D-Link DSR-500N Router Manual PDF (Setup & Configuration Guide)

Page 96 / 270 Scroll up to view Page 91 - 95

Unified Services Router

User Manual

94

Solution:

Create an inbound rule as follows. In the example, CUSeeMe (the video

conference service used) connections are allowed only from a specified range of

external IP addresses.

Parameter

Value

From Zone

Insecure (WAN1/WAN2/WAN3)

To Zone

Secure (LAN)

Service

CU-SEEME:UDP

Action

ALLOW alw ays

Send to Local Server (DNAT IP)

192.168.10.11

Destination Users

Address Range

From

132.177.88.2

To

134.177.88.254

Enable Port Forw arding

Yes (enabled)

Example 3:

Multi-NAT configuration

Situation:

You want to configure multi-NAT to support multiple public IP

addresses on one WAN port interface.

Solution:

Create an inbound rule that configures the firewall to host an additional

public IP address. Associate this address with a web server on the DMZ. If you

arrange with your ISP to have more than one public IP address for your use, you can

use the additional public IP addresses to map to servers on your LAN. One of these

public IP addresses is used as the primary IP address of the router. This address is

used to provide Internet access to your LAN PCs through NAT. The other addresses

are available to map to your DMZ servers.

The following addressing scheme is used to illustrate this procedure:



WAN IP address: 10.1.0.118



LAN IP address: 192.168.10.1; subnet 255.255.255.0



Web server host in the DMZ, IP address: 192.168.12.222



Access to Web server: (simulated) public IP address 10.1.0.52

Parameter

Value

From Zone

Insecure (WAN1/WAN2/WAN3)

To Zone

Public (DMZ)

Service

HTTP

Action

ALLOW alw ays

Send to Local Server (DNAT IP)

192.168.12.222 ( w eb server local IP address)

Destination Users

Single Address

Page 97 / 270

Unified Services Router

User Manual

95

E

x

m

p

le 4:

Bloc

Example 4:

Block traffic by schedule if generated from specific range of machines

Use Case:

Block all HTTP traffic on the weekends if the request originates from a

specific group of machines in the LAN having a known range of IP addresses, and

anyone coming in through the Network from the WAN (i.e. all remote users).

Configuration:

1.

Setup a schedule:



To setup a schedule that affects traffic on weekends only, navigate to Security:

Schedule, and

name the schedule “Weekend”



Define “weekend” to mean 12 am Saturday morning to 12 am Monday morning

–

all day Saturday & Sunday



In the Scheduled days b ox, check that you want the schedule to be active for

“specific days”.

Select “Saturday” and “Sunday”



In the scheduled time of day, select “all day” –

this will apply the schedule

between 12 am to 11:59 pm of the selected day.



Click apply

–

now s

chedule “Weekend”

isolates all day Saturday and Sunday

from the rest of the week.

From

10.1.0.52

WAN Users

Any

Log

Never

Page 98 / 270

Unified Services Router

User Manual

96

Figure 58: Sche dule configuratio n for the above e xample .

2.

Since we are trying to block HTTP requests, it is a service with To Zone: Insecure

(WAN1/WAN2/WAN3) that is to be blocked according to schedule

“Weekend”

.

Page 99 / 270

Unified Services Router

User Manual

97

3.

S

elect the Action to “Block by Schedule, otherwise allow”.

This will take a predefined

schedule and make sure the rule is a blocking rule during the defined dates/times. All

other times outside the schedule will not be affected by this firewall blocking rule

4.

As we defined our schedule in schedule

“

Weekend

”

, this is available in the dropdown

menu

5.

We want to block the IP range assigned to the marketing group.

Let’s say they have IP

192.168.10.20 to 192.168.10.30. On the Source Users dropdown, select Address Range

and add this IP range as the from and To IP addresses.

6.

We want to block all HTTP traffic to any services going to the insecure zone. The

Destination Users dropdown should be

“any”.

7.

We d

on’t

need to change default QoS priority or Logging (unless desired)

–

clicking apply

will add this firewall rule to the list of firewall rules.

8.

The last step is to enable this firewall rule. Select

the rule, and click “enable” below the

list to make sure the firewall rule is active

5.5

Security on Custom Services

Advanced > Firewall Settings > Custom Services

Custom services can be defined to add to the list of services available during firewall

rule configuration. While common services have known TCP/UDP/ICMP po rts for

traffic, many custom or uncommon applications exist in the LAN or WAN. In the

custom service configuration menu you can define a range of ports and identify the

traffic type (TCP/UDP/ICMP) for this service. Once defined, the new service will

appear in the services list of the firewall rules configuration menu.

Page 100 / 270

Unified Services Router

User Manual

98

Figure 59: List of use r de fine d se rvice s .

Figure 60: Custom Se rvice s configuratio n

Created services are available as options for firewall rule configuration.

Name: Name of the service for identification and management purposes.

Type: The layer 3 Protocol that the service uses. (TCP, UDP, BOTH, ICMP or

ICMPv6)

Port Type: This fields allows to select Port Range or Multiple Ports

ICMP Type: This field is enabled when the layer 3 protocol (in the Type field) is

selected as ICMP or ICMPv6. The ICMP type is a numeric value that can range

between 0 and 40, while for ICMPv6 the type ranges from 1 to 255. For a list of

Rate

Popular D-Link Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share