Page 56 / 73 Scroll up to view Page 51 - 55
53
Firewall
Packet Filter
Packet filtering enables you to configure your router to block specified internal/external users (IP
address) from Internet access, or you can disable specific service requests (Port number) to / from
the Internet. This configuration program allows you to set up different filter rules for different users
based on their IP addresses or their network Port number. The relationship among all filters is “or”
operation, which means that the router checks these different filter rules one by one, starting from the
first rule. As long as one of the rules is satisfied, the specified action will be taken.
Rule Name:
User defined description for entry identification. The maximum name length is 32
characters, and then can choose an application that they want from the listbox.
Source IP address / Source Subnet Mask:
This is an Address-Filter used to allow or block traffic
to/from particular IP address(es). Enter the IP & subnet mask you want to filter. If you leave empty or
0.0.0.0, it means any IP address.
Destination IP address / Destination Subnet Mask:
This is an Address-Filter used to allow or
block traffic to/from particular IP address(es). Enter the IP & subnet mask you want to filter. If you
leave empty or 0.0.0.0, it means any IP address.
Source Port:
This Port or Port Range defines the ports allowed by the Remote/WAN to connect to
the application. Default is set from range 0 ~ 65535. It is recommended that only advance user is
to configure this feature.
Destination Port:
This is the Port or Port Range that defines the port of the application.
Protocol:
Specify the packet type (TCP, UDP, TCP/UDP) that the rule applies to. Select TCP if you
wish to search for the connection-based application service on the remote server using the port
number. Or select UDP if you want to search for the connectionless application service on the remote
server using the port number.
Direction:
Determine whether the rule is for outgoing packets or for incoming packets.
Add:
Click this button to add a new packet filter rule and the added rule will appear at the bottom
table.
Page 57 / 73
54
Edit:
Check the Rule No. you wish to edit, and then click “Edit”.
Delete:
Check the Rule No. you wish to delete, and then click “Delete”.
MAC Filter
A MAC (Media Access Control) address is the unique network hardware identifier for each PC on your
network’s interface (i.e. its Network Interface Card or Ethernet card). Using your router’s MAC
Address Filter function, you can configure the network to block specific machines from accessing your
LAN.
To filter a specific MAC address, enter the MAC address in the blank provided then press Add.
The format of MAC address-- could be: xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx
Block WAN Ping
This feature is to be enabled when you want the public WAN IP address on your 7800 device not to
respond to any ping command.
When activating Block WAN PING feature, check the Enable box then click the Apply button. This
feature is deactivated by default.
Page 58 / 73
55
Virtual Server
Virtual Server allows you to direct incoming traffic from WAN side (identified by Protocol and
External port) to the Internal server with private IP address on the LAN side. The Internal port is
required only if the external port needs to be converted to a different port number used by the
server on the LAN side.
In TCP and UDP networks a port is a 16-bit number used to identify which application program
(usually a server) incoming connections should be delivered to. Some ports have numbers that are
pre-assigned to them by the IANA (the Internet Assigned Numbers Authority), and these are
referred to as “well-known ports”. Servers follow the well-known port assignments so clients can
locate them.
If you wish to run a server on your network that can be accessed from the WAN (i.e. from other
machines on the Internet that are outside your local network), or any application that can accept
incoming connections (e.g. Peer-to-peer/P2P software such as instant messaging applications and
P2P file-sharing applications) and are using NAT (Network Address Translation), then you need to
configure your router to forward these incoming connection attempts using specific ports to the PC on
your network running the application. You also need to use port forwarding if you wish to host
an online game server.
Examples of well-known and registered port numbers are shown below, for further information,
please see IANA’s website at:
Well-known and Registered Ports
Port Number
Protocol
Description
20
TCP
FTP Data
21
TCP
FTP Control
22
TCP & UDP
SSH Remote Login Protocol
23
TCP
TElnet
25
TCP
SMTP (simple Mail Transfer Protocol)
53
TCP & UDP
DNS (Domain Name Server)
69
UDP
TFTP (Trivial File Transfer Protocol)
80
TCP
World Wide Web HTTP
110
TCP
POP3 (Post Office Protocol version 3)
119
TCP
NEWS (Network News Transfer Protocol)
123
UDP
NTP (Network Time Protocol)
161
TCP
SNMP
443
TCP & UDP
HTTPS
1503
TCP
T.120
1720
TCP
H.323
4000
TCP
ICQ
7070
UDP
Real Audio
Page 59 / 73
56
Port Mapping
Application:
Select the service you wish to configure.
Protocol:
A protocol is automatically applied when an Application is selected from the listbox or
you may select a protocol type which you want.
External Port & Internal Port:
Enter the public port number & range you wish to configure.
Internal IP Address:
Enter the IP address of a specific internal server to which requests from the
specified port is forwarded.
Add:
Click to add a new virtual server rule. Click again and the next figure appears.
Edit:
Check the Edit radio button to display the parameter of the selected application, then after
changing the parameters click the Edit/Delete button to apply the changes.
Delete:
To remove a port mapping application, check the Remove box of the selected application
then click the Edit/Delete button.
Since NAT acts as a “natural” Internet firewall, your router protects your network from accessed by
outside users, as all incoming connection attempts point to your router unless you specifically
create Virtual Server entries to forward those ports to a PC on your network. When your router
needs to allow outside users to access internal servers, e.g. a web server, FTP server, Email server
or game server, the router can act as a “virtual server”. You can set up a local server with
a specific port number for the service to use, e.g. web/HTTP (port 80), FTP (port 21), Telnet (port
23), SMTP (port 25), or POP3 (port 110). When an incoming access request the router for a
specified port is received, it is forwarded to the corresponding internal server.
For example, if you set the port number 80 (Web/HTTP) to be mapped to the IP Address
192.168.1.2, then all incoming HTTP requests from outside users are forwarded to the local server
(PC) with the IP address of 192.168.1.2. If the port is not listed as a predefined application, you need
to add it manually.
In addition to specifying the port number used, you also need to specify the protocol used. The
protocol is determined by a particular application. Most applications use TCP or UDP, however you
may also specify other protocols using the drop-down Protocol menu. Setting the protocol to “all”
causes all incoming connection attempts using all protocols on all port numbers to be forwarded to the
specified IP address.
Page 60 / 73
57
DMZ
The DMZ Host is a local computer exposed to the Internet. When setting a particular internal IP
address as the DMZ Host, all incoming packets that do not use a port number which is already
used by any other Virtual Server entries will first be checked by the Firewall and NAT algorithms
before it is passed to the DMZ host.

Rate

3.5 / 5 based on 2 votes.

Popular BEC Technologies Models

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top