Page

36

/

84

4.

Port Filters

This page all

ows you to enter ranges of destination ports (applications) that you don’t want your LAN

PCs to send packets to. Any packets your LAN PCs send to these destination ports will be blocked. For

example, you could block access to worldwide web browsing (http = port 80) but still allow email service

(SMTP port 25 and POP-3 port 110). To enable port filtering, set Start Port and End Port for each range,

and click Apply. To block only one port, set both Start and End ports with the same value.

Fig.2-18 Advanced\Port Filters

You can add a blank row to the list by clicking

“

Add row

”

button. Entering the port range and protocol

that you want to block and then clicking

“

Save

”

button for saving the configuration.

Check the

“

Delete

”

option of a row and then clicking

“

Save

”

button for deleting the row.

The protocol option can be Both, UDP or TCP. Both of UDP and TCP port will be blocked if

“

Both

”

was

selected.

Page

37

/

84

5.

Forwarding

For LAN



WAN communications, the gateway normally only allows you to originate an IP connection

with a PC on the WAN; it will ignore attempts of the WAN PC to originate a connection onto your PC.

This protects you from malicious attacks from outsiders. However, sometimes you may wish for anyone

outside to be able to originate a connection to a particular PC on your LAN if the destination port

(application) matches one you specify.

Fig. 2-19 Advanced\Forwarding

You can add a blank row to the list by clicking

“

Add row

”

button. Entering the public port range, target

IP address, target port range and protocol that you want to forward and then clicking

“

Save

”

button for

saving the configuration.

Check the

“

Delete

”

option of a row and then clicking

“

Save

”

button for deleting the row.

The protocol option can be Both, UDP or TCP. Both of UDP and TCP port will be blocked if

“

Both

”

was

selected.

Page

38

/

84

6.

Port Triggers

Some Internet activities, such as interactive gaming, require that a PC on the WAN side of your gateway

be able to originate connections during the game with your game playing PC on the LAN side. You could

use the Advanced-Forwarding web page to construct a forwarding rule during the game, and then remove

it afterwards (to restore full protection to your LAN PC) to facilitate this. Port triggering is an elegant

mechanism that does this work for you, each time you play the game.

Fig. 2-20 Advanced\Port Triggers

Port Triggering works as follows. Imagine you want to play a particular game with PCs somewhere on

the Internet. You make one time effort to set up a Port Trigger for that game, by entering into

Trigger

Start Port

and

Tigger End Port

the range of destination ports your game will be sending to, and

entering into

Target Start Port

the range of destination ports the other player (on the WAN side) will be

sending to (ports your PC

’s game receives on). Application programs like games publish this information

in user manuals. Later, each time you play the game, the gateway automatically creates the forwarding

rule necessary. This rule is valid until 10 minutes after it sees game activity stop. After 10 minutes, the

rule becomes inactive until the next matched outgoing traffic arrives.

e.g., suppose you specify Trigger Range from 6660 to 6670 and Target Range from 113 to 113. An

outbound packet arrives at the gateway with your game-playing PC source IP address 192.168.0.10,

destination port 666 over TCP/IP. This destination port is within the Trigger destined for port 113 to your

game-playing PC at 192.168.0.10.

Page

39

/

84

7.

DMZ Host

Use this page to designate one PC on your LAN that should be left accessible to all PCs from the WAN

side, for all ports. e.g., if you put an HTTP server on this machine, anyone will be able to access that

HTTP server by using your gateway IP address as the destination. A setting of “0” indicates NO DMZ

PC. “Host” is another Internet term for a PC connected to the Internet.

Fig.2-21 Advanced\DMZ Host

Page

40

/

84

8.

Firewall

These pages allow you to enable, disable, and configure a variety of firewall features associated with web

browsing, which uses the HTTP protocol and transports HTML web pages. On these pages, you designate

the gateway packet types you want to have forwarded or blocked. You can activate settings by checking

them and clicking

“

Save

”

button.

The web-related filtering features you can activate from the Firewall page include Filter Cookies, Filter

Java Applets, Filter ActiveX, Filter Popup Windows, Block Fragmented IP Packets, Port Scan Detection,

IP Flood Detection, and Firewall Protection.

Fig. 2-22 Advanced\Firewall