Gateway User Interface

24

Configuring Advanced Settings

The Edit Advanced Home Network Settings page displays the current IP settings in use by your system for

your home network, and allows you to configure your home network settings. You should adjust these

settings

ONLY

if you are very familiar with computer networking technologies.

The Current Settings panel shows the following information:

•

Router Address. The IP address used by your gateway on the private home network (the default is

192.168.1.254). The gateway has two IP addresses: a private address that it uses on the home

network, and one that is used on the public broadband connection on the Internet. You can change the

home network IP address by changing the home network IP address range.

•

Subnet Mask. The subnet mask is determined by the home network IP address range settings (the

default is 255.255.255.0).

•

DHCP Range. The range of IP addresses used by your system (the default is 192.168.1.33 through

192.168.1.250). IP addresses can be either static (permanently assigned) or dynamic (automatic and

temporary).

Gateway User Interface

25

Editing Address Allocation Settings

The Current Settings panel displays the computers currently on the local network, and their IP address. It

also indicates whether a given computer is receiving its IP address via DHCP or has been manually entered

into the computer (static).

If users enable the Public Network feature, they can choose to have their broadband accessible (non-NAT) IP

addresses assigned automatically via DHCP to computers on the local network. To do so:

1.

Click the

Edit Address Allocation

button. The Edit Address Allocation Settings page opens.

2.

In the Settings panel, select an available IP address from the pulldown menu next to the computer to

which you want an IP address automatically assigned.

3.

Click

Save

.

Users can choose to have the address assigned from any of the available networks. Computers that are

assigned non-routable (private network) addresses will use Network Address Translation (NAT) to access

the internet. Selecting a “DHCP Fixed” entry instructs the gateway to always provide the same address from

the DHCP pool to the specified computer.

Computers on the Public Network are still behind the firewall. To allow inbound traffic to these computers,

the firewall settings specified for that computer must be modified.

Gateway User Interface

26

Firewall Pages

The 2Wire gateway has a professional-grade firewall to help prevent unauthorized users from accessing your

local network. The 2Wire gateway firewall includes the following features:

•

Stateful packet inspection. Blocks common Denial of Service attacks (such as SYN/FIN flooding or

Smurf), and detects and logs TCP and UDP port scans.

•

Stateless packet inspection. Filters specific NetBios traffic, suspicious packets and IP fragments;

blocks packets sent from the private network to the Internet that have spoofed IP addresses.

•

Network Address Translation (NAT). Translates a local network’s IP address to an external address

maintained by the 2Wire gateway, effectively “hiding” the existence of a home network to the Internet.

The 2Wire gateway then uses this external address to communicate with the Internet on behalf of

devices connected to the local network.

•

Port Address Translation (PAT). A function provided by some routers which allows hosts on a LAN to

communicate with the rest of a network (such as the Internet) without revealing their own private IP

address. All outbound packets have their IP address translated to the router’s external IP address.

Replies come back to the router, which then translates them back into the private IP address of the

original host for final delivery. During PAT, each computer on the LAN is translated to the same IP

address, but with a different port number assignment.

•

Inbound and outbound port blocking. Blocks common inbound and outbound protocol types from

passing information to or receiving information from the Internet.

Viewing Your Firewall Summary

The Firewall Summary page provides summary information and links to the most commonly used security-

related features of your system.

Gateway User Interface

27

The Firewall Settings panel displays the Current Settings for your firewall.

•

Default. Unsolicited inbound traffic is not allowed to pass through the firewall.

•

Custom. Applications are associated with computers on your network.

An access list shows the computers (Devices) on your network and the names of the Allowed Applications

for each computer. When you allow application traffic, external users on the Internet can have limited

access to your home network. This access might be required to allow some programs (such as game

servers or instant messaging software) to operate properly.

For example, a remote game player on the Internet might need to contact the game server program that you

have installed on your home network in order to play against you. Normally, the firewall blocks this

communication. By changing the firewall settings, this communication is permitted to pass through a

“pinhole” in the firewall. This function may be referred to as “port-mapping” or “port-forwarding” in your

software program documentation.

Click

VIEW DETAILS

to access the Firewall Details page, which shows a list of all the devices that have

applications configured in the firewall and the details of these configurations.

Gateway User Interface

28

Configuring Firewall Settings

The Edit Firewall Settings page allows you to open select ports, or “pinholes” in the firewall.

You can allow individual applications, or use DMZplus mode. When in DMZplus mode, the designated

computer:

•

Shares your gateway’s IP address (Router Address).

•

Appears as if it is directly connected to the Internet.

•

Has all of the unassigned TCP and UDP ports opened and pointed to it.

•

Can receive unsolicited network traffic from the Internet.

Because all filtered traffic is forwarded to the designated computer, you should use DMZplus mode with

caution. A computer in DMZplus mode is less secure because all available ports are open and all incoming

Internet traffic is directed to this computer.