Advanced Settings

31

NETGEAR DOCSIS 3.0 N900 Wireless Data Gateway

•

Time of Day to Block

. You can specify the time of day to block the computer. The

default is All Day. Be sure that you clear the

All Day

check box if you want to enter

specific times. The selected period applies to each day that you selected.

5.

Click

Apply

.

6.

Repeat these steps for all computers that you want to block.



To stop blocking a computer:

1.

In the MAC Filter List, select the computer.

2.

Clear its

Enable

check box.

The computer remains in the list however it is not blocked.

3.

Click

Apply

.



To remove a computer from the list:

1.

In the MAC Filter List, select the computer.

2.

Click

Delete

.

3.

Click

Apply

.

IP Filtering

By default, any computer is allowed access to the Internet through your gateway. You can

use IP filtering to block specific computers based on their IP addresses from access to the

Internet on selected days and times.



To set up IP filtering:

1.

In the main menu, under Advanced, select

IP Filtering

.

The Trusted Devices table shows computers

that are allowed access to the Internet

through your gateway.

2.

Add device to the IP Filter List as needed:

•

If the computer appears in the Trusted

Devices table, select its radio button to

capture its IP address.

If the computer you want is not listed,

click

Refresh

to update the Trusted

Devices table.

•

If no device name appears, you can type

a name for the computer you are adding;

or enter the IP address of the computer

you want to block.

3.

Click

Add

.

Advanced Settings

32

NETGEAR DOCSIS 3.0 N900 Wireless Data Gateway

The Enable check box is automatically selected.

4.

Select the days to block.

5.

In the Time of Day to Block section, select a start time and an end time. This time range

applies to each day you selected in Day(s) to Block section for the specific computer. All day

is the default value.

6.

Click

Apply

.



To delete a device from the IP Filter List:

1.

In the main menu, under Advanced, select

IP Filtering

.

2.

Select the computer.

3.

Click

Delete

.

4.

Click

Apply

.

Port Blocking

You can use port blocking to block outbound traffic on specific ports. Outbound traffic rules

control access to outside resources from local users. The default rule is to allow all access

from the LAN side to the outside. You can use port blocking to add predefined or custom

rules to specify exceptions to the default rule.

Note:

The default rule allows any outbound traffic not blocked by rules that

you create.



To configure port blocking:

1.

In the main menu, under Advanced, select

Port Blocking

.

2.

From the

Service

list, select the service you want

to block.

3.

To add a custom service that is not in the list of

services, specify these settings in the Add

Custom Service table:

•

Name

. A name for the service.

•

Start Port

. The start port for the service.

•

End Port

. The end port for the service.

•

Protocol

. The protocol for the ports:

-

TCP

. TCP only.

-

UDP

. UDP only.

-

Both

. Both TCP and UDP.

Advanced Settings

33

NETGEAR DOCSIS 3.0 N900 Wireless Data Gateway

•

Local IP Address

. Complete the local IP address for the computer that is using the

service.

4.

Perform one of the following actions:

•

Click

Add

to save your settings. The Active Filters table now displays the list of ports

that are currently blocked.

•

To delete a service, select the radio button in the Active Filters table for the service

that you want to delete, and click

Delete

.

•

To reset the selection in the Services drop-down list and to clear all the fields in the

Add Custom Service table, click

Reset

.

Port Forwarding

A firewall has default rules for inbound traffic (WAN to LAN) and for outbound traffic. Port

forwarding affects the inbound rules. These rules restrict access from outsiders. By default,

the gateway blocks access from outside except for responses to requests from the LAN side.

You can use port forwarding to add rules to specify exceptions to the default rule.

Because the gateway uses Network Address Translation (NAT), your network presents only

one IP address to the Internet, and outside users cannot directly address any of your local

computers. However, by defining an inbound rule you can make a local server (for example,

a web server or game server) or computer visible and available to the Internet. The rule tells

the gateway to direct inbound traffic for a particular service to one local server or computer

based on the destination port number. Directing traffic is also known as port forwarding.

Some residential broadband ISPs do not allow you to run server processes (such as a web or

FTP server) from your location. Your ISP might check for servers and suspend your account

if it finds active services at your location. See the ISP’s Acceptable Use policy.

Pay attention to the following considerations before configuring port forwarding:

•

If the DHCP assigns the IP address of the local server computer, the address might

change when the computer is rebooted. To keep the address from changing, you can

assign a static IP address to your server outside the range that DHCP assigns, but in the

same subnet as your LAN. By default, the IP addresses from 192.168.0.2 through

192.168.0.9 are reserved for this purpose.

•

Local computers must access the local server using the computers’ local LAN address

(192.168.0.XXX, by default). Attempts by local computers to access the server using the

external WAN IP address fail.

•

Port forwarding opens holes in your firewall. Enable only ports that are necessary.



To configure port forwarding and services for specific inbound traffic:

1.

In the main menu, under Advanced, select

Port Forwarding

.

Advanced Settings

34

NETGEAR DOCSIS 3.0 N900 Wireless Data Gateway

2.

From the

Service

list, select the service for

which you want to configure port forwarding.

3.

To add a custom rule that is not in the list of

services, specify these settings in the Add

Custom Service table:

•

Name

. A name for the service.

•

Start Port

. The start port for the service.

•

End Port

. The end port for the service.

•

Protocol

. The protocol for the ports:

-

TCP

. TCP only.

-

UDP

. UDP only.

-

Both

. Both TCP and UDP.

•

Local IP Address

. Complete the local IP

address for the computer that is using the

service.

4.

Perform one of these actions:

•

Click

Add

. The Active Forwarding Rules table displays the list of forwarded ports.

•

To delete a service, select the radio button in the Active Forwarding Rules table for

the service that you want to delete, and click

Delete

.

•

To reset the selection in the

Service

list and to clear all the fields in the Add Custom

Rules, click

Reset

.

Port T

riggering

Port triggering is an advanced feature that you can use to allow gaming and other Internet

applications that the firewall would otherwise block. You must know the port numbers the

application uses. Port triggering operates as follows:

1.

A computer makes an outgoing connection using a port number defined in the Port

Triggering table.

2.

The gateway records this connection, opens the incoming port or ports associated with this

entry in the Port Triggering List, and associates them with the computer.

3.

The remote system receives the computer’s request, and responds using a different port

number.

4.

The gateway matches the response to the previous request, and forwards the response to

the computer. (Without port triggering, this response would be treated as a new connection

request rather than a response. As such, it would be handled in accordance with the port

forwarding rules.)

Advanced Settings

35

NETGEAR DOCSIS 3.0 N900 Wireless Data Gateway

Note:

Only one computer at a time can use port triggering. After a

computer finishes using a port triggering application, there is a short

time-out period before another computer can use the application.



To configure port triggering:

1.

In the main menu, under Advanced, select

Port Triggering

.

2.

For each port trigger, enter the settings in the Port

Triggering List:

•

Trigger Range

. To specify the range of

outgoing ports that are monitored to trigger

the incoming port forwarding rule, enter the

s

tart port

and

end port

.

•

Target Range

. To specify the range of

incoming ports that are opened when

triggered, enter the

start port

and

end port

.

•

Protocol

. Select the protocol for the ports:

-

TCP

. Select TCP only.

-

UDP

. Select UDP only.

-

Both

. Select both TCP and UDP.

3.

Select the

Enable

check box for the port trigger.

4.

Perform one of the following actions:

•

Click

Apply

to save your settings and

activate the port triggers.

•

To remove a port trigger, select its radio button, and click

Delete

.

•

To return all trigger and target ranges to zero, click

Reset

.

DMZ Host

You can use the DMZ Host screen to set up a default DMZ computer. Specifying a default

DMZ computer allows you to set up a computer that is available to anyone on the Internet for

services that you have not defined. To minimize security risks, set up the DMZ host only if

you are willing to risk open access. If you do not define a DMZ host, the gateway discards

any undefined service requests.