the default username/password is a **bleep**. If you are doing this, please cancel your FiOS service and send the router back to Verizon and go color or play with Hotwheels or something, but stay off the internet.
As for Steps 3-4, there is no "Security" link on that screen. You probably meant to say, "Click on Firewall Settings, then answer Yes to proceed, then click on Advanced Filtering."
Steps 5-8 are what I've already done.
So, yeah, I'm using all those steps. My questions wasn't so much about what steps to use to get to Advanced Filtering, and more about why Advanced Filtering isn't working.
So, do you have any ideas?
I don't off hand, but it's always best practice to make sure you are on the same page. That kind of question is better asked direct to actiontec if the port forwarding is taking precedence over AF
You can send them a contact request - they will email you back, but you can't call them direct unfortunately.
Yeah, that didn't help either. First, they answered the wrong question. (Told me to turn off ICMP echo requests, which I already have done, and doesn't have anything to do with the problem at all.) Then they told me to do exactly what I've already done, and admitted they have no idea.
So I'm thinking actiontec routers are junk. Anybody suggest a better router with a GOOD firewall?
Do you have FiOS TV service too? If you don't, then you can just flash the actiontec with DD-WRT and call it a day. DD WRT is pretty robust.
I use a Trendnet with DDWRT Inexpensive and works flawlessly.
I didn't think Rev E was supported. Has something changed?
Start a new topic or ask questions in the open forum.
