Skip to main content
Forum FAQ's
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Does the EE SmartHub (Black) Firewall work

Go to solution
andyd20duckcom
Investigator
Investigator

‎24-04-2025 06:39 PM - edited ‎24-04-2025 06:46 PM

Hello everyone, I have just moved from BT to EE. Over the weekend BT collected their router which I really wanted to keep as iit had more configurable settings than the EE device, unfortunately the wanted £50 for it. Anyway, the EE router is installed and is working, we have phone calls and broadband, but the EE router doesn't appear to be blocking traffic as suggested.

I have a pFsense firewall behind the EE router in the DMZ, the same as I did with BT. the pFsense has had to have the alarms disabled as the EE router isn't blocking ports. The EE router is using its default DHCP settings.

On the screen it states:

andyd20duckcom_0-1745515094476.png

Can someone confirm if it is supposed to block these ports by default even if the device is in the DMZ, or have I been protected in the past by the BT router blocking unsolicited data to the DMZ even when it wasn't supposed to?

21, 22, 23, 25, 53, 80, 110, 137, 138, 139, 143, 443, 445, 548, 587, 993, 995, 1433, 1701, 1723, 3306, 5432, 8008, 8443

The logs have items such as these:

 
andyd20duckcom_17-1745516177982.png

I have tried it another way by using port forwarding but that seems to do the same.

Appreciate the forums thoughts on this, it does look like the DMZ hasn't got any firewall protection at all even though the text on the screen indicates it has, or the data wouldn't be reaching the pFsense (192.168.1.1). Once I know I can make arrangements to accommodate.  And for some reason my post has been marked as Spam! Go Figure.

0 Helpful
1 SOLUTION

Accepted Solutions
Go to solution
WillKirk
Skilled Contributor
Skilled Contributor

‎25-04-2025 12:00 AM

So, I’m sure I’m over simplifying here but:

You put your third party firewall in the DMZ and 1) are surprised it’s receiving all the traffic despite virtually putting it in front of the router with an in-built firewall and 2) are turning off alarms because your firewall is receiving traffic I can only assume you haven’t blocked on the firewall you want to use… or have you? If you have, I’m even more confused because it then sounds like what you are trying is working.

You put your third party firewall in front of your router to block certain traffic, or let certain traffic through, into your network. Not really a surprise then surely that you can see all the not-yet-blocked traffic, and that it’s not yet blocked before you have blocked it?

To my knowledge BT/EE do not ‘firewall’ traffic before it gets to your router unless you have some kind of parental controls activated somewhere (never needed them so never used them). If it did, then people needing that traffic would never receive it to use Port Forwarding and the such; it would be stopped before it got to you, leading to many angry people.

So sounds to me like it’s working as it should. If not then I am missing something.

View solution in original post

4 REPLIES 4
Go to solution
andyd20duckcom
Investigator
Investigator

‎24-04-2025 06:49 PM

Hello everyone, I have just moved from BT to EE. Over the weekend BT collected their router which I really wanted to keep as iit had more configurable settings than the EE device, unfortunately the wanted £50 for it. Anyway, the EE router is installed and is working, we have phone calls and broadband, but the EE router doesn't appear to be blocking traffic as suggested.

I have a pFsense firewall behind the EE router in the DMZ, the same as I did with BT. the pFsense has had to have the alarms disabled as the EE router isn't blocking ports. The EE router is using its default DHCP settings.

On the screen it states:

andyd20duckcom_0-1745515094476.png

Can someone confirm if it is supposed to block these ports by default even if the device is in the DMZ, or have I been protected in the past by the BT router blocking unsolicited data to the DMZ even when it wasn't supposed to?

21, 22, 23, 25, 53, 80, 110, 137, 138, 139, 143, 443, 445, 548, 587, 993, 995, 1433, 1701, 1723, 3306, 5432, 8008, 8443

The logs have items such as these:

 
andyd20duckcom_17-1745516177982.png

I have tried it another way by using port forwarding but that seems to do the same.

Appreciate the forums thoughts on this, it does look like the DMZ hasn't got any firewall protection at all even though the text on the screen indicates it has, or the data wouldn't be reaching the pFsense (192.168.1.1). Once I know I can make arrangements to accommodate.  And for some reason my last post has been marked as Spam!

0 Helpful
Go to solution
XRaySpeX
EE Community Star
EE Community Star
In response to andyd20duckcom

‎24-04-2025 10:00 PM - edited ‎24-04-2025 10:00 PM

@andyd20duckcom : Your previous thread is still here. I've merged them.

If you think I helped please feel free to hit the "Thumbs Up" button below.

To phone EE CS: Dial Freephone +44 800 079 8586 - Option 1 for Mobile Phone & Mobile Broadband or Option 2 for Home Broadband & Home Phone

ISPs: 1999: Freeserve 48K Dial-Up > 2005: Wanadoo 1 Meg BB > 2007: Orange 2 Meg BB > 2008: Orange 8 Meg LLU > 2010: Orange 16 Meg LLU > 2011: Orange 20 Meg WBC > 2014: EE 20 Meg WBC > 2020: EE 40 Meg FTTC > 2022:EE 80 Meg FTTC SoGEA > 2025 EE 150 Meg FTTP
Go to solution
WillKirk
Skilled Contributor
Skilled Contributor

‎25-04-2025 12:00 AM

So, I’m sure I’m over simplifying here but:

You put your third party firewall in the DMZ and 1) are surprised it’s receiving all the traffic despite virtually putting it in front of the router with an in-built firewall and 2) are turning off alarms because your firewall is receiving traffic I can only assume you haven’t blocked on the firewall you want to use… or have you? If you have, I’m even more confused because it then sounds like what you are trying is working.

You put your third party firewall in front of your router to block certain traffic, or let certain traffic through, into your network. Not really a surprise then surely that you can see all the not-yet-blocked traffic, and that it’s not yet blocked before you have blocked it?

To my knowledge BT/EE do not ‘firewall’ traffic before it gets to your router unless you have some kind of parental controls activated somewhere (never needed them so never used them). If it did, then people needing that traffic would never receive it to use Port Forwarding and the such; it would be stopped before it got to you, leading to many angry people.

So sounds to me like it’s working as it should. If not then I am missing something.

Go to solution
andyd20duckcom
Investigator
Investigator

‎25-04-2025 07:13 AM

Thanks for checking this for me, I expected it was working correctly for a device in the DMZ. 

Appreciate you taking the time to run through what I was seeing, and that my firewall behind the router is performing the task it was designed for.

 

0 Helpful