Page 31 / 62 Scroll up to view Page 26 - 30
Using the Configuration Interface
31
D-Link Systems, Inc.
Firewall
A firewall protects your network from the outside world. The D-Link Gaming Router offers a firewall
type functionality. The SPI feature helps prevent cyber attacks. Sometimes you may want a computer
exposed to the outside world for certain types of applications. If you choose to expose a computer,
you cam enable DMZ. DMZ is short for Demilitarized Zone. This option will expose the chosen computer
completely to the outside world.
Firewall Settings
SPI (Stateful Packet Inspection, also known as dynamic packet filtering)
helps to prevent cyber attacks by tracking more state per session. It validates
that the traffic passing through the session conforms to the protocol. When
SPI is enabled, the extra state information will be reported on the Status >
Active sessions page.
If an application has trouble working from behind the router, you can expose
one computer to the Internet and run the application on that computer.
Note: Placing a computer in the DMZ may expose that computer to a variety
of security risks. Use of this option is only recommended as a last resort.
Specify the IP address of the computer on the LAN that you want to have
unrestricted Internet communication. If this computer obtains it’s IP address
automatically using DHCP, be sure to make a static reservation on the Basic
> DHCP page so that the IP address of the DMZ machine does not change.
After you’ve completed all modifications or deletions, you must click the
Save Settings
button at the
top of the page to save your changes. The router must reboot before new settings will take effect. You
will be prompted to
Reboot the Device
or
Continue
. If you need to make additional settings changes,
click
Continue
. If you are finished with your configuration settings, click the
Reboot the Device
button.
Enable SPI:
Enable DMZ:
DMZ IP Address:
Advanced > Firewall
Downloaded from
www.Manualslib.com
manuals search engine
Page 32 / 62
Using the Configuration Interface
32
D-Link Systems, Inc.
Inbound Filters
The Inbound Filters option is an advanced method of controlling data received from the Internet. With
this feature you can configure inbound data filtering rules that control data based on IP Address,
Protocol, and/or Port.
The Inbound Filter option is best suited for custom applications. For most applications you should use
Virtual Server, Special Applications, or the Gaming section to create rules that will allow applications
to communicate through the router.
Add/Edit Inbound Filter Rule
Enables inbound filtering.
Enter a name for the rule that is meaningful to you.
The rule can be set to either allow or deny applicable messages.
Defines the range of Internet addresses this rule applies to.
Select the protocol used for this rule.
Enter the range of ports that this rule applies to.
Enter the range of WAN side ports associated with the servers on the LAN
that this rule applies to.
Select a schedule for the times when this rule should be in effect. If you do
not see the schedule you need in the list of schedules, go to the Tools >
Schedules screen and create a new schedule.
Check this option if you want the router to add an entry to the log whenever
a rule is enforced.
Saves the new rule or modified existing rule to the Rules list. When you are
done editing the settings, you must click the Save Settings button at the top
of the page to make the changes effective and permanent.
Inbound Filter Rules List
This section lists the current Inbound Filter rules. Entries can be modified by clicking on the paper
and pencil icon. To delete an entry, click on the trash can icon. After you’ve completed all modifications
or deletions, you must click the
Save Settings
button at the top of the page to save your changes.
The router must reboot before new settings will take effect. You will be prompted to
Reboot the
Device
or
Continue
. If you need to make additional settings changes, click
Continue
. If you are
finished with your configuration settings, click the
Reboot the Device
button.
Enable:
Name:
Action:
Source IP Range:
Protocol:
Source Port Range:
Public Port Range:
Schedule:
Log:
Save:
Advanced > Inbound Filters
Downloaded from
www.Manualslib.com
manuals search engine
Page 33 / 62
Using the Configuration Interface
33
D-Link Systems, Inc.
Configuring an Inbound Filter Rule
When the Rule List is empty or none of the rules are enabled, all inbound data that corresponds to a
connection that originated from inside the router or which corresponds to a Virtual Server, Gaming,
or Special Application Rule is ALLOWED by default.
When rules are configured, the router compares incoming data packets against the rules in the list. It
is very important to understand that the router examines each rule one by one in the order that they
are listed in the Rule list until it finds a match. The packet will either be DENIED (Dropped) or ALLOWED.
Once a match has been made, no further rules will be examined for that packet. If no rules match the
data packet, it is ALLOWED. This means that to allow only a specific subset of traffic usually requires
more than one rule to be entered.
Example:
You have configured a game server, using the Advanced > Gaming page, to play HALO: Combat
Evolved with some friends. You would like to limit the access to your network and server to specific
times of the day and only to your friends.
Next you would define a schedule on the Tools > Schedule page, called Gametime, which specifies
a schedule of Friday and Saturday between 7PM and 11PM.
All of your friends use the same service provider and have IP addresses 67.150.220.117,
67.150.231.43, and 67.150.231.75. You have an option of defining a set of rules to match each one of
these addresses individually or you may just decide that using an IP range that covers all of them is
sufficient for your needs.
The first rule is to configure a DENY rule that will catch all of the traffic that arrives on these ports but
does not match data from the sources you want to have access to your network. It is important to
enter the DENY rule first since all subsequent rules will be added higher in the list and will be checked
first. It should look similar to the figure on the right.
Notice that it covers all Source IP Address, Source Ports, and Times (Always), but is specifically tied
to the Public Ports defined in the Game Rule List. This is because you do not want to accidentally
block traffic for other applications. It is a good idea to turn on the log for this rule so that you can check
in the log for anything that is filtered inappropriately.
Next configure the ALLOW rules. In the example on the right, two rules are used to cover the three IP
addresses.
Downloaded from
www.Manualslib.com
manuals search engine
Page 34 / 62
Using the Configuration Interface
34
D-Link Systems, Inc.
Tools
Admin
The Admin option is used to set a password for access to the Web-based management. By default
there is no password configured. It is highly recommended that you create a password to keep your
new router secure.
Password
Enter a password the will grant access to the Web-based management
interface.
Administration
The name of the router can be changed here.
Enabling this allows you to manage the router from anywhere with an Internet
connection.
The port that will be accessed from the Internet.
The amount of time before the administration session is closed when there
is no activity.
Note: This applies to local or remote administration.
Save and Restore Configuration
This option allows you to save the router configuration to a file on your
computer. Be sure to save the configuration before performing a firmware
upgrade.
Use this option to load previously saved router configuration settings.
Password:
Gateway Name:
Remote Management:
Remote Management
Server Port:
Admin Idle Timeout:
Save Settings:
Restore Settings:
Tools > Admin
Downloaded from
www.Manualslib.com
manuals search engine
Page 35 / 62
Using the Configuration Interface
35
D-Link Systems, Inc.
Time
The Time Configuration option allows you to configure, update, and maintain the correct time on the
internal system clock.
From this section you can set the time zone that you are in and set the Time
Server. Daylight Saving can also be configured to automatically adjust the time when needed.
Time Configuration
Select your local time zone from pull down menu.
Check this option if your location observes daylight saving time.
Select the time offset if your location observes daylight saving time.
Select this option if you want the router’s clock synchronized to a Time
Server over the Internet. If you are using schedules or logs, this is the best
way to ensure that the schedules and logs are kept accurate
Select a Time Server for synchronization. You can type in the address of a
time server or select one from the list. If you have trouble using one server,
select another.
Set the Date and Time
If you do not have the NTP Server option in effect, you can either manually set the time for your
router here or you can click the Copy Your Computer’s Time Settings button to copy the time from the
computer you are using (Note: Be sure the computer’s time is set correctly).
Note: If the router loses power for any reason, it cannot keeps its clock running and will not have the
correct time when it is started again. To maintain the correct time for schedules and logs, either you
must enter the correct time after you restart the router or you must enable the NTP Server option.
Time Zone:
Daylight Saving Enable:
Daylight Saving Offset:
Synchronize time with
NTP server:
NTP Server:
Tools > Time
Downloaded from
www.Manualslib.com
manuals search engine

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top