Page 71 / 133 Scroll up to view Page 66 - 70
Using the Web-Based Advanced User Interface
69
section
2
1
3
4
5
6
7
8
9
10
11
12
Configuring the Firewall
Your Router is equipped with a firewall that will protect your network
from a wide array of common hacker attacks including:
• IP Spoofing
• SYN flood
• Land Attack
• UDP flooding
• Ping of Death (PoD)
• Tear Drop Attack
• Denial of Service (DoS)
• ICMP defect
• IP with zero length
• RIP defect
• Smurf Attack
• Fragment flooding
• TCP Null Scan
The firewall also masks common ports that are frequently used to
attack networks. These ports appear to be “Stealth”, meaning that for
all intents and purposes, they do not exist to a would-be hacker. You
can turn the firewall function off if needed, however, it is recommended
that you leave the firewall enabled. Disabling the firewall protection will
not leave your network completely vulnerable to hacker attacks, but it
is recommended that you leave the firewall enabled.
Downloaded from
www.Manualslib.com
manuals search engine
Page 72 / 133
70
Using the Web-Based Advanced User Interface
Configuring Internal Forwarding Settings
The Virtual Servers function will allow you to route external (Internet)
calls for services such as a web server (port 80), FTP server (Port 21),
or other applications through your Router to your internal network.
Since your internal computers are protected by a firewall, computers
outside your network (over the Internet) cannot get to them because
they cannot be “seen.” A list of common applications has been
provided in case you need to configure the Virtual Server function for
a specific application. If your application is not listed, you will need to
contact the application vendor to find out which port settings you need.
Choosing an Application
Select your application from the drop-down list. Click “Add”. The
settings will be transferred to the next available space in the screen.
Click “Apply Changes” to save the setting for that application. To
remove an application, select the number of the row that you want to
remove then click “Clear”.
Manually Entering Settings into the Virtual Server
To manually enter settings, enter the IP address in the space provided
for the internal (server) machine, the port(s) required to pass, select the
port type (TCP or UDP), and click “Apply Changes”. Each inbound port
entry has two fields with 5 characters maximum per field that allows a
start and end port range, e.g. [xxxxx]-[xxxxx]. For each entry, you can
enter a single port value by filling in the two fields with the same value
(e.g. [7500]-[7500] or a wide range of ports (e.g. [7500]-[9000]). If you
need multiple single port value or mixture of ranges and a single value,
you must use multiple entries up to the maximum of 20 entries (e.g.
1. [7500]-[7500], 2. [8023]-[8023], 3. [9000]-[9000]). You can only pass
one port per internal IP address. Opening ports in your firewall can
pose a security risk. You can enable and disable settings very quickly.
It is recommended that you disable the settings when you are not using
a specific application.
Downloaded from
www.Manualslib.com
manuals search engine
Page 73 / 133
Using the Web-Based Advanced User Interface
71
section
2
1
3
4
5
6
7
8
9
10
11
12
Setting Client IP Filters
The Router can be configured to restrict access to the Internet, e-mail,
or other network services at specific days and times. Restriction can be
set for a single computer, a range of computers, or multiple computers.
To restrict Internet access to a single computer for example, enter the
IP address of the computer you wish to restrict access to in the IP
fields
(1)
. Next, enter “80” in both the port fields
(2)
. Select “Both”
(3)
.
Select “Block”
(4)
. You can also select “Always” to block access all
of the time. Select the day to start on top
(5)
, the time to start on
top
(6)
, the day to end on the bottom
(7)
, and the time to stop
(8)
on
the bottom. Select “Enable”
(9)
. Click “Apply Changes”. The computer
at the IP address you specified will now be blocked from Internet
access at the times you specified.
Note:
Be sure you have selected the
correct time zone under “Utilities> System Settings> Time Zone”.
(1)
(2)
(3)
(4)
(7)
(8)
(9)
(5)
(6)
Downloaded from
www.Manualslib.com
manuals search engine
Page 74 / 133
72
Using the Web-Based Advanced User Interface
Setting MAC Address Filtering
The MAC address filter is a powerful security feature that allows you
to specify which computers are allowed on the network. Any computer
attempting to access the network that is not specified in the filter list
will be denied access. When you enable this feature, you must enter
the MAC address of each client (computer) on your network to allow
network access to each. The “Block” feature lets you turn on and off
access to the network easily for any computer without having to add
and remove the computer’s MAC address from the list.
To enable this feature, select “Enable MAC Address Filtering”
(1)
.
Next, enter the MAC address of each computer on your network by
clicking in the space provided
(2)
and entering the MAC address of
the computer you want to add to the list. Click “Add”
(3)
, then “Apply
Changes” to save the settings. To delete a MAC address from the list,
simply click “Delete” next to the MAC address you wish to delete. Click
“Apply Changes” to save the settings.
Note:
You will not be able to delete the MAC address of the computer
you are using to access the Router’s administrative functions (the
computer you are using now).
(1)
(2)
(3)
Downloaded from
www.Manualslib.com
manuals search engine
Page 75 / 133
Using the Web-Based Advanced User Interface
73
section
2
1
3
4
5
6
7
8
9
10
11
12
Enabling the Demilitarized Zone (DMZ)
The DMZ feature allows you to specify one computer on your network
to be placed outside of the firewall. This may be necessary if the
firewall is causing problems with an application such as a game or
video conferencing application. Use this feature on a temporary basis.
The computer in the DMZ is NOT protected from hacker attacks.
To put a computer in the DMZ, enter the last digits of its IP address in
the IP field and select “Enable”. Click “Apply Changes” for the change
to take effect. If you are using multiple static WAN IP addresses, it is
possible to select which WAN IP address the DMZ host will be directed
to. Type in the WAN IP address you wish the DMZ host to direct to,
enter the last two digits of the IP address of the DMZ host computer,
select “Enable” and click “Apply Changes”.
Downloaded from
www.Manualslib.com
manuals search engine

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top