1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

[RT-AC88U] NAT Passthrough Panel

Discussion in 'ASUS AC Routers & Adapters' started by AntonK, Dec 7, 2018 at 10:09 PM.

  1. AntonK

    AntonK Regular Contributor

    Joined:
    Apr 10, 2015
    Messages:
    172
    Hi,

    Is it best router security practice to 'disable' every one of these settings if none of them are being used?

    Thanks,
    Anton
     

    Attached Files:

  2. roguetr

    roguetr Regular Contributor

    Joined:
    May 6, 2018
    Messages:
    83
    I wouldn't say it's best practice, rather maybe configuration streamlining. Really, these are just additional features of the NAT implementation. What you allow and don't allow via NAT can be controlled in other ways.

    Disabling each one may reduce the kernel footprint a little, assuming it prevents the relevant modules from loading. It's always possible any module loaded could increase the chance of a local vulnerability as well, in a multiuser environment.

    If you see a performance improvement by disabling them and you definitely don't need them then I'd say go for it. For the most part though, having to re-enable these options when you do need them is going to be a pita.



    Sent from my MI 5 using Tapatalk
     
    AntonK likes this.
  3. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    28,540
    Location:
    Canada
    In Asus's stock firmware case, disabling also means they add a series of firewall rules to explicitely drop traffic on the associated ports, which can lead to hard-to-track issues down the road (for instance, blocking IPSEC will prevent some VoIP services from working properly).
     
    roguetr and AntonK like this.
  4. JDB

    JDB Very Senior Member

    Joined:
    Aug 28, 2016
    Messages:
    623
    I experienced exactly this and it confused the **** out of me for ages!!


    Sent from my iPhone using Tapatalk
     
    AntonK likes this.
  5. AntonK

    AntonK Regular Contributor

    Joined:
    Apr 10, 2015
    Messages:
    172
    Thanks for the info!
     
    roguetr likes this.