Cisco RV-120W Router Manual PDF (Setup & Configuration Guide)

Page 86 / 163 Scroll up to view Page 81 - 85

Configuring the Firewall

Configuring Port Forwarding

Cisco RV120W Administration Guide

77

4

To configure port forwarding:

STEP 1

Choose

Firewall

> Port Forwarding.

STEP

2

Click Add.

STEP

3

Choose the action:

•

Always Block—Always block the selected type of traffic.

•

Always Allow—Never block the selected type of traffic.

•

Block by Schedule—Blocks the selected type of traffic according to a

schedule. Choose the schedule from the drop-down list. See

Creating

Firewall Schedules, page 84

.

•

Allow by Schedule—Allows the selected type of traffic according to a

schedule. Choose the schedule from the drop-down list. See

Creating

Firewall Schedules, page 84

.

STEP

4

Under Service, select one of the common or custom services defined for this

device:

•

AIM (AOL Instant Messenger)

•

BGP (Border Gateway Control)

•

BOOTP_CLIENT (Bootstrap Protocol client)

•

BOOTP_SERVER (Bootstrap Protocol server)

•

CU-SEEME (videoconferencing) UDP or TCP

•

DNS (Domain Name System), UDP or TCP

•

FINGER

•

FTP (File Transfer Protocol)

•

HTTP (Hyptertext Transfer Protocol)

•

HTTPS (Secure Hypertext Transfer Protocol)

•

ICMP (Internet Control Message Protocol) type 3 through 11 or 13

•

ICQ (chat)

•

IMAP (Internet Message Access Protocol) 2 or 3

•

IRC (Internet Relay Chat)

Page 87 / 163

Configuring the Firewall

Configuring Port Forwarding

Cisco RV120W Administration Guide

78

4

•

NEWS

•

NFS (Network File System)

•

NNTP (Network News Transfer Protocol)

•

PING

•

POP3 (Post Office Protocol)

•

PPTP (Point-to-Point Tunneling Protocol)

•

RCMD (command)

•

REAL-AUDIO

•

REXEC (Remote execution command)

•

RLOGIN (Remote login)

•

RTELNET (Remote telnet)

•

RTSP (Real-Time Streaming Protocol) TCP or UDP

•

SFTP (Secure Shell File Transfer Protocol)

•

SMTP (Simple Mail Transfer Protocol)

•

SNMP (Simple Network Management Protocol) TCP or UDP

•

SNMP-TRAPS (TCP or UDP)

•

SQL-NET (Structured Query Language)

•

SSH (TCP or UDP)

•

STRMWORKS

•

TACACS (Terminal Access Controller Access-Control System)

•

TELNET (command)

•

TFTP (Trivial File Transfer Protocol)

•

RIP (Routing Information Protocol)

•

IKE

•

SHTTPD (Simple HTTPD web server)

•

IPSEC-UDP-ENCAP (UDP Encapsulation of IPsec packets)

•

IDENT protocol

Page 88 / 163

Configuring the Firewall

Configuring Port Forwarding

Cisco RV120W Administration Guide

79

4

•

VDOLIVE (live web video delivery)

•

SSH (secure shell)

•

SIP-TCP or SIP-UDP

STEP

5

Select the Source IP:

•

Any—Specifies that the rule being created is for traffic from the given

endpoint.

•

Single Address—Limit to one host. Requires the IP address of the host to

which this rule would be applied.

•

Address Range—This is used to apply this rule to a group of computers/

devices within an IP address range. Requires a from IP address and to IP

address.

STEP

6

If you chose Single Address in Step 6, enter the IP address in the Start field.

If you chose Address Range in Step 6, enter the starting IP address of the range in

the Start field and the ending IP address of the range in the Finish field.

STEP

7

If you chose Always Allow, Block by Schedule, or Allow by Schedule in Step 3:

a.

Enter the Destination IP address, or the address where traffic meeting the rule

should be sent.

b.

In the Forward from Port field, choose Same as Incoming Port if the traffic

should be forwarded from the same port number on the outgoing server.

Otherwise, choose Specify Port and enter the port number in the Port Number

field.

c.

In the Forward to Port field, Choose Same as Incoming Port if the traffic should

be sent to the same port on the receiving server. Otherwise, choose Specify

Port and enter the port number in the Port Number field.

STEP

8

Click Save.

Page 89 / 163

Configuring the Firewall

Configuring a DMZ Host

Cisco RV120W Administration Guide

80

4

Configuring a DMZ Host

The Cisco RV120W supports DMZ options. A DMZ is a sub-network that is open to

the public but behind the firewall. DMZ allows you to redirect packets going to

your WAN port IP address to a particular IP address in your LAN. It is

recommended that hosts that must be exposed to the WAN (such as web or e-mail

servers) be placed in the DMZ network. Firewall rules can be allowed to permit

access to specific services and ports to the DMZ from both the LAN or WAN. In

the event of an attack on any of the DMZ nodes, the LAN is not necessarily

vulnerable as well.

You must configure a fixed (static) IP address for the endpoint that will be

designated as the DMZ host. The DMZ host should be given an IP address in the

same subnet as the router's LAN IP address but it cannot be identical to the IP

address given to the LAN interface of this gateway.

STEP 1

Choose Firewall > DMZ Host.

STEP

2

Check the Enable box to enable DMZ on the network.

STEP

3

Enter the IP address for the endpoint that will receive the redirected packets. This

is the DMZ host.

STEP

4

Click Save. You must then configure firewall rules for the zone. See

Creating

Custom Services, page 83

.

Configuring Advanced Firewall Settings

This page allows you to configure many advanced firewall settings.

Configuring One-to-One Network Address Translation (NAT)

One-to-one NAT is a way to make systems behind a firewall that are configured

with private IP addresses appear to have public IP addresses.

To configure one-to-one NAT, choose

Firewall

> Advanced Settings > One-to-One

NAT. The One-to-One-NAT Rules Table lists the available One-To-One NAT rules

that have been configured. It displays the following fields:

Page 90 / 163

Configuring the Firewall

Configuring Advanced Firewall Settings

Cisco RV120W Administration Guide

81

4

•

Private Range Begin—The starting IP address in the private (LAN) IP

address.

•

Public Range Begin—The starting IP address in the public (WAN) IP

address.

•

Range Length—Range length maps one to one private address to public

address up to the given range.

•

Service—Shows configured services. Services for one-to-one NAT allow

you to configure the service to be accepted by the private IP (LAN) address

when traffic is sent to the corresponding public IP address. Configured

services on private IP addresses in the range are accepted when traffic is

available on the corresponding public IP address.

To add a one-to-one NAT rule:

STEP 1

Choose

Firewall

> Advanced Settings > One-to-One NAT.

STEP

2

Click Add.

STEP

3

Enter information in the following fields:

•

Private Range Begin—The starting IP address in the private (LAN) IP

address.

•

Public Range Begin—The starting IP address in the public (WAN) IP

address.

•

Range Length—Range length maps one to one private address to public

address up to the given range.

•

Service—Choose the service for which the rule applies.

STEP

4

Click Save.

Configuring MAC Address Filtering

MAC address filtering allows you to block traffic coming from certain known

machines or devices. The router uses the MAC address of a computer or device

on the network to identify it and block or permit the access. Traffic coming in from

a specified MAC address will be filtered depending upon the policy.

Rate

Popular Cisco Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share