locked
Custom Config WRT54G and Security RRS feed

  • Question

  • WHS is working as it should but I'm concerned about security (because of open ports).
    After enableing uPnP, WHS auto-configured all without issue.

    I wanted to have a look at what auto-config did to my router so that I might customize but was unable to discover any router changes from default that WHS might have made, yet 443 80 etc. are confirmed open (Schields-Up).

    If I turn web sites off in WHS, ports are un-open'd so I know WHS is taking care of everything- I would just like to understand the mechanism so that I might improve security by modifing router settings as painlessly as possible...but wonder if I should be concerned in any case and just forget about it, turning web on only if needed to remote share etc.

    Wednesday, February 18, 2009 3:05 PM

Answers

  • What WHS has done is forward the ports 80, 443, and 4125 from the router to it's IP address. As for why you don't see that in the router setup, well, not all routers support UPnP configuration at all, and not all of those that do offer full support. It sounds like yours accepts UPnP configuration, but doesn't reflect it in the interface (not good, but better than not accepting it at all, I suppose).
    I'm not on the WHS team, I just post a lot. :)
    • Marked as answer by Fauldini Wednesday, February 18, 2009 7:24 PM
    Wednesday, February 18, 2009 5:50 PM
    Moderator

All replies

  • There are several potential security issues with UPnP, so if you're concerned about security you should probably turn off UPnP, give your server a static IP address or set up a DHCP reservation, and forward ports manually.
    I'm not on the WHS team, I just post a lot. :)
    Wednesday, February 18, 2009 4:25 PM
    Moderator
  • Sure, good idea, hope to do that- I just can't see why obvious changes to the router config have been made (otherwise it wouldn't have worked and opend the ports- unless something at server level).

    Confusing thing to me is I see NO changes to ports on the router other than default all null values. Since I hadn't done much port fwding on this router I was hoping to cheat and just replicate what WHS was doing on the router after turning uPnP off.
    Wednesday, February 18, 2009 5:05 PM
  • What WHS has done is forward the ports 80, 443, and 4125 from the router to it's IP address. As for why you don't see that in the router setup, well, not all routers support UPnP configuration at all, and not all of those that do offer full support. It sounds like yours accepts UPnP configuration, but doesn't reflect it in the interface (not good, but better than not accepting it at all, I suppose).
    I'm not on the WHS team, I just post a lot. :)
    • Marked as answer by Fauldini Wednesday, February 18, 2009 7:24 PM
    Wednesday, February 18, 2009 5:50 PM
    Moderator