Example: Special Applications

If you need to run applications that require multiple connections, then specify the port (outbound) normally associated with

that application in the "Trigger Port" field. Then select the protocol type (TCP or UDP) and enter the public ports associated

with the trigger port to open them up for inbound traffic.

Example:

ID

Trigger Port

Trigger Type

Public Port

Public Type

Comment

1

28800

UDP

2300-2400, 47624

TCP

MSN Game Zone

2

6112

UDP

6112

UDP

Battle.net

In the example above, when a user trigger’s port 28800 (outbound) for MSN Game Zone then the router will allow incoming

packets for ports 2300-2400 and 47624 to be directed to that user.

Note

: Only one LAN client can use a particular special

application at a time.

2.4.4 ALG Settings

You can select applications that need “Application Layer Gateway” to support.

Parameter

Default

Description

Enable

You can select to enable “Application Layer

Gateway” of an application and then the router will

let that application correctly pass though the NAT

gateway.

Click <

Apply>

at the bottom of the screen to save the above configurations. You can now configure other advance sections

or start using the router (with the advance settings in place)

31

2.5 Firewall

The Broadband router provides extensive firewall protection by restricting connection parameters, thus limiting the risk of

hacker attack, and defending against a wide array of common Internet attacks. However, for applications that require

unrestricted access to the Internet, you can configure a specific client/server as a Demilitarized Zone (DMZ).

Note

: To enable the Firewall settings select

Enable

and click

Apply

Parameter

Description

Access Control

Access Control allows you to specify which hosts users can or cannot have access to

certain Internet applications

URL Blocking

URL Blocking allow you to specify which URLs can not be accessed by users.

DoS

The Broadband router's firewall can block common hacker attacks and can log the attack

activities.

DMZ

The DMZ function allows you to re-direct all packets going to your WAN port IP address

to a particular IP address in your LAN.

Click on one of the firewall selections and proceed to the manual’s relevant sub-section

2.5.1 Access Control

If you want to restrict users from accessing certain Internet applications/services (e.g. Internet websites, email, FTP etc.),

then this is the place to set that configuration. Access Control allows users to define the traffic type permitted in your LAN.

You can control which PC client can have access to these services.

Parameter

Description

Filter client PCs by IP

Fill “IP Filtering Table” to filter PC clients by IP.

32

Add PC

You can click Add PC to add an access control rule for users by IP addresses.

Remove PC

If you want to remove some PC from the "IP Filtering Table", select the PC you want to

remove in the table and then click "Delete Selected". If you want remove all PCs from the

table, just click "Delete All" button.

Filter client PC by MAC

address

Check “Enable MAC Filtering” to enable MAC Filtering.

Add PC

Fill in “Client PC MAC Address” and “Comment” of the PC that is allowed to access the

Internet, and then click “Add”. If you find any typo before adding it and want to retype

again, just click "Reset" and the fields will be cleared.

Remove PC

If you want to remove some PC from the "MAC Filtering Table", select the PC you want

to remove in the table and then click "Delete Selected". If you want remove all PCs from

the table, just click "Delete All" button. If you want to clear the selection and re-select

again, just click “Reset”.

You can now configure other advance sections or start using the router (with the advance settings in place)

Add PC

Parameter

Description

Client PC Description

The description for this client PC rule.

Client PC IP Addresses

Enter the IP address range that you wish to apply this Access Control rule. This is the

user’s IP address(es) that you wish to setup an Access Control rule. You can select a

range of users simply by inputting the starting users’ IP address and the last user’s IP

address in the appropriate boxes. If you want to select only one user then input the user’s

IP address in both boxes.

Note:

You need to give your LAN PC clients a fixed/static IP address for the Access

Control rule to work properly.

Client PC Service

You can block the clients from accessing some Internet services by checking the services

you want to block.

Protocol

This allows you to select UDP, TCP or both protocol type you want to block.

Port Range

You can assign up to five port ranges. The router will block clients from accessing

Internet services that use these ports.

Apply Changes

Click “Apply Changes” to save the setting.

Reset

Click “Reset” to clear all fields.

33

Click <

Apply Changes>

at the bottom of the screen to save the above configurations. You can now configure other

advance sections or start using the router (with the advance settings in place)

Example: Access Control

In the example below, LAN client A can only access websites that use Port 80. However, LAN client B is able to access

websites and any other service that uses ports between 80 and 999.

34

2.5.2 URL Blocking

You can block access to some Web sites from particular PCs by entering a full URL address or just keyword of the Web site.

Parameter

Description

Enable URL Blocking

Enable/disable URL Blocking

Add URL Keyword

Fill in “URL/Keyword” and then click “Add”. You can enter the full URL address or the

keyword of the web site you want to block. If you find any typo before adding it and want

to retype again, just click "Reset" and the field will be cleared.

Remove URL Keyword

If you want to remove some URL keyword from the "Current URL Blocking Table", select

the URL keyword you want to remove in the table and then click "Delete Selected". If you

want remove all URL keyword from the table, just click "Delete All" button. If you want to

clear the selection and re-select again, just click “Reset”.

You can now configure other advance sections or start using the router (with the advance settings in place)

2.5.3 Denial of Service (DoS)

The Broadband router's firewall can block common hacker attacks, including Denial of Service, Ping of Death, Port Scan

and Sync Flood.

If Internet attacks occur the router can log the events.

Parameter

Description

Intrusion Detection

Feature

Ping of Death

Protections from Ping of Death attack

Discard Ping From WAN

The router’s WAN port will not respond to any Ping requests

Port Scan

Protection the router from Port Scan.

Sync Flood

Protection the router from Sync Flood attack.

Click <

Apply>

at the bottom of the screen to save the above configurations. You can now configure other advance sections

or start using the router (with the advance settings in place)

35