Jump to content

IP pass through


Gus K

Recommended Posts

Currently using SBC/Yahoo DSl. Figured it was time for a router, mainly for NAT. Picked up a used Westell 2200 Modem which is also a router and handles PPPoe and NAT, as opposed to the strictly modem that SBC supplies. The Westell is said to be very good at handling marginal POTS lines (bad weather causes static on my line that 2 service tickets have failed to fix completely, that sometimes slows me down).After some work I got it to work and it seems fine and I've also got some stats to read now if I want. With my firewall (ZA free) turned off I still come up 'stealthed' at all the various sites, and for the most part I've now got a relatively static IP. The computer is also faster rebooting now (waiting for the next windy rainy day to see how my connection holds up).In configuration it's set for 'IP passthrough'. Set this way games/bit torrent etc. work without any other changes. Is this a less secure way to operate? The docs I read where a bit confusing. Should I disable IP passthrough? Will my IP address no longer be visable then? And does this then mean I will have to set various ports etc. to get my apps to work?As a side note I've found that the older Speedstream 5360 handles these staticy periods better than the newer 5100 (haven't tried the newest 5100b). My 5100 is headed for Ebay.

Link to comment
Share on other sites

I believe 'IP passthrough' bypasses the NAT function of the router. I would reactive ZA ASAP.I run with a router also and I also run ZA on all the pcs. While the router will slow down outside attempts to get at you ZA stops insiders from getting out. And with the router stopping the majority of the hacks the overhead of ZA is reduced. The documentation for your Westell router states "Application 1 – Westell IP-Passthrough using Single Static IPThe IP-Passthrough or Single Static IP (SSIP) feature lets you ‘pass-through’ or ‘share’ the public IP address of the WireSpeed unit itself with a selected device on the LAN. So applications or devices that would normally have a problem working through NAT or the integral firewall, can now function trouble-free using a public IP address – at no extra cost"ie the NAT function is being bypassed.On my routers "IP passthrough" is labeled "IP Address of Virtual DMZ Host" and the Help for this features states "Adding a client to the DMZ (Demilitarized Zone) may expose your local network to a variety of security risks, so only use this option as a last resort."

Link to comment
Share on other sites

True but I don't think this is what Gus K has. But I could be mistaken. Depending on the frequency of accessing a VPN I might only enable the passthru when I needed to do that.

Link to comment
Share on other sites

ie the NAT function is being bypassed.
Hmm... but when I exit/turn off ZA and hit Sheilds Up, or any other testing site I'm still showing as stealthed. When I first had it hooked up, as modem only with XP handling PPPoe, which ZA off, all ports where open. Switching the modem to PPPoe/router function and enabling DHCP in XP, with ZA still off I was now stealthed. I assumed that IP passthrough meant my IP was visible, but NAT was still working (something was stealthing my ports) . Do most NAT routers at Shields up also block the users IP address?I of course am now running with ZA on. I read Westells lit but I was a bit confused (still am). Am I misinterpreting the tests at Shields up?thanks
Link to comment
Share on other sites

If you are using a NAT firewall you will always be stealthed according to Shields UP whether or not you have a software firewall installed, e.g. ZoneAlarm.

Link to comment
Share on other sites

I am not familiar with the Westell 2200.However in most cases the Router part of the Modem/Router Combo is a “Baby†Router.It usually lacks the flexibility and adds ons of a Regular Cable/DSL Router.

Link to comment
Share on other sites

You are just fne with your current set-up. Keep in mind that "stealth" is good because the attacker cannot see you to launch a specific attack. However, you are still vulnerable to "shotgun" type attacks, which is where the software firewall comes into play. With both, the "outer ring" of your defense is as solid as it's going to get, short of a lot of $$$ applying enterprise defenses.

Link to comment
Share on other sites

linuxdude32
However, you are still vulnerable to "shotgun" type attacks, which is where the software firewall comes into play.
Assuming by shotgun, you mean wide random attacks on IPs, wouldn't the router firewall still block those? I had understood that stealth means the IP address discards packets without signalling the sender that it has done so (as opposed to just rejecting packets and saying so). Just curious. I hadn't heard of cases where certain types of attacks could make it through a hardware firewall but not a software firewall. Wondered if you could elaborate.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...