From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-vc0-f171.google.com (mail-vc0-f171.google.com [209.85.220.171]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id A878821F182 for ; Wed, 24 Oct 2012 06:50:38 -0700 (PDT) Received: by mail-vc0-f171.google.com with SMTP id m18so681091vcm.16 for ; Wed, 24 Oct 2012 06:50:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=DaX/yLUyIUqAK7cM3xTR/A1XYtCGFRm3dtF8Qx+STvo=; b=c44WMRzPnryypUEDU31j0xIBEZFXXsaZNlcBUeOsuvys4y+ePrNFg3duAftJbXFCzM 5GOWPjlqx7jvatkJki5/FO3FJrnEHe9Zu0QC5CoymezvqePQuWQk4kxNnsGbYqylaGD7 jYSziAflRNxCXeGUKvta2JTFdkjW1lZWFpF43YK1KW3EWYedTzaXOH+ZzLHHKt/elFgL eNuhpMpnpFWb+oInpGNQwTxzi4NIKe+aR7147TCqYXsOnW3G5/BAq46FqdQw7Vx61PBd GcygBaaDLKFTf7FFNbGjsCb1/GxVhOURAU2jQ03JJYqTlJ6md2RUPoAeWlsTtZ4gVHqP 2G3w== MIME-Version: 1.0 Received: by 10.52.95.237 with SMTP id dn13mr21582538vdb.83.1351086637115; Wed, 24 Oct 2012 06:50:37 -0700 (PDT) Received: by 10.58.199.231 with HTTP; Wed, 24 Oct 2012 06:50:36 -0700 (PDT) Date: Wed, 24 Oct 2012 09:50:36 -0400 Message-ID: From: Anthony Lieuallen To: bloat@lists.bufferbloat.net Content-Type: multipart/alternative; boundary=20cf307d04c010e80204ccce5fb3 Subject: [Bloat] New Cerowrt user; surprises X-BeenThere: bloat@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: General list for discussing Bufferbloat List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Oct 2012 13:50:39 -0000 --20cf307d04c010e80204ccce5fb3 Content-Type: text/plain; charset=ISO-8859-1 I read that it's not intended to be, but I've just installed Cerowrt as my primary router at home. I was surprised by the fact that: * The list of open/filtered ports in an external nmap is bigger than I expect. I saw the explanation for some of them like ftp/telnet. * But one of them is DNS, and it's really open, and recursively resolving for the entire internet. * And it's answering private (172.30...) names that the world shouldn't know. * I haven't changed any firewalling rules, but the guest wireless (gw10) can see the lan (se00) addresses and communicate with them. I'm sure I could tweak the rules to "fix" all of these, but I'm surprised that this is the default configuration. And I'm not yet 100% confident of the difference between the Firewall pane's "General Settings" and "Traffic Rules" yet, so I don't want to poke too much. --20cf307d04c010e80204ccce5fb3 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable I read that it's not intended to be, but I've just installed Cerowr= t as my primary router at home.=A0 I was surprised by the fact that:
* The list of open/filtered ports in an external nmap is bigger than I exp= ect.=A0 I saw the explanation for some of them like ftp/telnet.
* But one of them is DNS, and it's really open, and recursively resolvi= ng for the entire internet.
* And it's answering private (172.30...)= names that the world shouldn't know.
* I haven't changed any fi= rewalling rules, but the guest wireless (gw10) can see the lan (se00) addre= sses and communicate with them.

I'm sure I could tweak the rules to "fix" all of these, b= ut I'm surprised that this is the default configuration.=A0 And I'm= not yet 100% confident of the difference between the Firewall pane's &= quot;General Settings" and "Traffic Rules" yet, so I don'= ;t want to poke too much.
--20cf307d04c010e80204ccce5fb3--