What's new

Asus RT-AC88U NAT Passthrough

hasarouter

Occasional Visitor
In Asus RT-AC88U, the VPN related NAT Passthrough by default allows

PPTP Passthrough
L2TP Passthrough
IPSec Passthrough
RTSP Passthrough
H.323 Passthrough
SIP Passthrough

do any of these pose a security liability ? ie can someone from the WAN take advantage of these passthroughs to connect internally ?
 

ColinTaylor

Part of the Furniture
No, there'd have to be something compromised on the LAN side to begin with.
 

sfx2000

Part of the Furniture
The VPN passthru's are actually an artifact of the old Linksys WRT54G source code - it's outbound only, and most smart devs don't touch things that work ;)
 

RMerlin

Asuswrt-Merlin dev
The VPN passthru's are actually an artifact of the old Linksys WRT54G source code - it's outbound only, and most smart devs don't touch things that work ;)
Unfortunately, Asus decided last year to make these settings do "something". Beside loading the NAT helper, disabling it will also generate a firewall rule to drop traffic for that port... That's something I've reverted in my firmware, because this "all or nothing" actually causes problems for people who need the NAT helper disabled BUT still keep the port open.
 

sfx2000

Part of the Furniture
Unfortunately, Asus decided last year to make these settings do "something". Beside loading the NAT helper, disabling it will also generate a firewall rule to drop traffic for that port... That's something I've reverted in my firmware, because this "all or nothing" actually causes problems for people who need the NAT helper disabled BUT still keep the port open.
gah - missed that one, generally it's been a belly button feature in the past - had a useful thing and then kind of a non-issue...

Last time I had to worry about "PPTP passthru" for example was on my WRT54G going into a Win2K host that was running a PPTP host for remote access...

For outbound - one shouldn't really need to be concerned with any of the pre-defined switches, and for inbound, generally port-forwarding to an internal LAN host works...
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top