WRT610N V2 Access restrictions & https protocol (bug?)

Similar Messages

• \wrt610n - Are access restrictions broken?

  Evening,
  I've had a WRT610n for a while now and it's not given me any hassle.  However I've been letting my neighbour use my net connection wirelessly and decided that I wanted to lock down their connection so they only had access to the internet on ports, 53 (DNS), 80 (HTTP) and SSL on 443.
  I didn't think this would be a problem using access policies so logged in via the web client and setup a policy applied to their MAC address on policy setting 1 blocking access to everything but the above ports.  In the application blocking down the bottom of the page, I created 4 new settings as follows.
  Name = Range1, Protocols both, Ports 1 to 52
  Name = Range1, Protocols both, Ports 54 to 79
  Name = Range1, Protocols both, Ports 81 to 442
  Name = Range1, Protocols both, Ports 444 to 65,535
  I then added them to the blockedl list on the right.  As a test, I also set it against my laptop mac addy so I knew if it worked or not.
  When testing I used ftp from a dos prompt and tried to reach ftp.microsoft.com which is a valid working ftp site.
  Basically, when the policy was enabled, I could still get the ftp to work.  If I took out my port ranges and only added port 21, the ftp connection was blocked as I excpected.  After trying various things, I ended up taking all the applications out of the application list on the left leaving only my 4, then moved that 4 to the bocked list and hey presto it worked.
  Unfortunately...
  When I took my laptop mac addy out of the policy, the policy was still being applied to my laptop.  I tried rebooting my laptop, tried rebooting the router all to no avail.  I then tried setting another policy up granting access to everything for my laptop which done no go.  I even then tried creating the new policy granting my laptop access to everything as number 1, and the other as number 2.
  Finally as a last attempt, I reflashed the router with the latest firmware again (which it was running already), done a factory settings reset and set the router up again with my prefered settings.  I've just tried setting the access policy up again and it now once again doesn't even work.
  Anyone any ideas?
  Dave

  This is my findings, when i add "google.com" to the URL blocking and point my browser to www.google.com it does not block it, if I leave out the www it will block it. A little too explicit in my opinon.

• Access Restrictions bug of firmware 1.01.1 for WRT54G V5 V6

  I am using WRT54G V5.
  The Access Restrictions function won't work properly when using firmwares 1.01.1 and 1.01.0. Ports can't be blocked by using the "Blocked Services" in this function.
  Now I have to switch back to 1.00.9 to make the port blocking work, but there is a DHCP server issue which could only be fixed in 1.01.0 or above.... Could someone fix this BIG BUG and roll out a new firmware????
  Thanks a bunch.
  Message Edited by Dennis_Hsu on 01-08-200705:02 PM

  What is your Fragmentation and RTS threshold value? I'm not sure if I'm reading your message right, but it says as far as I can understand 30. The value should be 2304 instead for both.
  Ty changing the wireless channel also to either 1, 6 or 11.

• How to set 'colliding' access restrictions in wrt610n - what are rule preferences?

  Hello. I want to set up access restrictions to one MAC address (my kid's machine) basing on week days. From Su to Th allow less access time while during Fr-Sa afternoons access time should be longer. The question is how to program it in router. I know I can set rules with "allow" and "disable" keyword, but I don't know rules preference.
  When I set (Su-Th 6-21) allowed access time then router automatically denies defined machine internet access outside this time range. The problem is in the power of thus calculated denying time. I want to allow more access time in weekend, so I hoped if I can simply add "Fr-Sa 6-22:30 allowed access time" rule. I hoped that router will regard explicitly set time over inexplicitly set  time but it appears it is not so.
  Does anyone know the rule of rules? What are their preferences/priorieties, iis it possible to stack more rules affecting one MAC address or it is so simple that the first rule "rulez"? Is it possible to set more than one time rule affecting the one machine?
  Solved!
  Go to Solution.

  Agh! Thanks for your reply, it was good incentive to test the problem little more. Now I'm pretty sure that wrt610n algorithm has problem - it lies with power cuts. In my flat, the last internet user usually turns off power board when goes to sleep. After power is resumed router seemed to work flawlessly yet herein lies the problem and I hope I've found solution.
  The tests I have done:
  1. 2 rules (as mentioned in my first post). Kid's machine works (this is day now). Didn't played with rules times. Just turned router off. When router was turned on, two other (parents) machine get internet access while kid's machine didn't! Kid's machine was banned from internet against the rules. Router has proper time set - I checked it's status.
  2. I turned both rules to "disable access" versions (1. disable access Su-Th 21-23:55; 2. disable access Fr-Sa 22:30-23:55). This rules should work almost the same way (the only problem is, that no rule can expand over midnight, so the third rule should be added, banning access from midnigts to early mornings). The router was switched off. Then on. All three machines now has internet access. I hope, router will ban access in the afternoon automatically, as is set
  My deduction. Algorithm bases on time points. When marked time comes, algorithm do, what it should do (but only, if router is powered). When you set "turn internet access on" time (this is "allow rule"), router turns on the access precisely at the chosen moment of time. If router was dead at that time, it doesn't turn the access on however, when power is restored. But when you set "disable rules" in place of "enable rules" I hope it should work and I tested, that this way router gives access after turning it on. Router should disable internet access to the kid's machine at selected time - at least until smart kid does not turn the router off a few seconds before the switch_off time and soon after turn it on But then there is plenty of more powerfull means of control, so I don't worry too much Yet it seems to me, there is a flaw in algorithm, which doesn't run properly after power on.

• Wrt610n after upd to 2.00.01 tab "Access Restrictions" was gone

  Hello. I decided to update firmware on wrt610n from 2.00.00 B05 to 2.00.01. After it - tab "Access Restrictions" was gone. Can I use this function on this version? If not where I could download firmware by 2.00.00 B05 version?
  Solved!
  Go to Solution.

  Seems weird. I’ve checked on the release notes and FW version 2.0.01 B015 included a fixed on access restrictions. Have you tried powering off and on the router after the update? If power cycle won’t work, you would need to press and hold the reset button for 30 seconds and totally reconfigure the router’s settings. All tabs should be present after reset since it would restore all settings back to factory defaults.

• Signed Applet not loading on Mac OS X if using HTTPS protocol

  Hi All,
  I need to open a trusted applet on Mac OS 10.2. The applet works fine if using HTTP protocol. But if the protocol used is HTTPS the the applet does not loads and "javax.net.ssl.SSLException - untrusted server cert chain" exception comes on the console.
  The error comes for both - Verisign and javakey - signed applet.
  On seaching for possible solution on the net, i came across following link: http://www.macosxhints.com/article.php?story=20020525101202503&query=Workaround+for+secure+Java+applet+problems
  It says that this is Mac's known bug and gives the workaround as:
  1. Access the problematic site with Internet Explorer on Windows. Click on the padlock item and export the certificate to a file.
  2. Copy the certificate to your Mac.
  3. Use the command
  sudo keytool -import -trustcacerts -keystore /Library/Java/Home/lib/security/cacerts -file mycert.cer
  to import the certificate file to your keystore (substitute mycert.cer with the name of the file containing the certificate). The keystore is password protected - the default password is "changeit".
  4. Restart your browser
  But the client cannot be asked to do all this to run the applet.
  Is this problem being solved by Mac in their java implementation or is there any other possible solution?
  Thanx in advance.
  Regards,
  Charu

  I am experiencing the same problem - I notice it does not happen on OS9.2 using IE but appears a problem on all browsers on OSX
  Apple gave me the following reply.....
  Re: Bug ID# 3268633: cannot load applet class under https connection
  Hello Andrew,
  Thank you for bringing this problem to our attention. We have received feedback
  from engineering on your
  reported issue.
  Please know that to get Java to recognize the certificate you will need to do
  one of two things, depending
  on which VM you are using. Since you want it to work with Internet Explorer, we
  will assume Java 1.3.1.
  In Java 1.3.1 you'll need to add the certificate to
  /Library/Java/Home/lib/security/cacerts using
  /usr/bin/keytool to import the certificate into the certificate database.
  In Java 1.4.1 you should be able to just add the certificate to the keychain
  using certtool. For more
  details on how to do this, please refer to the information found at
  <http://java.sun.com/j2se/1.4.1/docs/tooldocs/solaris/keytool.html>. After
  doing so, if you should require
  further help from Apple in resolving this issue, we recommend that you request
  assistance from Developer
  Technical Support. This must be done by filing a Technical Support Incident.
  So I am supposed to tell every Mac user to do the above am I?!!!

• Problem custom HTTP Protocol

  Hello
  I have a ISA Server 2006 Enterprise SP1.
  I created a rule with a custom HTTP protocol (HTTP-Custom outbound TCP 80).
  But when I monitoring logging, my users are acessing internet via another rule.
  If I remove HTTP-Custom and include HTTP protocol, the users access internet via this rule.
  This is a bug? Is there a fix?
  Regards,
  Marcos

  Hi
  That's exactly what I did, but ISA bypass the rule.
  ID
  Name
  Protocol
  From
  To
  User
  1
  Allow Custom HTTP
  HTTP-Custom (Outbound TCP 80)
  Internal
  *.contoso.com
  All Users
  2
  Deny
  HTTP
  Internal
  *.contoso.com
  All Users
  ISA Server ignores the rule 1, traffic always is blocked by rule 2.
  Thanks,
  Marcos

• Delays in net access restriction

  XI31 -  IIS6.0  - .NET (no tomcat)
  It is taking users "minutes" to bring up the net access restrictions...  How can I speed this up PLEASE?!?!!?

  Well I must admit this does not really sound like a best practice. But since this is a rather unusual setup I would recommend to open a case by SAP support (http://service.sap.com/support) and ask if this delay to display the list with the 1800 restriction is by design or a bug.
  Regards,
  Stratos

• Access restrictions timing off by 1 hour

  I don't know if anyone else is experiencing this problem.  I have set access restrictions on my WRT610N router and they execute an hour earlier than set.
  I checked the time zone settings, the system clock and all seem correct. I have a rule that is supposed to turn off access to the Internet at 11:55pm. However, the rule gets executed at 10:55pm.
  This was happening on my first WRT610N which was also dropping network connections. So, I returned that unit and got a replacement.
  The new unit does not drop connections but has the same timing problem.  The only solution I have found is to change the time zone to the next one that is 1 hour behind my time zone.
  Please let me know if anyone else has experienced this same situation.

  My ISP is on the same town as I am. The information they are supplying appears to be correct as my WRT54G uses the same information and its rules execute properly.
  I think there is a problem with the WRT610N. My solution is temporary I hope that Linksys will fix this problem. 

• Create access restriction in designer using script

  Hello,
  I am looking for a way to automate the creation of access restriction within universe.
  I looked in the API universe reference and it seems that there is no entries for such an object
  For information I use Business Objects XIR2 with SP3
  Thanks for any help or answer

  Creation/Modification of Universe Access Restrictions is not part of the Universe Designer SDK, but part of the BusinessObjects Enterprise SDK. 
  It requires sending requests to the CMS using the SDK to get User and UserGroup information.
  For the COM-based version of the Enterprise SDK, the object is known as Overload, and described here:
  [http://devlibrary.businessobjects.com/BusinessObjectsXIR2SP2/en/en/BOE_SDK/boesdk_com_doc/doc/boesdk_com_doc/CrystalEnterpriseOverloadPluginLibrary.html#1351377]
  Sincerely,
  Ted Ueda

• Session and Access Restriction

  Hi:
  I have this problem with access restriction. I was trying to build a "secure" site with sessions where users are able to login and access secure webpages upon successful login. And these webpages are not available as soon as the user session expires or terminated. However, from time to time, these web pages are still accessible after logging out by pressing "back" button on the browser or book-marking these pages.
  I noticed that Hotmail and old Yahoo mail system have the same problem as the one that I have just described.
  I am not using https or virtual host or anythind like that, because I didn't have the resource. It is supposed to be a Basic Authentication (login/password) scheme.
  Could any one light me some fresh ideas?
  Thanks
  Tian Lei Xia ":)

  To avoid the bookmarking problem, set a session attribute with the login details.
  Once they login:
  if(request.getParameter("username")!=null)
       session.setAttribute("username","personA");
  if(session.getAttribute("username")==null)
       //don't display the page
  else
       //show them the pageThis is a very basic technique and there are other ways of doing this. As for logging out then the session should just be invalidated.
  An alternative would be to use the security features of the web deployment descriptor and get the web container to handle the sessions for you (See servlet API specs 2.3 for more details).
  Good luck,
  Anthony

• Unable to connect to the Exchange server using HTTP/HTTPS protocol.

  hi,
  i try to connect microsoft exchange server, but it give me
  error
  Unable to connect to the Exchange server using HTTP/HTTPS
  protocol.
  my code is pasted below............
  <!--- connection parameters --->
  <cfparam name="user1" default="uHRH">
  <cfparam name="user2" default="uHRH">
  <cfparam name="password" default="uHRH">
  <cfparam name="exchangeServerIP" default="192.168.0.1">
  <cftry>
  <!--- Open a connection to the exchange server by
  specifying the required user credentials --->
  <cfexchangeConnection
  action="open"
  username ="#user1#"
  password="#password#"
  server="#exchangeServerIP#"
  <!--- protocol = "http"--->
  connection="conn1">
  <cfoutput>Connection to exchange server
  "#exchangeServerIP#" established</cfoutput>
  <!--- Close connection to exchange server --->
  <CFExchangeConnection
  action="close"
  connection="conn1">
  <cfoutput>Connection to exchange server
  "#exchangeServerIP#" terminated</cfoutput>
  <!--- Error Information --->
  <cfcatch type="any">
  <cfoutput>#cfcatch.message#</cfoutput>
  </cfcatch>
  </cftry>
  if any one know how to solve this error?

  Hi,
  The "<cfexchangeConnection>" tag supports both "HTTP"
  and "HTTPS" connection.. So Please make sure the username has the
  "Outlook Web Access".
  Also try removing the <!--- protocol = "http"--->
  comment which you placed inside the "<cfexchangeConnection>"
  tag.

• Is it possible to access the http web interface over the fa1 management interface?

  Hello All,
      I am remotely connected into a Cat 4500 + Supervisor V module via console cable and point to point connection from laptop to fa1 management interface on SupV.  SupV module is running IOS 15.0(2)SG8.
      I am not able to physically change the patch cable from fa1 management interface to gi2/3 or any other switch port for a couple days and would like to see if it is possible to access the http server through this fa1 port since I am working remotely.  I can ping the laptop from fa1 and tftp ok but cannot access the http/https server.  Is this even possible without connecting the laptop into a regular switch port like gi 2/3 gi 2/4 etc..?  The reason I ask is I would like to use Cisco Networking Assistant gui for some things but need access to https server first over the fa1 link.
  Any suggestions would be much appreciated.
  Thanks!
  -S

  Here is the ACL list.  I have not made any entries into this list and all of these are default at this time.  Do I need to make an explicit allow ACL for http?
  Thanks!
  -S
  #show access-list
  Extended IP access list system-cpp-all-routers-on-subnet
      10 permit ip any host 224.0.0.2
  Extended IP access list system-cpp-all-systems-on-subnet
      10 permit ip any host 224.0.0.1
  Extended IP access list system-cpp-dhcp-cs
      10 permit udp any eq bootpc any eq bootps
  Extended IP access list system-cpp-dhcp-sc
      10 permit udp any eq bootps any eq bootpc
  Extended IP access list system-cpp-dhcp-ss
      10 permit udp any eq bootps any eq bootps
  Extended IP access list system-cpp-energywise-disc
      10 permit udp any eq any eq 0
  Extended IP access list system-cpp-hsrpv2
      10 permit udp any host 224.0.0.102
  Extended IP access list system-cpp-igmp
      10 permit igmp any 224.0.0.0 31.255.255.255
  Extended IP access list system-cpp-ip-mcast-linklocal
      10 permit ip any 224.0.0.0 0.0.0.255
  Extended IP access list system-cpp-ospf
      10 permit ospf any 224.0.0.0 0.0.0.255
  Extended IP access list system-cpp-pim
      10 permit pim any 224.0.0.0 0.0.0.255
  Extended IP access list system-cpp-ripv2
      10 permit ip any host 224.0.0.9
  Extended MAC access list system-cpp-bpdu-range
      permit any 0180.c200.0000 0000.0000.000c
  Extended MAC access list system-cpp-cdp
      permit any host 0100.0ccc.cccc
  Extended MAC access list system-cpp-cgmp
      permit any host 0100.0cdd.dddd
  Extended MAC access list system-cpp-dot1x
      permit any host 0180.c200.0003
  Extended MAC access list system-cpp-lldp
      permit any host 0180.c200.000e
  Extended MAC access list system-cpp-mcast-cfm
      permit any 0180.c200.0030 0000.0000.000f
  Extended MAC access list system-cpp-pppoe-disc
      permit any any protocol-family pppoe-disc
  Extended MAC access list system-cpp-sstp
      permit any host 0100.0ccc.cccd
  Extended MAC access list system-cpp-ucast-cfm
      permit any host 000d.6558.d5fd

• Web Proxying to a WebLogic Cluster using the HTTPS protocol

  Hi all,
  I am recently involved into JWS proxying to WebLogic Cluster.
  I don't have any technical problems at the moment but "conceptual" problems, that is:
  - my jws proxy server should connect to a WebLogic Cluster through a Bea plugin configured wish SSL parameters;
  - my jws proxy server should pass the incoming request using a load-balancing algorithm among the two nodes of the cluster, that are actually installed on two different machines;
  - the jws proxy server doesn't seem to accept multiple certificates.
  My question is: how can I configure my proxy plugin to route the incoming requests to my WebLogic Cluster using the https protocol? As a matter of fact, each certificate should be hostname dependent, and it looks like that the proxy plugin doesn't accept a multiple certificate configuration (and it should actually match the CN entry in the certificates with the actual hostnames of the nodes).
  Any hint?
  Thx a lot,
  Luca

  It is supported in 5.2
            - Prasad
            Wei Guan wrote:
            > As I knew of, secure proxying is not supported yet.
            > --
            > Cheers - Wei
            > Bob Kiep <[email protected]> wrote in message
            > news:8bvvc7$7uf$[email protected]..
            > > The NSAPI plugin cannot perform SSL proxying, as documented at the bottom
            > of
            > > this message (taken from
            > > http://www.weblogic.com/docs/admindocs/nsapi.html#background). When
            > > Weblogic is the proxy, can I do SSL? If someone could send me the link to
            > > where is states whether is SSL or not would be very helpful.
            > >
            > > "The plug-in is for an environment where NES serves static pages, and a
            > > Weblogic Server (operating in a different process, possibly on a different
            > > host) is delegated to serve dynamic pages (such as JSPs or pages generated
            > > by HTTP Servlets). The connection between WebLogic Server and the NSAPI
            > > plug-in is clear text http, not SSL. To the end user -- the browser -- the
            > > HTTP requests delegated to WebLogic appear to come from the same source as
            > > the static pages. In other words, WebLogic on the back-end is invisible.
            > > Additionally, the HTTP-tunneling facility of the WebLogic client-server
            > > protocol can operate through the plug-in, providing access to all WebLogic
            > > services (not just dynamic pages). "
            > >
            > >
            Cheers
            - Prasad
            

• HTTP protocol webmail

  I just signed up for DSL with Qwest and am buying a new 20" iMac. (I curently use a 1999 iMac 333 with dialup.) To get a low cost DSL ($30/ month) I have my ISP as MSN Premium. I know I need HTTP protocol for email and have read the achives to try to figure out what will work regarding web based email and my new iMac without it being a total pain in the butt.
  Do I need the HTTP mail plugin to use hotmail, gmail, yahoo, etc.?
  Would webmailer also be useful when using web based email with the iMac?
  What web based email have others used painlessly with OS 10.4?
  Thanks!
  20"iMac   Mac OS X (10.4.8)  

  Do I need the HTTP mail plugin to use hotmail, gmail, yahoo, etc.?
  The HttpMail plugin is only for Hotmail. It allows you to receive and send Hotmail through the Mail.app but apparently only works for older Hotmail accounts.
  Gmail offers free POP service (to work with Mail and other email client applications). Just follow the instructions here:
  http://mail.google.com/support/bin/answer.py?answer=13275
  Yahoo and other services that don't offer POP access, can sometimes be added to Mail.app with MacFreePOPs. I have used it for Yahoo mail before but, honestly, it was less of a hassle for me just going through Safari.