DIR-100 Ethernet Broadband Router

Application Rules

Use the Application Rules menu to configure applications that require multiple connections, such as Internet

Telephony, video conferencing, and Internet gaming. The following window lists six Special Applications

that commonly use more than one connection. To configure one of these applications, tick its corresponding

checkbox and then modify the fields listed below the following figure. The user may add a new application

by modifying the fields listed and then clicking the

Save Settings

button at the top of the window.

Application Rules menu

To enable an already existing Application Rule, click on its corresponding checkbox. To configure other

Application Rules for the Router, type the port or port range or select an application form the pull-down

menu, type a name for the rule and select the traffic type and click the

Save Settings

button at the top of the

window.

The Application Rules listed in the Application pull-down menu are:

•

Battle.net

•

Dialpad

•

ICU II

•

MSN Gaming Zone

•

PC-to-Phone

•

Quick Time 4

40

DIR-100 Ethernet Broadband Router

Access Control

Access Control, or MAC filtering, is a basic security measure that should be used on any network that is

exposed to a security risk. A packet filter system examines data packets and scrutinizes them in order to

control network access. Filtering rules determine whether packets are passed through the Router from either

side of the gateway. The rules are created and controlled by the network administrator and can be precisely

defined. These rules are used to block access to the LAN from outside the network and/or to deny access to

the WAN from within the network.

MAC Filtering menu

MAC Filters

All computers are uniquely identified by their MAC (Media Access Control) address. The following window

will allow users to deny computers access to the Internet or only allow certain computers access to the

Internet, based on their MAC address. To access this window, click the

Advanced

tab along the top of the

configuration window, then the

Access Control

tab to the left hand side.

To configure MAC filters, manually enter a MAC address to be filtered by ticking its corresponding

checkbox and then configuring the desired fields on the window above. Select

Turn MAC Filtering OFF

,

Turn MAC Filtering ON and ALLOW computers listed to access the network

, and

Turn MAC Filtering ON

and DENY computers listed to access the network

from the drop-down menu. When you are finished, click

the

Save Settings

button at the top of the window.

41

DIR-100 Ethernet Broadband Router

Firewall & DMZ

The Firewall & DMZ menu is used to define enforce specific predefined policies intended to protect against

certain common types of attacks.

A DoS "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate

users of a service from using that service. Examples include: attempts to "flood" a network, thereby

preventing legitimate network traffic, attempts to disrupt connections between two machines, thereby

preventing access to a service, attempts to prevent a particular individual from accessing a service, or,

attempts to disrupt service to a specific system or person. To enable this function, tick the

Enable DoS

Prevention

checkbox.

Firewall Rules

To configure rules for the firewall, modify the following fields and click the

Save Settings

button at the top

of the window to set the rule in the Routers memory. Newly configured firewall rules will be displayed in the

Firewall Rules List

at the bottom of the window.

Firewall & DMZ menu

42

DIR-100 Ethernet Broadband Router

DMZ Host

Firewalls may conflict with certain interactive applications such as video conferencing or playing Internet

video games. For these applications, a firewall bypass can be set up using a DMZ IP address. The DMZ IP

address is a “visible” address and does not benefit from the full protection of the firewall function. Therefore

it is advisable that other security precautions be enabled to protect the other computers and devices on the

LAN. It may be wise to use isolate the device with the DMZ IP address from the rest of the LAN.

For example, if you want to use video conferencing and still use a firewall, you can use the DMZ IP address

function. In this case, you must have a PC or server through which video conferencing will take place. The

IP address of this PC or server will then be the DMZ IP address. You can designate the server’s IP address as

the DMZ by typing in the IP address in the

DMZ

IP Address

space provided and then enabling its status by

ticking the

Enable DMZ Host

checkbox. Click the

Save Settings

button at the top of the window when you

are finished.

Advanced Network

The Advanced Netwrok Settings menu is used to disable or enable UpnP, disable Ping responses on the

WAN port and change WAN port speed.

Advanced Network Settings menu

43

DIR-100 Ethernet Broadband Router

UPnP

UPnP supports zero-configuration networking and automatic discovery for many types of networked devices.

When enabled, it allows other devices that support UPnP to dynamically join a network, obtain an IP

address, convey its capabilities, and learn about the presence and capabilities of other devices. DHCP and

DNS service can also be used if available on the network. UPnP also allows supported devices to leave a

network automatically without adverse effects to the device or other devices on the network.

Diverse networking media including Ethernet, 802.11b/g Wireless, Firmware, phone line and power line

networking can support UPnP. To enable UPnP, tick the

Enable UPnP

checkbox.

WAN Ping

This feature allow users to either allow or block a Ping test from outside computers looking to check the

connectivity of your device. This is usually attempted by hackers trying to access your router or computer

from a remote device on the WAN side of the connection. Tick the

Enable WAN Ping Respond

checkbox

to allow WAN pinging of your device.

WAN Port Speed

This section allows the user to set the wire speed over which the router will transmit packets. The user has

three options:

±

10Mbps

– Selecting this option from the drop-down menu will set the wire speed at 10 megabytes

per second.

±

100Mbps

– Selecting this option from the drop-down menu will set the wire speed at 100 megabytes

per second.

±

10/100 Mbps Auto

– Selecting this option from the drop-down menu will allow the wire speed to be

automatically set by the Router depending on the wire speed available at any given time.

NAT

Network Address Translation (NAT) can be disabled on the Router. For normal use as a router it is

recommended that NAT be left at the default setting, enabled. Some applications might not function well

with NAT. Usually this problem can be overcome using port forwarding or DMZ. If NAT is disabled, the

Router will only allow a single computer or server to use the Router for Internet access. Without NAT the

DIR-100 functions as a simple bridge device.

44