cancel
Showing results for 
Search instead for 
Did you mean: 

Netgear DG834

N/A

Netgear DG834

Should I be concerned:
I have a new ADSL account and bought a Netgear DG834 router to connect my NT domain LAN to the outside world. Win2k Server provides DHCP and DNS, so I wanted to turn these off on the router.

After turning off DHCP and changing the password, I tried to configure e-mail reporting for logs and security alerts. My mail server gets its IP address via DHCP and so I didn't want to enter the IP address in the router config. This meant that I needed the router to use my DNS server to resolve the mail server's address. After RTFM'ing for a while and playing with the config, I still couldn't get the router to recognise my mail server. I had tried setting the router's DNS settings to my DNS server's IP address but it didn't work.

So, I phone Netgear support. After an hour, during which the support guy in India asked me to enable remote management and then took over configuring the router, Netgear support told me that I'd have to reconfigure my mail server to use a static IP.

After the call, I checked the config and found that he'd opened up SMTP, POP, and DNS inbound in the firewall rules. I've closed these again and set my mail server with a static IP outside the DHCP-assigned block. All seems to be working properly.

Have I done the right thing by closing these ports or is there a valid reason why they should be open?
6 REPLIES
N/A

Netgear DG834

There is no reason for these to be opened, and you have done the right thing, unless you want them to be accessable from the outside world.

I strongly sugest writing a letter of complaint.

As for your problem, this sounds common amongst routers.

Many do not allow you to set the DNS servers, and other won't let you use hostname entries inside the configuration.

The hostname part, saves on a few extra CPU cycles for the router.

You have two choices at this point.

1: Use a free dynamic DNS service, so the router can lookup from the outside world it needed

2: Configure the DHCP server to a static IP is assigned.

Number 2 is better. You are still granted 100% central control, should you need to change it. And you rotuer can then accept the IP.
N/A

Netgear DG834

Quote
2: Configure the DHCP server to a static IP is assigned.

Number 2 is better. You are still granted 100% central control, should you need to change it. And you rotuer can then accept the IP.

Thanks for both the reality check and the advice.

I've set up the mail server to use a static IP address in "non-DHCP" part of the local octet and added the appropriate A record in the Win2k server's DNS table.

I was worried that opening up those ports would effectively set up my mail server as an open relay. I'm now watching the security logs to see who tries to use it.

Cheers
N/A

Netgear DG834

Did support set them up as forwards or just unblock them explicitly in the firewall.

Unless it was a forwarding rule, there is little damage that could have been caused.
N/A

Netgear DG834

Quote
Did support set them up as forwards or just unblock them explicitly in the firewall.

Unless it was a forwarding rule, there is little damage that could have been caused.

The support guy set up SMTP and POP to forward to my mail server and DNS to forward to my PDC (which also provides DNS on my network).
N/A

Netgear DG834

Really, unless you want to be bombarded with emails when every "Tom, Dick and 'arry" pings you, I would turn Email notification off.
N/A

Netgear DG834

Quote
Really, unless you want to be bombarded with emails when every "Tom, Dick and 'arry" pings you, I would turn Email notification off.

I've set up e-mail filtering to dump notifications into a special folder that I've set up to purge messages over a month old. My mail client can collect thousands of those messages without getting in the way of normal life!