turn off "firewall" feature on a home router?

[ncage]

Guys is there any cheap device out there that will act like a router but will let all packets pass back and forth? I want a device that i can connect between two different networks but i don't want any type of packet filtering between the two networks. Of course most home routers have DMZ that you can set up but that is based upon an ip address. I want all traffic to pass unfiltered between the networks just not a specific ip address. Any help would be appreciated.

If you are thinking a bridge will do it that is not correct. A bridge makes two seperate networks the SAME network. Thats not what i want. Each of these networks will still be seperate.

thanks,
ncage

 

[n0cmonkey]

Get a real router.

 

[spidey07]

I would think it would be trivial to just disable NAT.

Once you do that the router should just route like normal and not modify the packet.

 

[marulee]

Originally posted by: ncage
Guys is there any cheap device out there that will act like a router but will let all packets pass back and forth? I want a device that i can connect between two different networks but i don't want any type of packet filtering between the two networks. Of course most home routers have DMZ that you can set up but that is based upon an ip address. I want all traffic to pass unfiltered between the networks just not a specific ip address. Any help would be appreciated.

If you are thinking a bridge will do it that is not correct. A bridge makes two seperate networks the SAME network. Thats not what i want. Each of these networks will still be seperate.

thanks,
ncage

Humm.. I heard a rumor you can DMZ your gateway on particular router with beta-firmware. lol

 

[ncage]

Originally posted by: n0cmonkey
Get a real router.

...and where could you get a "real" router and be cost effective? i am not wanting to shell out the cash for Cisco router that will cost several hundred dollars.

 

[InlineFive]

Most SOHO devices aren't that flexible. If your model supports it you can create a packet filter rule stating that all traffic to and from xxx.xxx.xxx.xxx is allowed. However that is risky if either of you have dynamic WAN IP addresses.

And because of the nature of that setup most LAN functionality (such as games and filesharing) won't work. You would need to use VPN in order to be able to do those things.

 

[ncage]

Originally posted by: spidey07
I would think it would be trivial to just disable NAT.

Once you do that the router should just route like normal and not modify the packet.

As far as i know this would not work. NAT is what does the address translation between the two networks. Without NAT your device would not work as far as i know. I think there is some type of packet filter that allows all outgoing traffic but not all incoming traffic and this is what i want to turn off.

 

[ncage]

Well only way i can figure out to do this is to get a cheap machine and install openbsd. Enable forwarding and disable PF so nothing gets filtered. I had to have another machine that i have to administer. Id really have a simple device that just works. No other alternatives.

 

[InlineFive]

Originally posted by: ncage
Well only way i can figure out to do this is to get a cheap machine and install openbsd. Enable forwarding and disable PF so nothing gets filtered. I had to have another machine that i have to administer. Id really have a simple device that just works. No other alternatives.

What exactly are you trying to share? I'm still confused about that.

 

[n0cmonkey]

Originally posted by: ncage
Well only way i can figure out to do this is to get a cheap machine and install openbsd. Enable forwarding and disable PF so nothing gets filtered. I had to have another machine that i have to administer. Id really have a simple device that just works. No other alternatives.

That was going to be my advice. Not much you'll have to do once its setup, just upgrade once or twice a year.

 

[spidey07]

Originally posted by: ncage
As far as i know this would not work. NAT is what does the address translation between the two networks. Without NAT your device would not work as far as i know. I think there is some type of packet filter that allows all outgoing traffic but not all incoming traffic and this is what i want to turn off.

That is NAT. Turn of NAT and the router routes as normal. I'm sure you could do this with some of the 3rd party software for SOHO routers.

 

[ncage]

I have two different networks that need to be integrated. One network that i can't control. These two different networks have different ip address and subnet mask so stuff will have to go threw a router between the two networks. I will obtain a dynamic address from there network for their side of the equation and static on my side which will be the gateway for my machines.

 

[nweaver]

NAT is a (in consumer devices) "One to Many" Network Address Translation...aka many device appear to have ONE IP to the world. So from network one (lets call it 10.0.1.X) you can't type in the IP of a client on network 2 (10.0.2.X) and get to it, because the Network one machines all see everything behind the WAN address of the NAT device on network 2

a ROUTER on the other hand, does no NAT (unless told too...that's another day) so when you type \\10.0.2.x, it hits the router for that route and then the router routes the packet without modifying (called "managleing in the linux world") the header/addresses on the packet.

Consumer "Routers" are really not routers, the are one to many NAT devices...

in linux, you change a "0" to a "1" and then you have IP routing, no Iptables stuff to even work with.

 

[RebateMonger]

As nweaver notes, NAT devices are basically one-way streets for unsolicted network traffic. In one direction, traffic flows freely. In the other direction, unsolicited traffic is blocked unless you have DMZ enabled (forcing ALL unsolicited traffic to ONE PC) or use Port Forwarding (sending certain packet types to one computer and other packet types to another computer, using a predetermined Port Forwarding table).

If you want a router to pass two-way unsolicited traffic, you need it in Routing Mode, not in NAT mode.

 

[ch33zw1z]

Set your main pc to the DMZ, get a hub and extra NIC, run all other pc's through the hub and forward them through the NICs installed in your pc. you will have to use static IPs for your devices unless you set up DHCP on your PC. have fun, k.

 

[tyanni]

 

[spidey07]

I'm honestly smacking my head over this thread.

Turn off NAT. Now you have a router. It routes.

 

[nweaver]

Originally posted by: spidey07
I'm honestly smacking my head over this thread.

Turn off NAT. Now you have a router. It routes.

most consumer devices dont' allow this...

 

[spidey07]

Originally posted by: nweaver

Originally posted by: spidey07
I'm honestly smacking my head over this thread.

Turn off NAT. Now you have a router. It routes.

most consumer devices dont' allow this...

WTF! You're kidding, right?

Then why do they offer basic routing protocols?

I guess I'll just show my ignorance of SOHO gear. If you can't turn these things into basic routers then I'm never posting in a SOHO router thread again. That's fvcking ridiculous.

GRRRRRRRRRRRRRRRRRRRR.

I hate how the SOHO market throws around terms that just ain't right.

 

[InlineFive]

Originally posted by: spidey07

Originally posted by: nweaver

Originally posted by: spidey07
I'm honestly smacking my head over this thread.

Turn off NAT. Now you have a router. It routes.

most consumer devices dont' allow this...

WTF! You're kidding, right?

Then why do they offer basic routing protocols?

I guess I'll just show my ignorance of SOHO gear. If you can't turn these things into basic routers then I'm never posting in a SOHO router thread again. That's fvcking ridiculous.

GRRRRRRRRRRRRRRRRRRRR.

I hate how the SOHO market throws around terms that just ain't right.

Aftermarket firmware for the WRT54GL can do BGP, OSFP and RIP2 routing but other then that most of the SOHO devices only perform NAT.

 

[spidey07]

Originally posted by: InlineFive
Aftermarket firmware for the WRT54GL can do BGP, OSFP and RIP2 routing but other then that most of the SOHO devices only perform NAT.

Then Why th fvck are they called routers?

 

[nweaver]

because natters didn't sound as good?

I have always hated the term "routers" for that stuff..that is why I (almost) always preface this with "soho routers"

 

[RebateMonger]

Originally posted by: spidey07
I hate how the SOHO market throws around terms that just ain't right.

Some makers use the term "Gateway", rather than "Router".

I've never looked very hard at "true router" functionality of SOHO "Gateways". I've used the Cisco 67x series of DSL Modem/Routers extensively, and the Cisco modem/router definitely allows NAT to be turned off, allowing multiple IP addresses on the WAN side, for instance.

It appears that the routing protocols and Static Routing screens in SOHO "Gateways" are only for configuring the LAN side of the "Gateway", if you have a secondary connection (like an ISDN modem) where you want to send packets addressed to specific subnets.

Note that this $50 Belkin FSD5321-4 Router allows NAT to be turned off, as well as multiple WAN IP addresses. (Page 57 of the User Manual)

Don't forget that if you turn off NAT, you need multiple Static IP addresses from your ISP if you want to have more than one computer on your home network.

 

[n0cmonkey]

Originally posted by: spidey07

Originally posted by: InlineFive
Aftermarket firmware for the WRT54GL can do BGP, OSFP and RIP2 routing but other then that most of the SOHO devices only perform NAT.

Then Why th fvck are they called routers?

Because its sexier, and marketing people chose the name.

 

[ch33zw1z]

SOHO routers technically operate at layer 3, thus preform "routing". it may not be as configurable as a Cisco router...but it's still doing basic functions.