Your forum username:
Do you already have an account?
Forgot your password?
  • Log in or Sign up


    Welcome to Sky User - The Unofficial Support Forum for everything Sky! - Proudly helping over 65k members.


    Advertisement

    Results 1 to 5 of 5

    Problem with Firewall Rules and Dynamic IP Addresses

    This is a discussion on Problem with Firewall Rules and Dynamic IP Addresses within the Sky Router forums, part of the Sky Broadband help category; Hi Guys, I have a problem caused by Sky only issuing Dynamic IP Addresses with such short DHCP lease time. ...

    1. #1
      davies9648's Avatar
      davies9648 is offline Sky User Member
      Exchange: 01621
      Broadband ISP: Sky Max/Unlimited
      Router: Netgear V2 DG934G
      Sky TV: Sky+
      Join Date
      Jul 2010
      Posts
      3
      Thanks
      0
      Thanked 0 Times in 0 Posts

      Problem with Firewall Rules and Dynamic IP Addresses

      Hi Guys, I have a problem caused by Sky only issuing Dynamic IP Addresses with such short DHCP lease time. You might expect the lease to be at least a few days so that your dynamically assigned IP address would survive a reboot - but it doesn't.

      My problem is that I want to enable NetBios from one Sky broadband connection to another. I can set up port forwarding through the firewall to allow a specified public source IP address through to my target workstation private address on the specific ports, but of course the source IP address is not static. Dynamic DNS such as DYNDNS.ORG is great for other things but you can't use the hostname in a firewall rule (and in any case even on a Cisco router the hostname is translated to IP address at boot time only).

      So the only available option with Sky routers is to enable ANY source IP address through to my target workstation and rely on user authentication but I might just as well not have a firewall in that case.

      All that I've read about Port Address Translation, which is basically what this is about, seems to ignore the fact that the whole world can then get through your firewall on those enabled ports. The discussion in these forums to enable Remote Desktop for example, suggests changing the default inbound firewall rule form "Deny All" to "Allow Any on 3389 to {Private Address}". This allows anyone in the whole world to get to your workstation and have a go at your username and password. What you really want is "Allow {my public address} on 3389 to {Private Address}" then deny everything else.

      I don't think I'm going to get very far with this because I really need a static IP address to configure in the firwall rules and I won't get this from Sky. I might have to change ISPs to one who will issue a static IP address.

      However I thought I'd at least ask if anyone out there knows a way to get around this problem.

      Many thanks in advance.

      Brian


    2. Advertisement
    3. #2
      simonmpoulton's Avatar
      simonmpoulton is offline Sky User Member
      Exchange: Chester Central
      Broadband ISP: Sky Fibre Unlimited
      Router: Non Sky Router
      Sky TV: Sky+ HD
      Join Date
      Feb 2007
      Posts
      1,620
      Thanks
      0
      Thanked 11 Times in 11 Posts

      Re: Problem with Firewall Rules and Dynamic IP Addresses

      I dont really see the problem, user level authentication is more than secure enough for every need I can think of, unless of course your password is something daft like 1234 . Do you honestly think a hacker is going to specifically target your specific IP Address 24/7 to try and break in when he has millions to choose from on the net? Additionally you keep the same IP Address providing you dont reboot or resync the router, I dont know about you but my line is certainly stable enough to stay up 24/7 and my IP address doesnt usually change when I reboot the router anyway!
      I use both SSH remote access and VPN access in between connections frequently and have never had any security issues, sure there might be the odd person who tries to break in but I always find they've given up within about 10 minutes

      Pace SKY HD With Seagate Pipeline HD 2TB

    4. #3
      davies9648's Avatar
      davies9648 is offline Sky User Member
      Exchange: 01621
      Broadband ISP: Sky Max/Unlimited
      Router: Netgear V2 DG934G
      Sky TV: Sky+
      Join Date
      Jul 2010
      Posts
      3
      Thanks
      0
      Thanked 0 Times in 0 Posts

      Re: Problem with Firewall Rules and Dynamic IP Addresses

      I don't want to be difficult but if user level authentication was good enough, we wouldn't need firewalls!

      Hackers use software which attemps to access ip addresses and ports in sequence at ubelievable speeds and latches onto any it finds open, so chances are you're going to get hacked at some point if you've got open ports.

      I manage two Sky ADSL routers at 2 different locations and both change IP addresses on reboot (and sometimes overnight when Sky do line tests or power glitches). I'd normally expect a DHCP lease to have a TTL of a few days but Sky apparently don't.

      In my work I've always used an IP-SEC VPN client into a Cisco VPN concentrator but I'm not sure about a VPN connection directly between two hosts because one of them must surely need to run a service. How have you done this? I guess port-forwarding just the VPN port from any to my host would be secure enough.

      Thanks

      Brian

    5. #4
      simonmpoulton's Avatar
      simonmpoulton is offline Sky User Member
      Exchange: Chester Central
      Broadband ISP: Sky Fibre Unlimited
      Router: Non Sky Router
      Sky TV: Sky+ HD
      Join Date
      Feb 2007
      Posts
      1,620
      Thanks
      0
      Thanked 11 Times in 11 Posts

      Re: Problem with Firewall Rules and Dynamic IP Addresses

      The point is your entire system isnt open just by having a port open for VPN for example. The only thing on that port is the VPN server not your system and the VPN server with all its encryption and user login will prevent hackers from accessing the system. The firewall built into windows will usually as set up by default only direct traffic through to the allowed programs.
      It's very easy to setup a VPN between two systems, just set up one system for incoming connections, specify the user accounts that can connect and then connect using the IP address or dynamic dns name from the other.

      Pace SKY HD With Seagate Pipeline HD 2TB

    6. #5
      davies9648's Avatar
      davies9648 is offline Sky User Member
      Exchange: 01621
      Broadband ISP: Sky Max/Unlimited
      Router: Netgear V2 DG934G
      Sky TV: Sky+
      Join Date
      Jul 2010
      Posts
      3
      Thanks
      0
      Thanked 0 Times in 0 Posts

      Re: Problem with Firewall Rules and Dynamic IP Addresses

      Yes OK I'm going to give VPN a go. Are you saying just install a VPN Client at each end and set them up differently or am I missing something? What do you use/recommend?

      Cheers

      Brian

     

     

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •  
    SkyUser - Copyright © 2006-2017. SatDish and NewsreadeR | SkyUser is in no way affiliated with Sky Broadband / BSkyB
    RIPA NOTICE: NO CONSENT IS GIVEN FOR INTERCEPTION OF PAGE TRANSMISSION