Vigor2800 Series User’s Guide

40

Protocol

Select the transport layer protocol (TCP or UDP).

Public Port

Specify which port can be redirected to the specified

Private IP

and Port

of the internal host.

Private IP

Specify the private IP address of the internal host providing the

service.

Private Port

Specify the private port number of the service offered by the

internal host.

Active

Check this box to activate the port-mapping entry you have

defined.

Note that the router has its own built-in services (servers) such as Telnet, HTTP and FTP etc.

Since the common port numbers of these services (servers) are all the same, you may need to

reset the router’s in order to avoid confliction.

For example, the built-in web configurator in the router is with default port 80, which may

conflict with the web server in the local network, http://192.168.1.13:80. Therefore, you need

to

change the router’s http port to

any one other than the default port 80

to avoid

conflict, such as 8080. This can be set in the

System Maintenance >>Management Setup

.

You then will access the admin screen of by suffixing the IP address with 8080, e.g.,

http://192.168.1.1:8080 instead of port 80.

3.3.2 DMZ Host

As mentioned above,

Port Redirection

can redirect incoming TCP/UDP or other traffic on

particular ports to the specific private IP address/port of host in the LAN. However, other IP

protocols, for example Protocols 50 (ESP) and 51 (AH), do not travel on a fixed port. Vigor

router provides a facility

DMZ Host

that maps ALL unsolicited data on any protocol to a

single host in the LAN. Regular web surfing and other such Internet activities from other

clients will continue to work without inappropriate interruption.

DMZ Host

allows a defined

internal user to be totally exposed to the Internet, which usually helps some special

applications such as Netmeeting or Internet Games etc.

Vigor2800 Series User’s Guide

41

The inherent security properties of NAT are somewhat bypassed if you set up DMZ

host. We suggest you to add additional filter rules or a secondary firewall.

Click

DMZ Host

to open the following page:

If you previously have set up

WAN Alias

in

Internet Access>>PPPoE/PPPoA

or

Internet

Access>>MPoA,

you will find them in

Aux. WAN IP list

for your selection.

Enable

Check to enable the DMZ Host function.

Private IP

Enter the private IP address of the DMZ host, or click Choose PC

to select one.

Choose PC

Click this button and then a window will automatically pop up, as

depicted below. The window consists of a list of private IP

addresses of all hosts in your LAN network. Select one private IP

address in the list to be the DMZ host.

Vigor2800 Series User’s Guide

42

When you have selected one private IP from the above dialog, the

IP address will be shown on the following screen. Click OK to

save the setting.

3.3.3 Open Ports

Open Ports

allows you to open a range of

ports for the traffic of special applications.

Common application of Open Ports includes P2P application (e.g., BT, KaZaA, Gnutella,

WinMX, eMule and others), Internet Camera etc. Ensure that you keep the application

involved up-to-date to avoid falling victim to any security exploits.

Click

Open Ports

to open the following page:

Index

Indicate the relative number for the particular entry that you want to

offer service in a local host. You should click the appropriate index

number to edit or clear the corresponding entry.

Comment

Specify the name for the defined network service.

Aux. WAN IP

Display the private IP address of the local host that you specify in

WAN Alias. If you did not specify any IP address in WAN Alias,

this item will not be shown.

Local IP Address

Display the private IP address of the local host offering the service.

Vigor2800 Series User’s Guide

43

Status

Display the state for the corresponding entry. X or V is to represent

the

Inactive

or

Active

state.

To add or edit port settings, click one index number on the page. The index entry setup page

will pop up. In each index entry, you can specify

10

port ranges for diverse services.

Enable Open Ports

Check to enable this entry.

Comment

Make a name for the defined network application/service.

Local Computer

Enter the private IP address of the local host or click Choose PC to

select one.

Choose PC

Click this button and, subsequently, a window having a list of

private IP addresses of local hosts will automatically pop up. Select

the appropriate IP address of the local host in the list.

Protocol

Specify the transport layer protocol. It could be

TCP

,

UDP

, or

-----

(none) for selection.

Start Port

Specify the starting port number of the service offered by the local

host.

End Port

Specify the ending port number of the service offered by the local

host.

Vigor2800 Series User’s Guide

44

3.4 Firewall

3.4.1 Basics for Firewall

While the broadband users demand more bandwidth for multimedia, interactive applications,

or distance learning, security has been always the most concerned. The firewall of the Vigor

router helps to protect your local network against attack from unauthorized outsiders. It also

restricts users in the local network from accessing the Internet. Furthermore, it can filter out

specific packets that trigger the router to build an unwanted outgoing connection.

The most basic security concept is to set user name and password while you install your

router. The administrator login will prevent unauthorized access to the router configuration

from your router.

If you did not set password during installation; you can go to

System Maintenance

to set up

your password.

Firewall Facilities

The users on the LAN are provided with secured protection by the following firewall

facilities:

z

User-configurable IP filter (Call Filter/ Data Filter).

z

Stateful Packet Inspection (SPI): tracks packets and denies unsolicited incoming data

z

Selectable Denial of Service (DoS) /Distributed DoS (DDoS) attacks protection

z

URL Content Filter