DSL-504T DSL Router User

’

s Guide

38

Firewall

Firewall Configuration Menu

When DoS, Port Scan, or Service Filtering Protection is enabled, it will create a firewall policy to

protect your network against the following:

Dos Protection

Port Scan Protection

Service Filtering

SYN Flood check

ICMP Redirection check

Nmap/FIN attack

URG/PSH attack

Xmas Tree Scan

Null Scan attack

SYN/RST attack

SYN/FIN Scan

Ping from WAN

Telnet from WAN

FTP from WAN

DNS from WAN

IKE from WAN

RIP from WAN

DHCP from WAN

The Firewall Configuration menu allows

the

Router

to

enforce

specific

predefined policies intended to protect

against

certain

common

types

of

attacks. There are two general types of

protection (DoS, Port Scan) that can be

enabled on the Router, as well as

filtering

for

specific

packet

types

sometimes used by hackers.

You can choose to

Enable

or

Disable

protection against a customized basket

of attack and scan types. To enable

DoS

Protection

or

Port

Scan

Protection

, select the

Enable

radio

button for the protection type and click

in the selection boxes for the various

types of protection listed under each.

Note

DSL-504T DSL Router User

’

s Guide

39

A DoS "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent

legitimate users of a service from using that service. Examples include: attempts to "flood" a

network, thereby preventing legitimate network traffic, attempts to disrupt connections between

two machines, thereby preventing access to a service, attempts to prevent a particular individual

from accessing a service, or, attempts to disrupt service to a specific system or person.

Port scan protection is designed to block attempts to discover vulnerable ports or services that

might be exploited in an attack from the WAN.

The Service Filtering options allow you to block FTP, Telnet response, Pings, etc, from the external

network. Check the category you want to block to enable filtering of that type of packet.

When you have selected the desired Firewall policies, click the

Apply

button to enforce the policies.

Remember to save any configuration changes.

NAT

Network Address Translation (NAT) may be disabled on the Router. This should only be disabled if

there are specific reasons to do so. When NAT is disabled on the Router it is not possible to allow

more that one computer or server (any single IP address on the LAN) to access the Internet unless

some form of NAT is provided by another system.

NAT can be enabled or disabled system-wide. If you are using multiple connections (Multiple PVCs)

the status of NAT will be the same for all IP routed connections.

NAT Enable/Disable Menu

To disable or enable NAT, select the desired option

Enabled

or

Disabled

from the pull-down menu

and click the

Apply

button.

DSL-504T DSL Router User

’

s Guide

40

ATM

The ATM menu allows the user to adjust ATM Quality of Service (QoS) or traffic parameters to suit

specific traffic requirements. For applications or circumstances where packet loss or packet delay

are a concern, ATM QoS can be adjusted to minimize problems. For most accounts, it will not be

necessary to change these settings. Altering QoS settings can adversely affect performance of

some commonly used Internet applications.

If you plan to change QoS or traffic parameters, contact your ISP or network services provider for

information on what types of adjustment are available or possible for your account. Your ISP may

not support the class of service you want to use.

The ATM menu is also used to enable IGMP forwarding (IGMP Proxy).

ATM Virtual Circuit configuration menu

To set new QoS parameters, use the

PVC

drop-down menu to select the connection you want to

configure. Select the

Service Category

and type in the allowable bandwidth settings.

Click the

Apply

button to put the new settings into effect, remember to save the new settings and reboot

the Router.

See the table below for a description of the traffic and QoS parameters.

DSL-504T DSL Router User

’

s Guide

41

The ATM menu parameters are described as follows:

Parameter

Description

PVC

Select the connection to adjust QoS settings from the drop-down menu.

Service Category

UBR

–

Unspecified Bit Rate, this is the default category used for general-

purpose Internet traffic where normal levels of packet loss and delay are

acceptable. For some applications or for multiple connection accounts, it

may be desirable to specify the PCR.

CBR

–

Constant Bit Rate, usually used in circumstances where very low

packet loss and very low Cell Delay Variable (CDV) are desirable.

VBR

–

Variable Bit Rate, usually used when network traffic is characterized

by bursts of packets at variable intervals, and some moderate packet loss

and delay is acceptable. This category is typically used for audio and video

applications such as teleconferencing. The network must support QoS Class

2 to use VBR.

PCR

Peak Cell Rate

–

The PCR is inversely related to the time interval between

ATM cells. It is specified for all three service categories in Kbps.

SCR

Sustainable Cell Rate

–

The SCR is defined for Variable Bit Rate service.

This is the rate that can be sustained for

“

bursty

”

, on-off traffic sources. It

is a function of Maximum Burst Size (MBS) and the time interval (between

cells).

IGMP Proxy

To allow the Router to forward IGMP packets through the WAN port. Select

the Enabled radio button and click

Apply

. The IGMP Proxy is enabled or

disabled for all connections on multiple connection accounts.

DSL-504T DSL Router User

’

s Guide

42

Static Routing

Use Static Routing to specify a route used for data traffic within your Ethernet LAN or to route data

on the WAN. This is used to specify that all packets destined for a particular network or subnet use

a predetermined gateway.

Static Routing menu

To add a static route to a specific destination IP on the local network, enter a

Destination

IP

address,

Netmask

, then click the

Gateway

radio button and type in the Gateway

’

s IP address.

Click

Apply

to enter the new static route in the table below. The route becomes active immediately

upon creation.

To add a static route to a specific destination IP on the WAN, click the Connection radio button and

choose a connection from the pull-down menu, then enter a

Destination

IP address and

Netmask

.

Click

Apply

to enter the new static route in the table below. The route becomes active immediately

upon creation

To remove a static route from the table in the bottom half of the window, choose to

Delete

it from

the table and click the

Apply

button. Remember to save the configuration changes.