1. Home
    2. /
  2. Manuals
    3. /
  3. Cradlepoint
    4. /
  4. MBR95
    5. /
  5. 13
Page 61 / 137 Scroll up to view Page 56 - 60
CRADLEPOINT
MBR95| USER MANUAL Firmware ver. 3.6.3
NETWORK SETTINGS
FIREWALL
© 2011
CRADLEPOINT, INC.
PLEASE VISIT
HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/
FOR MORE HELP AND RESOURCES
PAGE 59
6.4
Firewall (Advanced Mode only)
The router automatically provides a firewall. Unless you configure the router to the contrary, the router does not respond
to unsolicited incoming requests on any port, thereby making your LAN invisible to cyber attackers.
However, some network applications, such as some Internet gaming systems, cannot run with a tight firewall. Those
applications need to selectively open ports in the firewall to function correctly. The options on this page control ways of
opening the firewall to address the needs of specific types of applications.
6.4.1
Port Forwarding Rules
A port forwarding rule allows traffic from the Internet
to reach a computer on the inside of your network.
For example, a port forwarding rule might be used
to run a Web server.
Exercise caution when adding new rules as they impact the
security of your network.
Click
Add
to create a new port forwarding rule, or select an
existing rule and click
Edit
.
Add/Edit Port Forwarding Rule
Name:
Name your rule.
Use Port Range:
Changes the selection options to allow
you to input a range of ports (if desired).
Internet Port(s):
The port number(s) as you want it
defined on the Internet. Typically these will be the same
as the local port numbers, but they do not have to be.
These numbers will be mapped to the local port numbers.
Local Computer:
Select the IP address of an attached device from the dropdown menu, or manually input the IP
address of a device.
Page 62 / 137
CRADLEPOINT
MBR95| USER MANUAL Firmware ver. 3.6.3
NETWORK SETTINGS
FIREWALL
© 2011
CRADLEPOINT, INC.
PLEASE VISIT
HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/
FOR MORE HELP AND RESOURCES
PAGE 60
Local Port(s):
The port number(s) that corresponds to the service (Web server, FTP, etc) on a local computer or
device. For example, you might input
“80”
in the
Local Port(s)
field to open a port for a Web server on a computer
within your network. The
Internet Port(s)
field could then also be 80, or you could choose another port number that
will be used across the Internet to access your Web server. If you choose a number other than 80 for the Internet
Port, connections to that number will be mapped to 80
and therefore the Web server
within your network.
Protocol:
Select from the following options in the dropdown menu:
o
TCP
o
UDP
o
TCP & UDP
Click
Submit
to save your completed port forwarding rule.
Page 63 / 137
CRADLEPOINT
MBR95| USER MANUAL Firmware ver. 3.6.3
NETWORK SETTINGS
FIREWALL
© 2011
CRADLEPOINT, INC.
PLEASE VISIT
HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/
FOR MORE HELP AND RESOURCES
PAGE 61
6.4.2
IP Filter Rules (Advanced)
An "Incoming" IP filter rule restricts remote access
to computers on your local network. "Outgoing"
filter rules prevent computers on your local network
from initiating communication to the address range
specified in the rule.
This feature is especially useful when combined with port forwarding and/or DMZ to restrict remote access to a specified
host or network range. For example, in order to host a server you might have opened ports with a port forwarding rule that
could expose your LAN to cyber attacks. With an incoming IP filter rule, you can restrict the access to your LAN to only
known devices.
Name:
Name your rule.
Enabled:
Selected by default.
Direction:
“Any,” “Incoming,” or
“Outgoing”
Action:
“Allow” or “Deny”
Protocol:
Any, ICMP, TCP, UDP, GRE,
ESP, or SCTP.
IP Source / IP Destination
Network IP:
Optional field to specify a
matching network IP address for this rule
to match against.
Netmask:
Use this to define a subnet
size this rule will match against.
Port(s):
Use for a single port or a range
of ports. Fill in the left side for a single
port.
Page 64 / 137
CRADLEPOINT
MBR95| USER MANUAL Firmware ver. 3.6.3
NETWORK SETTINGS
FIREWALL
© 2011
CRADLEPOINT, INC.
PLEASE VISIT
HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/
FOR MORE HELP AND RESOURCES
PAGE 62
Use
Network IP
,
Netmask
, and
Port(s)
to specify the ports and addresses for which the rule applies. You can specify a
range of ports or a single port. Similarly, the netmask can be used to define either a range of addresses (i.e.
255.255.255.0) or a single address (255.255.255.255).
If you leave these values blank, then all IP addresses and ports will be included.
IP Source
and
IP Destination
options
can be used to differentiate between the directions that packets go. You could permit packets to come from particular IP
addresses but then not allow packets to return to those addresses.
Example of an IP Filter Rule:
Suppose you have opened a port in your firewall in order to run a server. Someone, Johnny, is abusing that
opening, so you would like to restrict his access. Create a rule that will deny Johnny’s IP address.
Add IP Filter Rule
Name:
No more Johnny
Enabled:
Selected
Direction:
Incoming
Action:
Deny
Protocol:
Any
IP Source
Network IP:
172.22.24.160 (Johnny’s IP address)
Netmask:
255.255.255.255 (This netmask restricts the rule to one single address).
Port(s):
80
Page 65 / 137
CRADLEPOINT
MBR95| USER MANUAL Firmware ver. 3.6.3
NETWORK SETTINGS
FIREWALL
© 2011
CRADLEPOINT, INC.
PLEASE VISIT
HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/
FOR MORE HELP AND RESOURCES
PAGE 63
6.4.3
DMZ: DeMilitarized Zone (Advanced)
A DMZ host is effectively not firewalled in the
sense that any computer on the Internet may
attempt to remotely access network services at the
DMZ IP address. Typical uses involve running a
public Web server or sharing files.
Input the
IP Address
of a single device in your network to create a DeMilitarized Zone for that device. To ensure that the
IP address of the selected device remains consistent, go to the “Reservations” section under
Network Settings
DHCP
Server
and reserve the IP address for the device.
As with port forwarding, use caution when enabling the DMZ feature as it can threaten the security of your
network. Only use DMZ as a last resort.
6.4.4
Firewall Options
Anti-Spoof:
Anti-Spoof checks help protect against
malicious users faking the source address in
packets they transmit in order to either hide
themselves or to impersonate someone else. Once
the user has spoofed their address they can launch
a network attack without revealing the true source
of the attack or attempt to gain access to network services that are restricted to certain addresses.
Packet Normalization:
Normalizing packets helps secure the router in untrusted environments. It does so by "scrubbing"
packets that are ambiguous or might represent a break-in attempt. Packet Normalization also helps insure reliable
connectivity for some WAN devices such as WiMAX modems. Only disable this option if you are sure you do not need it.
Static NAT Ports:
If enabled the source port does not translate in TCP and UDP packets during NAT. Some NAT
traversal protocols such as STUN(T) require that the source port stay the same when traversing the firewall.

Rate

4.5 / 5 based on 2 votes.

Popular Cradlepoint Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top