Blocking WAN Request on LINKSYS Router

Blocking WAN Request on LINKSYS Router

Post by Bill Mitchel » Wed, 19 Sep 2001 10:54:01

What security risks do I open up to *all* machines on my LAN by *disabling*
the "Block WAN Requests" option on a 4 port LINKSYS Router? The scenario is

I have two computers behind a LINKSYS Router Firewall (4 port hub) and use a
cable modem service as my ISP. I do *not* want my private laptop pinged
because it's private. The other machine is a desktop IIS server which I'm
using for testing purposes and I need to be pingable (I think) because I
want to be able to hit the web server from outside my LAN. I set it up to
bypass the router by including this LAN IP address as the DMZ. In order to
ping this same machine outside the LAN, I had to disable the "Block WAN
Requests" option. However, I'm not sure if this opens up the other LAN
address assigned to the laptop (not part of the DMZ) to the WAN as well. My
primary concern is what this does to the security of my router. Does that
mean my router is now "pingable"? If so, why would this be a concern?

Insight is appreciated...


1. Transition WAN-Router-LAN to WAN-Router-PIX-LAN?


currently we have the following setup:

    WAN <-> Cisco4700 <-> LAN

The LAN consists of three class-C address ranges plus an additional one from
the non-routed space.

The final scenarion should be something like:

    WAN <-> Cisco4700 <-> PIX <-> LAN

where the LAN consists of only non-routed addresses and the PIX does NAT & PAT.
But as we cannot close down our network we thought about a smooth transition:

                   +---> PIX <----+
    WAN <-> Cisco4700            LAN

The Pix will have an address from the non-routed pool on its "inside"
interface. The problem is the "outside" interface and the IP-address of the
router-interface to the Pix. If I use addresses of an existing class-C net
the router complains, because it "knows" that this network is already connected
to its other ethernet interface. Thus, I need at least three routed
IP-addresses: one for the Pix outside interface, one as the NAT address for the
PIX and one for the router interface. And these adresses must be different from
the rest. Am I right?

I thought about subnetting, but the current distribution of the addresses
doesn't seem to allow it. Thus, are there any other ways to achieve what I
want? The Pix has six ethernet interfaces. Do I understand things correctly
that the Pix cannot use IP addresses from the same (sub)net on different

   Christoph Gartmann

-- --------------------------------------------------------------------+
| Max-Planck-Institut fuer      Phone   : +49-761-5108-464   Fax: -452 |
| Immunbiologie                                                        |

| D-79011  Freiburg, FRG                                               |
+--------- ---------+

2. DBLSPACE==way off top

3. Comcast + Linksys Router + WAN/LAN Connectivity Problems

4. MyODBC 3.51.06 on Microsoft Windows 2003 Standard Edition Server

5. wan vs. uplink port on linksys router

6. VPN behind PIX revisited with a routing twist

7. Help! Why does Linksys router WAN light flash?

8. ps-mode.el

9. Linksys Router, Toshiba Modem no WAN IP addy...

10. LinkSys Router WAN and LAN addresses swapped????

11. Linksys router won't detect WAN

12. WAN question using Linksys router

13. Linksys Router WAN link light blinking