Using the Configuration Interface

41

D-Link Systems, Inc.

Inbound Filters

The Inbound Filters option is an advanced method of controlling data received from the Internet. With

this feature you can configure inbound data filtering rules that control data based on IP Address,

Protocol, and/or Port.

The Inbound Filter option is best suited for custom applications. For most applications you should use

Virtual Server, Special Applications, or the Gaming section to create rules that will allow applications

to communicate through the router.

Add/Edit Inbound Filter Rule

Enables inbound filtering.

Enter a name for the rule that is meaningful to you.

The rule can be set to either allow or deny applicable messages.

Defines the range of Internet addresses this rule applies to.

Select the protocol used for this rule.

Enter the range of ports that this rule applies to.

Enter the range of WAN side ports associated with the servers on the LAN

that this rule applies to.

Select a schedule for the times when this rule should be in effect. If you do

not see the schedule you need in the list of schedules, go to the Tools >

Schedules screen and create a new schedule.

Check this option if you want the router to add an entry to the log whenever

a rule is enforced.

Saves the new rule or modified existing rule to the Rules list. When you are

done editing the settings, you must click the Save Settings button at the top

of the page to make the changes effective and permanent.

Inbound Filter Rules List

This section lists the current Inbound Filter rules. Entries can be modified by clicking on the paper and

pencil icon. To delete an entry, click on the trash can icon. After you’ve completed all modifications or

deletions, you must click the

Save Settings

button at the top of the page to save your changes. The

router must reboot before new settings will take effect. You will be prompted to

Reboot the Device

or

Continue

. If you need to make additional settings changes, click

Continue

. If you are finished

with your configuration settings, click the

Reboot the Device

button.

Enable:

Name:

Action:

Source IP Range:

Protocol:

Source Port Range:

Public Port Range:

Schedule:

Log:

Save:

Advanced > Inbound Filters

Using the Configuration Interface

42

D-Link Systems, Inc.

Configuring an Inbound Filter Rule

When the Rule List is empty or none of the rules are enabled, all inbound data that corresponds to a

connection that originated from inside the router or which corresponds to a Virtual Server, Gaming,

or Special Application Rule is ALLOWED by default.

When rules are configured, the router compares incoming data packets against the rules in the list.

It is very important to understand that the router examines each rule one by one in the order that

they are listed in the Rule list until it finds a match. The packet will either be DENIED (Dropped) or

ALLOWED. Once a match has been made, no further rules will be examined for that packet. If no

rules match the data packet, it is ALLOWED. This means that to allow only a specific subset of traffic

usually requires more than one rule to be entered.

Example:

You have configured a game server, using the Advanced > Gaming page, to play HALO: Combat

Evolved with some friends. You would like to limit the access to your network and server to specific

times of the day and only to your friends.

Next you would define a schedule on the Tools > Schedule page, called Gametime, which specifies

a schedule of Friday and Saturday between 7PM and 11PM.

All of your friends use the same service provider and have IP addresses 67.150.220.117,

67.150.231.43, and 67.150.231.75. You have an option of defining a set of rules to match each one

of these addresses individually or you may just decide that using an IP range that covers all of them

is sufficient for your needs.

The first rule is to configure a DENY rule that will catch all of the traffic that arrives on these ports

but does not match data from the sources you want to have access to your network. It is important

to enter the DENY rule first since all subsequent rules will be added higher in the list and will be

checked first. It should look similar to the figure on the right.

Notice that it covers all Source IP Address, Source Ports, and Times (Always), but is specifically tied

to the Public Ports defined in the Game Rule List. This is because you do not want to accidentally

block traffic for other applications. It is a good idea to turn on the log for this rule so that you can

check in the log for anything that is filtered inappropriately.

Next configure the ALLOW rules. In the example on the right, two rules are used to cover the three

IP addresses.

Using the Configuration Interface

43

D-Link Systems, Inc.

Advanced Wireless

Advanced Wireless Settings

This setting should remain at its default setting of 3200. If you experience

a high packet error rate, you may slightly adjust your “Fragmentation” value

somewhere in the between the recommended range of 256 to 3200. Setting

the Fragmentation value too low may result in poor performance.

This setting should remain at its default setting of 3200. If you encounter

inconsistent data flow, only minor modifications to the value are

recommended.

Beacons are packets sent by a wireless router to synchronize wireless

devices. Specify a Beacon Period value between 20 and 1000. The default

value is set to 100 milliseconds.

The default value is set to 1. Valid settings are between 1 and 255. A DTIM

is a countdown informing clients of the next window for listening to broadcast

and multicast messages. When the wireless router has buffered broadcast

or multicast messages for associated clients, it sends the next DTIM with

a DTIM Interval value. Wireless clients hear the beacons and awaken to

receive the broadcast and multicast messages.

This enables 802.11d opration.

802.11d

is a wireless specification

developed to allow implementation of wireless networks in countries that

cannot use the 802.11 standard. This feature should only be enabled if you

are in a country that requires it.

When WDS is enabled, this access point functions as a wireless bridge and

is able to wirelessly communicate with other AP’s via WDS links.

Note: WDS is incompatible with WPA. Both features cannot be used at

the same time. A WDS link is bidirectional so this AP must know the MAC

address (creates the WDS link) of the other AP, and the other AP must have

a WDS link back to this AP (the router).

Specifies one-half of the WDS link. The other AP must also have the MAC

address of this AP (the router) to create the WDS link back to the router.

Advanced > Advanced Wireless

Fragmentation

Threshold:

RTS Threshold:

Beacon Period:

DTIM Interval:

802.11d Enable:

WDS Enable:

WDS AP MAC Address:

Using the Configuration Interface

44

D-Link Systems, Inc.

Tools

Admin

The Admin option is used to set a password for access to the Web-based management. By default

there is no password configured. It is highly recommended that you create a password to keep your

new router secure.

Password

Enter a password the will grant access to the Web-based management

interface.

Administration

The name of the router can be changed here.

Enabling this allows you to manage the router from anywhere with an

Internet connection.

The port that will be accessed from the Internet.

The amount of time before the administration session is closed when there

is no activity.

Note: This applies to local or remote administration.

Save and Restore Configuration

This option allows you to save the router configuration to a file on your

computer. Be sure to save the configuration before performing a firmware

upgrade.

Use this option to load previously saved router configuration settings.

Password:

Gateway Name:

Enable Remote

Management:

Remote Management

Server Port:

Admin Idle Timeout:

Save Settings:

Restore Settings:

Tools > Admin

Using the Configuration Interface

45

D-Link Systems, Inc.

Time

The Time Configuration option allows you to configure, update, and maintain the correct time on the

internal system clock.

From this section you can set the time zone that you are in and set the Time

Server. Daylight Saving can also be configured to automatically adjust the time when needed.

Time Configuration

Select your local time zone from pull down menu.

Check this option if your location observes daylight saving time.

Select the time offset if your location observes daylight saving time.

Select this option if you want the router’s clock synchronized to a Time

Server over the Internet. If you are using schedules or logs, this is the best

way to ensure that the schedules and logs are kept accurate

Select a Time Server for synchronization. You can type in the address of a

time server or select one from the list. If you have trouble using one server,

select another.

Set the Date and Time

If you do not have the NTP Server option in effect, you can either manually set the time for your

router here or you can click the Copy Your Computer’s Time Settings button to copy the time from

the computer you are using (Note: Be sure the computer’s time is set correctly).

Note: If the router loses power for any reason, it cannot keeps its clock running and will not have the

correct time when it is started again. To maintain the correct time for schedules and logs, either you

must enter the correct time after you restart the router or you must enable the NTP Server option.

Time Zone:

Daylight Saving Enable:

Daylight Saving Offset:

Synchronize time with

NTP server:

NTP Server:

Tools > Time