Configuring a Linksys firewall for inbound access [was ATT BroadBand Port Blocking]

[chy at genuity.com (Chuck Young)]

I forgot who started this one now, but I banged my head against the wall a few
days ago to figger this out since I normally do not allow inbound access, but
needed to FTP in.  I hope my pain brings you gain...

On my Linksys (Which has the VPN feature, but is otherwise identical), there
were several preconditions to success, and of course I threw out the manual as
I would rather ROTF than RTFM cause I don't have it and don't want to look it
up either :-)

Config the router:

1 Turn off the DHCP server
2 Disable SPI (Stateful [yeah right] Packet Filtering)
3 Permit the desired port to the desired machine inside

So, assign yourself a static IP on your net, with correct mask DNS and default
route, check to be sure SPI is disabled, and then permit TCP 21 into your
linux box.  If passive FTP is desired, you may need to enable TCP 20 as well.
Then test it by sending us an email or calling a friend to see if they get a
password prompt or using a school account to check it out, etc.

If you want, turn off the "Block LAN request" so you can ping the attbi IP
address that shows up in the WAN DHCP tab under status.  That's where you FTP
to.

If this still fails, try an upgraded image and/or reset to defaults first,
then reconfigure the access.

Whoever you are, let me know how you made out.

FINAL POINT:  you will likely get hacked if you hang out there for very long;
patch the app first, consider long tough passwords, TCP wrappers, etc. but
shut down all the access after you do your thing, unless you can live like
that all the time.

HTH...I think that's my $.03!

---------------
Chuck Young
Security Consulting
Genuity E-Services
A level(3) Company
--------------------