YML733 Rev1

NB4 User Guide

www.netcomm.com.au

41

Access Control

Use Access Control to configure advanced security functions by customising the NB4

Firewall.

The default 'Firewall On' setting blocks all anonymous Internet traffic.

Access

control enables the user to selectively direct such traffic, for example to a Web Host in the

DMZ or to specific ports opened for such applications as Web, Telnet or FTP.

CAUTION: This dialog box indicates that you should not disable LAN Web Access or else

you might not be able to connect to the device. If you become locked out of the

device

perform a Factory Default Reset as detailed on page 16 of this manual.

To configure Access Control, click on Advanced>Firewall>Access Control

This will reveal the Enable Access Control screen.

The default configuration enables Telnet, Web, FTP and SSH access FROM the LAN TO the

WAN.

Access FROM the WAN to the LAN is not available in the default configuration.

NB4 User Guide

YML733Rev1

42

www.netcomm.com.au

Enable Access Control: check this box to enable selective access from the WAN to your LAN

for applications of the class indicated by the relevant check boxes. If Access Control is not

enabled, the individual check boxes cannot be checked.

If Access Control is enabled, and an Enable WAN checkbox is selected, then WAN access to

the matching service is enabled.

In other words, for example, if your were to enable Telnet

access on the WAN you could then manage and configure your NB4 from anywhere on the

Internet via Telnet.

Caution:

Enabling WAN access to the NB4reduces security…

IP Access List: This enables you to specify which LAN/WAN IP addresses are allowed access

to the NB4 configuration services specified.

YML733 Rev1

NB4 User Guide

www.netcomm.com.au

43

IP Filters

The IP filters page allows you to specify Normal Port Forwards,

Block ALL traffic to specific

LAN Clients or specify Custom IP filters that will control the flow of data across the router.

Custom IP filters (Often also refered to as 'Access Control Lists' ) allow you to specify

individual rules that will deny traffic by defining the following;

■

Source IP address or IP Subnet

■

Destination IP address or Subnet

■

Port or Port range

■

Protocol

Customer IP filter are different from Port forwards, or Block All traffic because they allow

greater scopes of IP addresses to be included in the block.

To access IP Filters, click on Advanced>Firewall>IP Filters.

NOTE:

You must have at least one LAN Client in your LAN clients table before IP filters

can be created. To create a LAN Client, see the section above on LAN Clients

under the Advanced Menu.

NB4 User Guide

YML733Rev1

44

www.netcomm.com.au

DMZ Settings

A DMZ (demilitarized zone) is a computer host or small network inserted as 'neutral territory'

between a private LAN and the Internet. It prevents outside users from getting direct access to

LAN computers while still being able to access services hosted on the designated DMZ

Computer. When using NAPT to share your internet connection, LAN computers will still be

able to access the Internet when the DMZ host is enabled. Any direct communication to the

WAN port of the NB4 that is not a reply to the original NAPT request is forwarded to the DMZ

host.

Select Advanced>Firewall>DMZ.

Check box 'Enable DMZ'.

New IP:

Click on New IP to add a LAN Client which can be specified as DMZ

Host; for more info on adding LAN Clients

see 'Adding LAN Clients'

above.

YML733 Rev1

NB4 User Guide

www.netcomm.com.au

45

Tools

The Tools section allows you to save the configuration, restart the gateway, update the gateway

firmware, setup user and remote log information and run Ping and Modem tests.