What's new

Asus RT-AC88U NAT Passthrough

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

hasarouter

Occasional Visitor
In Asus RT-AC88U, the VPN related NAT Passthrough by default allows

PPTP Passthrough
L2TP Passthrough
IPSec Passthrough
RTSP Passthrough
H.323 Passthrough
SIP Passthrough

do any of these pose a security liability ? ie can someone from the WAN take advantage of these passthroughs to connect internally ?
 
The VPN passthru's are actually an artifact of the old Linksys WRT54G source code - it's outbound only, and most smart devs don't touch things that work ;)
 
The VPN passthru's are actually an artifact of the old Linksys WRT54G source code - it's outbound only, and most smart devs don't touch things that work ;)

Unfortunately, Asus decided last year to make these settings do "something". Beside loading the NAT helper, disabling it will also generate a firewall rule to drop traffic for that port... That's something I've reverted in my firmware, because this "all or nothing" actually causes problems for people who need the NAT helper disabled BUT still keep the port open.
 
Unfortunately, Asus decided last year to make these settings do "something". Beside loading the NAT helper, disabling it will also generate a firewall rule to drop traffic for that port... That's something I've reverted in my firmware, because this "all or nothing" actually causes problems for people who need the NAT helper disabled BUT still keep the port open.

gah - missed that one, generally it's been a belly button feature in the past - had a useful thing and then kind of a non-issue...

Last time I had to worry about "PPTP passthru" for example was on my WRT54G going into a Win2K host that was running a PPTP host for remote access...

For outbound - one shouldn't really need to be concerned with any of the pre-defined switches, and for inbound, generally port-forwarding to an internal LAN host works...
 
Unfortunately, Asus decided last year to make these settings do "something". Beside loading the NAT helper, disabling it will also generate a firewall rule to drop traffic for that port... That's something I've reverted in my firmware, because this "all or nothing" actually causes problems for people who need the NAT helper disabled BUT still keep the port open.
how can i truly disable these then? so not firewall rule gets created?
 
how can i truly disable these then? so not firewall rule gets created?
I don't know. My firmware allows you disable the NAT helper without actively blocking the port, I don't know if Asus changed that since that was originally discussed, back in 2018.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top