1. Home
    2. /
  2. Manuals
    3. /
  3. Ericsson
    4. /
  4. MBR L21 4G LTE
    5. /
  5. 8
Page 36 / 122 Scroll up to view Page 31 - 35
MBR L13
User’s
Guide
36
the L13) according to a flexible and configurable set of rules. These rules are designed to prevent unwanted intrusions
from the outside while allowing home users access to the Internet services that they require.
The firewall rules specify what types of services available on the Internet may be accessed from the local network and
what types of services available in the local network may be accessed from the Internet. Each request for a service
that the firewall receives, whether originating in the Internet or from a computer in the home network, is checked
against the set of firewall rules to determine whether the request should be allowed to pass through the firewall. If
the request is permitted to pass, then all subsequent data associated with this request (a "session") will also be
allowed to pass, regardless of its direction.
For example, when you point your Web browser to a Web page on the Internet, a request is sent out to the Internet
for this page. When the request reaches the L13, the firewall will identify the request type and origin
HTTP and a
specific PC in your home network in this case. Unless you have configured access control to block requests of this type
from this specific computer, the firewall will allow the request to pass onto the Internet. When the Web page is
returned from the Web server, the firewall will associate it with this session and allow it to pass, regardless of whether
HTTP access from the Internet to the home network is blocked or permitted. The important issue to note here is that
it is the
origin of the request
, not subsequent responses to this request, that determines whether a session can be
established or not.
These services include Telnet, FTP, HTTP, HTTPS, DNS, IMAP, POP3 and SMTP. The list of allowed services at
Maximum
Security
mode can be edited in the Access Control page. Note: Some applications (such as some Internet messengers
and Peer-To-Peer client applications) tend to use these ports if they cannot connect with their own default ports.
When opening those ports, these applications will not be blocked outbound, even at Maximum Security Level.
To configure L13
basic security settings:
1
.
Navigate to
Services
Firewall
(or
Home
Firewall
).
Figure 37: Firewall - General
2
.
Choose between the three predefined security levels described in the table above.
3
.
Select
Block IP Fragments
to protect the local network from a common type of hacker attack that could make
use of fragmented data packets to sabotage your home network. Note that VPN over IPSec and some UDP-
Page 37 / 122
MBR L13
User’s
Guide
37
based services make legitimate use of IP fragments. You should be careful not to block IP fragments from the
local network if you want to make use of these select services.
4
.
Click
OK
to save the settings.
Note:
Using the Minimum Security setting may expose the home network to significant security risks, and therefore
should only be used when necessary and only for short periods of time.
3.7.1.2
Access Control
You may want to block specific computers within the local network (or even the whole network) from accessing
certain services on the Internet. For example, you may want to prohibit one computer from surfing the Web, another
computer from transferring files using FTP, and the whole network from receiving incoming e-mail. Access Control
defines restrictions on the types of requests that may pass from the local network out to the Internet, and thus may
block traffic flowing in both directions. It can also be used to allow specific services when maximum security is
configured. In the e-mail example given above, you may prevent computers in the local network from receiving e-mail
by blocking their
outgoing
requests to POP3 servers on the Internet. There are numerous services you may want to
consider blocking, such as popular games and file sharing servers.
Note:
When Web Filtering is enabled, HTTP services cannot be blocked by Access Control.
To allow or restrict services:
1
.
In the Firewall menu, click the
Access Control
link. The
Access Control
screen appears.
Figure 38: Firewall - Access Control
2
.
Click the
New Entry
link. The
Add Access Control Rule
screen appears.
Figure 39: Add Access Control Rule
3
.
Under
Address,
select the computer or group of computers on which you would like to apply the access-
control rule. Select an address or a name from the list, or
any
to apply the rule on all the hosts that are
connected to L13 local network.
4
.
Under
Protocol
,
select the type of protocol to use.
To expand the list of available protocols, select
Show All Services
.
Page 38 / 122
MBR L13
User’s
Guide
38
Note
:
When Web Filtering is enabled, HTTP services cannot be blocked.
5
.
To display the following message to the client: “Access Denied –
this computer is not allowed to surf the
WAN. Please contact your admin,” select
Reply an HTML page to the blocked client
.
When this option is
cleared, the client's packets are simply ignored and no notification is issued.
6
.
Under
Schedule
, select a schedule rule that defines the time period during which the access-control rule is to
be applied.
7
.
Click
OK
. The
Access Control
screen displays a list of all the rules that are currently defined, including the rule
you added.
Figure 40: Firewall - Access Control Rules
Once an access-control rule has been defined, you can edit it as necessary.
To modify an access-control rule:
1
.
In the Access Control screen, click the
action icon of the rule. The
Edit Access Control Rule
screen
appears (see
Figure 41: Edit Access Control Rule
).
Figure 41: Edit Access Control Rule
2
.
Edit the parameters as necessary.
3
.
Click the
OK
button to save your changes and return to the Access Control screen.
You can disable an access control rule in order to make a service available without having to remove the rule from the
Access Control screen. This may be useful if you wish to make the service available only temporarily and expect that
you will want to reinstate the restriction in the future.
To temporarily disable a rule:
Clear the check box next to the service name.
Page 39 / 122
MBR L13
User’s
Guide
39
To reinstate a rule at a later time
Reselect the check box.
To remove a rule:
Click the
action icon for the service. The service will be permanently removed.
3.7.1.3
Port Forwarding
In its default state, the L13 blocks all external users from connecting to or communicating with your network.
Therefore the system is safe from hackers who may try to intrude on the network and damage it. However, you may
want to expose your network to the Internet in certain limited and controlled ways in order to enable some
applications to work from the LAN (game, voice and chat applications, for example) and to enable Internet-access to
servers in the local network. The Port Forwarding feature supports both of these functionalities. If you are familiar
with networking terminology and concepts, you may have encountered this topic referred to as "Local Servers".
The
Port Forwarding
screen enables you to define the applications that require special handling by the L13. All you
have to do is select the application's protocol and the local IP address or name of the computer that will be using or
providing the service. If required, you may add new protocols in addition to the most common ones provided by L13.
For example, if you wanted to use a File Transfer Protocol (FTP) application on one of your PCs, you would simply
select
FTP
from the list and enter the local IP address or host name of the designated computer. All FTP-related data
arriving at the L13 from the Internet will henceforth be forwarded to the specified computer.
Similarly, you can grant Internet users access to servers inside your local network, by identifying each service and the
PC that will provide it. This is useful, for example, if you want to host a Web server inside your local network. When an
Internet user points his/her browser to the L13 external IP address, the gateway will forward the incoming HTTP
request to your Web server.
However, there is a limitation that must be considered. With one external IP address (the L13 main IP address),
different applications can be assigned to your LAN computers, however each type of application is limited to use one
computer. For example, you can define that FTP will use address X to reach computer A and Telnet will also use
address X to reach computer A, but attempting to define FTP to use address X to reach both computers A and B will
fail. L13 therefore provides the ability to add additional public IP addresses to port forwarding rules, which you must
first obtain from your ISP and enter into the
NAT IP Addresses Pool
(refer to Section
3.7.1.8). You will then be able to
define FTP to use address X to reach computer A and address Y to reach computer B.
Additionally, port forwarding enables you to redirect traffic to a different port instead of the one to which it was
designated. For example, you have a Web server running on your PC on port 8080 and you want to grant access to this
server to anyone who accesses L13 via HTTP. To accomplish this, you will have to define a port forwarding rule for the
HTTP service, with the PC's IP or host name, as well as specify 8080 in the
Forward to Port
field. All incoming HTTP
traffic will now be forwarded to the PC running the Web server on port 8080.
When setting a port forwarding service, you must ensure that the port is not already in use by another application,
which may stop functioning. A common example is when using SIP signaling in Voice over IP
the port used by the
gateway's VoIP application (5060) is the same port on which port forwarding is set for LAN SIP agents.
To add a new port forwarding service:
1
.
In the WBM, select the
Firewall
menu item under the
Services
tab, and click the
Port Forwarding
link. The
Port Forwarding
screen appears.
Page 40 / 122
MBR L13
User’s
Guide
40
Figure 42: Port Forwarding
2
.
Click the
New Entry
link. The
Add Port Forwarding Rule
screen appears.
Figure 43:
Add Port Forwarding Rule
3
.
Select the
Specify Public IP Address
check box if you would like to apply this rule on the L13 non-default IP
address defined in the
NAT
screen (refer to Section
3.7.1.8.1). The screen refreshes.
Figure 44: Specify Public IP Address
4.
Enter the additional external IP address in the
Public IP Address
field.
5.
The
Local Host
drop-down menu lists your available LAN computers. Select a computer that will provide the
service (the "server"). Note that unless an additional external IP address has been added, only one LAN
computer can be assigned to provide a specific service or application.
6.
The
Protocol
drop-down menu lets you select or specify the type of protocol that will be used. Selecting the
Show All Services
option expands the list of available protocols. Select a protocol.

Rate

4 / 5 based on 1 vote.

Popular Ericsson Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top