inselaffe on 16/11/2009 at 17:44
We just got a new router, a Belkin F5D8235-4 N+ router.
Turns out it blocks loads of things default that you wouldn't expect - like irc ident didn't work properly and msn voice chat.
This wouldn't be so much of a problem but it seems you can only do 20 port forwards on the firmware - so you run out of slots fast (and with common applications i don't really know what i need to unblock - or why some games work when i haven't forwarded their ports - or does this just mean they run slower online?). And the firmware for doing these port forwards seems really annoying. Also you can't do port forwarding for every computer (so if you wanted to unblock irc for every computer you would have to do it individually for every pc - though I don't really know what you would do then as you can't have them on the same port).
I think you can always enable upnp but i heard it is a bit unreliable and it doesn't work for old games and things?
Are belkin routers and firmware really that bad or should I persevere with it?
Any suggestions would be great, thanks :) whether it be to stick with it and suggestions on how to use it or a better alternative :)
The router is for a cable connection, as we are with NTL (virgin). Apparently that makes a difference :S
Thanks for your time
Al_B on 17/11/2009 at 19:56
I'm not familiar with that exact router but a lot of the above problems are common to lots of them. I had a quick scan of the manual and it seems to suggest that UPnP is enabled by default so I'm surprised your MSN voice chat didn't work. I'm not too surprised that your IRC identd didn't work (unless you were also using a client that is supposed to support UPnP).
One of the biggest issues with UPnP is that it can put your network at risk. In theory, any application (including a malicious web application) could potentially expose your computer the internet. However, it does have advantages and ultimately enabling it is down to how much risk you'll accept.
For the games that work even without port forwarding, I assume that either you're connecting to the person hosting the game or that the games are negotiated by another server. In both situations you do effectively open a port on your router - but an extremely restricted one that can only be associated with the connection you've established. In this case, the person hosting the game or the external server
will be set up to listen for a game connection - so you don't need to do it at your end.
You're correct that you can't create a manual firewall rule that will go from one port on the internet to multiple internal ports. That router (like pretty much any other) will be making your internal network look like one big computer to the internet.
I can't think of any 'magical' solutions off the top of my head. Another router may be able to support more than 20 rules at once, but it's unlikely to solve your other problems. A few options (most of which are probably not practical):
* Where your applications / games support it choose different external network ports for each computer.
* Set up a spare PC as a linux firewall and make it the DMZ client. Make all network connections go through the linux firewall and you should be pretty unrestricted as to the number of rules you can have
* For IRC - use an alternative identd server to either genuinely handle multiple local clients (such as (
http://ostatic.com/midentd)) or simply by fudging the responses to be acceptable to the IRC server. (I left IRC behind about 15 years ago so no idea how to set this up)
* Purchase another IP address (Virgin don't allow this any more - and even when they did it was only for certain customers - but I've had this on ADSL before)
Given that I suspect you don't need to open as many ports as you think you do, the first option will probably solve most of your issues.
As for your final point - access controls - is he genuinely wanting to do this to limit when certain computers can access the internet or as a form of wireless protection? This used to be common some time ago but was never very secure and as long as you have decent wireless security (WPA2 ideally but even WPA is probably good enough) it shouldn't be required for that reason.
Not sure if the above helps or just confuses!
inselaffe on 18/11/2009 at 21:03
Ok thanks, that certainly explains some things :) I guess I don't need to open up ports for games and things unless I plan to host then.
The final point is moot now as it looks like we are sticking with this router anyway.
Thanks for the info.
