Page 91 / 270
Scroll up to view Page 86 - 90
Unified Services Router
User Manual
89
External IP address: The rule can be bound to a specific WAN interface
by selecting either the primary WAN or configurable port WAN as the
source IP address for incoming traffic.
This router supports multi-NAT and so the External IP address does not necessarily
have to be the WAN address. On a single WAN interface, multiple public IP
addresses are supported. If your ISP assigns you more than one public IP address,
one of these can be used as your primary IP address on the WAN port , and the
others can be assigned to servers on the LAN or DMZ. In this way the LAN/DMZ
server can be accessed from the internet by its aliased public IP address.
7.
Outbound rules can use Source NAT (SNAT) in order to map (bind) all LAN/DMZ traffic
matching the rule parameters to a specific WAN interface or external IP address (usually
provided by your ISP).
Once the new or modified rule parameters are saved, it appears in the master list of
firewall rules. To enable or disable a rule, click the checkbox next to the rule in the
list of firewall rules and choose Enable or Disable.
The router applies firewall rules in the order listed. As a general rule, you should
move the strictest rules (those with the most specific services or addresses) to the
top of the list. To reorder rules, click the checkbox next to a rule and click up or
down.
Page 92 / 270
Unified Services Router
User Manual
90
Figure 54: Example whe re an outbound SNAT rule is use d to map an
e xte rnal IP addre ss (209.156.200.225) to a private DMZ IP
addre ss (10.30.30.30)
Page 93 / 270
Unified Services Router
User Manual
91
Figure 55: The fire wall rule configuratio n page allows you to de fine the
To/From zone , se rvice , action, sche dule s, and spe cify
source /de stination IP addre sse s as ne e de d.
Page 94 / 270
Unified Services Router
User Manual
92
5.4
Configuring IPv6 Firewall Rules
Advanced > Firewall Settings > IPv6 Firewall Rules
All configured IPv6 firewall rules on the router are displayed in the Firewall Rules
list. This list also indicates whether the rule is enabled (active) or not, and gives a
summary of the From/To zone as well as the services or users that the rule affects.
Figure 56: The IPv6 fire wall rule configuratio n page allows you to de fine
the To/From zone , se rvice , action, sche dule s, and spe cify
source /de stination IP addre sse s as ne e de d.
Page 95 / 270
Unified Services Router
User Manual
93
Figure 57: List of Available IPv6 Fire wall Rule s
5.4.1 Firewall Rule Configuration Examples
Example 1:
Allow inbound HTTP traffic to the DMZ
Situation:
You host a public web server on your local DMZ network. You want to
allow inbound HTTP requests from any outside IP address to the IP address of your
web server at any time of day.
Solution:
Create an inbound rule as follows.
Parameter
Value
From Zone
Insecure (WAN1/WAN2/WAN3)
To Zone
Public (DMZ)
Service
HTTP
Action
ALLOW alw ays
Send to Local Server (DNAT IP)
192.168.5.2 (w eb server IP address)
Destination Users
Any
Log
Never
Example 2:
Allow videoconferencing from range of outside IP addresses
Situation:
You want to allow incoming videoconferencing to be initiated from a
restricted range of outside IP addresses (132.177.88.2 - 132.177.88.254), from a
branch office.
19216811.live