Be aware that as soon as you "enable" the firewall feature, you will be cut off from Internet access until you have finished the configuration.

Please print this guide, or reboot your modem (WITHOUT saving) to restore previous settings.

It is also a good idea to have the latest firmware for your modem: http://www.billion.com.au/html/download.html

We will follow a configuration to allow Direct Connect to traverse firewall.

Direct Connect configuration requirements are:
Port 411 using TCP, only OUTBOUND connections.
Port 412 using TCP and UDP, with INBOUND and OUTBOUND connections.


First you need to log into your modem.
- Open a web browser, and go to http://192.168.1.254 (this is the default management IP).
- The default access codes are --> Username: admin Password: admin
>ALWAYS change the default password, on everything !

Change management password (if required).
- Log into modem.
- Select "Configuration" --> "System" --> "User Management".
- Select "Edit" on the RH side, and change password as prompted.

Enabling the firewall.
- Select "Configuration" --> "Firewall".
- You now need to "Enable" your firewall.
- Set your "Firewall Policy" to "Low Security Level".
>This allows Web, Email, MSN Messenger, and other common apps to work properly.
- Enable the Logs if you wish to monitor events (See checkboxes).
- Select "Apply".

Allowing programs (protocols) to pass throught firewall.
- Select "Configuration" --> "Firewall" --> "Packet Filter".
- Select "Port Filters" on RH side.
- You will see a predefined list of values already - These are the "Low Security Level" settings.
- At Bottom - Select "Add TCP Filter".
- Enter --> Start: 411 End: 411 Inbound: Block Outbound: Allow
>This allows all TCP traffic on port 411, to exit your network.
- Select "Apply".

- Back on "Port Filtering" page, select "Add TCP Filter.
- Enter --> Start: 412 End: 412 Inbound: Allow Outbound: Allow
>This allows all TCP traffic on port 412, to enter and exit your network.
- Select "Apply".

- Back on "Port Filtering" page, select "Add UDP Filter.
- Enter --> Start: 412 End: 412 Inbound: Allow Outbound: Allow
>This allows all UDP traffic on port 412, to enter and exit your network.
- Select "Apply".

http://home.swiftdsl.com.au/~qldhub/Port_Filter.jpg

Directing external ports to internal computers.
- Select "Configuration" --> "Firewall" --> "Virtual Server".
- Again, you'll see some predefined values.

- Find the first empty field, and insert the following:
- Enable: "Ticked" Application: DC_Client_TCP Protocol: TCP 192.168.1.: your IP Address

- Find the next empty field, and insert the following:
- Enable: "Ticked" Application: DC_Client_UDP Protocol: UDP 192.168.1.: your IP Address
- Select "Apply".

http://home.swiftdsl.com.au/~qldhub/Virtual_Server.jpg

You have now finished configuring your 743GE for firewall and port forwarding.

NOTE: DO NOT save the configuration until you are happy that it is working, because a quick reboot will restore previous values. Also disable ZoneAlarm and other software firewall packages, as they will still be active.

TODO List: Uninstall ZoneAlarm !

Hope this helps ;)

Cheers,

BU

Hi,

Originally posted by Butt-Ugly Also disable ZoneAlarm and other software firewall packages, as they will still be active.

Can't say that I agree with you on removing any software firewalls, as various posts on the Billion forums back up the theory that they (software firewalls) still provide an extra layer/level of protection.

There is actually, no need to remove your software firewall, unless of course it is interferring in some way with the router firewall. Software firewalls give application protection, something hardware firewalls cannot do. I'm still running Sygate with my Billion router, and it tells me if there any any new DLL's, or changed .EXE's, and prompts if a new application tries to access the internet.

Peter

You may be correct, but I believe this point comes down to personal opinion.

However, I totally agree that some form of 'application' protection is required in conjuction with any type of firewall, particularly an up to date AntiVirus program.

Cheers,

BU.

I've set it up like you said, only for SSH:

I have my firewall on High Security and made sure I defined Allow/Allow for Port 22 for TCP (and UDP - just in case). Then in Virtual Server I set up:

SSH-TCP tcp 22~22 192.168.1.21
SSH-UDP udp 22~22 192.168.1.21

where 192.168.1.21 is the address of an XP Home machine running OpenSSH on my LAN.

I can get into it locally (which proves the service is working) but I can't get incoming signals to hit the right machine when request port 22. Any suggestions?

A friend using the same model router (741GE V2) has no problem running this using FreeBSD, and I'm doing it on WinXP Home edition. Perhaps it is a WinXPHome problem? The theory is the same for both, so I don't see how its a problem...

Hi,

You obviously have the XP firewall turned off ?

I've heard it can cause problems. :(

Peter

Originally posted by peterr
Hi,

You obviously have the XP firewall turned off ?

I've heard it can cause problems. :(

Peter

:) Yeah - nailed that one early on (stupid Micro$oft! :mad: )

I got it last night - basically did a Restart Router from the BIPAC config gui and it worked! Up to that point it had been on for three days so maybe the restart helped. Anyhoo, its working now, and I can play games on my PC at home when I get bored at work! :)

Hi all,
i try to open ports ranging from 6881 - 6889, i follow your way to forwarding port but when i check up with ShieldUps it says that those ports are closed. I use Bill 743GE, OS: winXP, i try to estaplish connection using ports 6881 - 6889, but i try for nearly a week but cant make it work. Could any one give me any how to solve this problem.

Batoushai

Hi,

Originally posted by batoushai Could any one give me any how to solve this problem.

The forums at Billion have very good support, see:

http://www.741ge.com/forums/

Peter