1. Home
    2. /
  2. Manuals
    3. /
  3. DrayTek
    4. /
  4. Vigor 2830
    5. /
  5. 31
Page 151 / 357 Scroll up to view Page 146 - 150
Vigor2830 Series User’s Guide
139
If you previously have set up
WAN Alias
for
PPPoE
or
Static or Dynamic IP
mode in
WAN2 interface
,
you will find them in
Aux. WAN IP
for your selection.
Enable
Check to enable the DMZ Host function.
Private IP
Enter the private IP address of the DMZ host, or click Choose PC
to select one.
Choose PC
Click this button and then a window will automatically pop up, as
depicted below. The window consists of a list of private IP
addresses of all hosts in your LAN network. Select one private IP
address in the list to be the DMZ host.
When you have selected one private IP from the above dialog, the
IP address will be shown on the following screen. Click
OK
to
save the setting.
Page 152 / 357
Vigor2830 Series User’s Guide
140
4.3.3 Open Ports
Open Ports
allows you to open a range of
ports for the traffic of special applications.
Common application of Open Ports includes P2P application (e.g., BT, KaZaA, Gnutella,
WinMX, eMule and others), Internet Camera etc. Ensure that you keep the application
involved up-to-date to avoid falling victim to any security exploits.
Click
Open Ports
to open the following page:
Index
Indicate the relative number for the particular entry that you
want to offer service in a local host. You should click the
appropriate index number to edit or clear the corresponding
entry.
Comment
Specify the name for the defined network service.
Local IP Address
Display the private IP address of the local host offering the
service.
Status
Display the state for the corresponding entry. X or V is to
represent the
Inactive
or
Active
state.
To add or edit port settings, click one index number on the page. The index entry setup page
will pop up. In each index entry, you can specify
10
port ranges for diverse services.
Page 153 / 357
Vigor2830 Series User’s Guide
141
Enable Open Ports
Check to enable this entry.
Comment
Make a name for the defined network application/service.
WAN IP
Specify the WAN IP address that will be used for this entry. This
setting is available when WAN IP Alias is configured.
Local Computer
Enter the private IP address of the local host or click
Choose PC
to select one.
Choose PC -
Click this button and, subsequently, a window
having a list of private IP addresses of local hosts will
automatically pop up. Select the appropriate IP address of the
local host in the list.
Protocol
Specify the transport layer protocol. It could be
TCP
,
UDP
, or
-----
(none) for selection.
Start Port
Specify the starting port number of the service offered by the
local host.
End Port
Specify the ending port number of the service offered by the
local host.
Page 154 / 357
Vigor2830 Series User’s Guide
142
4.4 Firewall
4.4.1 Basics for Firewall
While the broadband users demand more bandwidth for multimedia, interactive applications,
or distance learning, security has been always the most concerned. The firewall of the Vigor
router helps to protect your local network against attack from unauthorized outsiders. It also
restricts users in the local network from accessing the Internet. Furthermore, it can filter out
specific packets that trigger the router to build an unwanted outgoing connection.
Firewall Facilities
The users on the LAN are provided with secured protection by the following firewall facilities:
z
User-configurable IP filter (Call Filter/ Data Filter).
z
Stateful Packet Inspection (SPI): tracks packets and denies unsolicited incoming data
z
Selectable Denial of Service (DoS) /Distributed DoS (DDoS) attacks protection
IP Filters
Depending on whether there is an existing Internet connection, or in other words “the WAN
link status is up or down”, the IP filter architecture categorizes traffic into two:
Call Filter
and
Data Filter
.
z
Call Filter -
When there is no existing Internet connection,
Call Filter
is applied to all
traffic, all of which should be outgoing. It will check packets according to the filter rules.
If legal, the packet will pass. Then the router shall
“initiate a call”
to build the Internet
connection and send the packet to Internet.
z
Data Filter
- When there is an existing Internet connection,
Data Filter
is applied to
incoming and outgoing traffic. It will check packets according to the filter rules. If legal,
the packet will pass the router.
The following illustrations are flow charts explaining how router will treat incoming traffic
and outgoing traffic respectively.
Page 155 / 357
Vigor2830 Series User’s Guide
143
Stateful Packet Inspection (SPI)
Stateful inspection is a firewall architecture that works at the network layer. Unlike legacy
static packet filtering, which examines a packet based on the information in its header, stateful
inspection builds up a state machine to track each connection traversing all interfaces of the
firewall and makes sure they are valid. The stateful firewall of Vigor router not just examine
the header information also monitor the state of the connection.
Denial of Service (DoS) Defense
The
DoS Defense
functionality helps you to detect and mitigate the DoS attack. The attacks
are usually categorized into two types, the flooding-type attacks and the vulnerability attacks.
The flooding-type attacks will attempt to exhaust all your system's resource while the
vulnerability attacks will try to paralyze the system by offending the vulnerabilities of the
protocol or operation system.
The
DoS Defense
function enables the Vigor router to inspect every incoming packet based on
the attack signature database. Any malicious packet that might duplicate itself to paralyze the
host in the secure LAN will be strictly blocked and a Syslog message will be sent as warning, if
you set up Syslog server.
Also the Vigor router monitors the traffic. Any abnormal traffic flow violating the pre-defined
parameter, such as the number of thresholds, is identified as an attack and the Vigor router will
activate its defense mechanism to mitigate in a real-time manner.
The below shows the attack types that DoS/DDoS defense function can detect:
1. SYN flood attack
2. UDP flood attack
3. ICMP flood attack
4. Port Scan attack
5. IP options
6. Land attack
7. Smurf attack
8. Trace route
9. SYN fragment
10. Fraggle attack
11. TCP flag scan
12. Tear drop attack
13. Ping of Death attack
14. ICMP fragment
15. Unknown protocol
Below shows the menu items for Firewall.

Rate

4.7 / 5 based on 3 votes.

Popular DrayTek Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top