1. Home
    2. /
  2. Manuals
    3. /
  3. Gennet-OxyGEN
    4. /
  4. RFA1400.Wv2
    5. /
  5. 20
Page 96 / 237 Scroll up to view Page 91 - 95
OxyGEN
mini
Office
Administrator’s Guide
UPnP / NAT-PMP
UPnP and NAT-PMP are protocols that enable applications on the LAN to operate automatically through
the NAT and Firewall engine of the OxyGEN miniOffice by transparently applying the required port-
forwarding rules.
Through these protocols, the PCs on the LAN notify the OxyGEN miniOffice about
the need for specific port forwarding rules, and the necessary actions are performed without any user
intervention.
Figure 9.3: UPnP Configuration
To enable or disable the UPnP and/or NAT-PMP protocol service:
1. Select Enabled or Disabled using the corresponding radio buttons
2. Click
Apply
.
Note
IP forwarding rules automatically applied through UPnP and/or NAT-PMP are listed in the
Firewall
sub-menu of the
Status Menu
(see page 169).
Gennet s.a.
96
Page 97 / 237
OxyGEN
mini
Office
Administrator’s Guide
IP Filters
The IP filtering service allows the OxyGEN miniOffice to control connection attempts and IP streams in
both the incoming (Internet
LAN) and the outgoing (LAN
Internet) direction. Different services and
applications can be allowed or denied based on the source and/or destination IP address.
Note
The default policy of the OxyGEN miniOffice is that all outgoing connections are allowed
and all incoming connections denied.
Selecting the
IP Filters
option, a list of the configured IP filtering rules is displayed.
Figure 9.4: IP Filtering
You can Edit and Delete configured IP filtering rules by clicking on the icons
and
respectively
of
Action
column.
To configure a new IP filtering rule, click
Add New
and the
IP Filtering Rule
page opens:
1. Enter the type of filter rule in
Filter
field.
Options Drop and Reject both lead to discarded
connection attempts. The difference is that with Drop the connection attempt is rejected silently
whereas Reject sends an ICMP notification packet.
Accept on the other hand, leads to an
acceptance of the connection attempt and subsequent IP traffic.
2. Select the
Source
of the filtered traffic: Using the
Service/Connection
drop-down list, select a
specific Internet connection or LAN Interface Group (private VLANs), --WAN-- to match all Internet
connections or --LAN-- to match the entire LAN (all Interface Groups).
3. Specify if the filtering rule is going to be applied to traffic from any host or only to traffic from a
specific
Host
or
Subnet
. In the former case, the relevant input field must be left blank or set to
0.0.0.0/0. For a single host, on the other hand, enter its IP address, whereas for a sub-network use
the xxx.xxx.xxx.xxx/yy notation (xxx.xxx.xxx.xxx is the network address and yy is the length of the
mask in bits - see
Appendix B
on page 189).
Gennet s.a.
97
Page 98 / 237
OxyGEN
mini
Office
Administrator’s Guide
Figure 9.5: New IP Filter
4. Repeat steps 2 to 3 for the selection of the
Destination
of the filtered traffic.
5. Specify the
Application/Service
being filtered by choosing any of the pre-defined applications in
the
Protocol
drop-down menu or by choosing CUSTOM followed by the protocol
Type
(TCP, UDP
or Both) and the
Port
number.
6. Click
Save
to activate the rule.
WARNING
Enter IP filtering rules with caution! Wrong IP filtering rules can lead to loss of connectivity,
degradation of service and even loss of access to the configuration menu of the OxyGEN
miniOffice.
Gennet s.a.
98
Page 99 / 237
OxyGEN
mini
Office
Administrator’s Guide
Web Filters
The OxyGEN miniOffice offers also a web filtering, parental control service, that allows the selective
rejection of outgoing HTTP requests based on keywords found in the requested URL.
Figure 9.6: Web Filtering
After entering the
Web Filters
web configuration page:
1. Enable or Disable the service using the appropriate
Status
radio button.
2. When Enabled, add URL keywords in the
Blocked Keywords
list.
3. Optionally force all web traffic to pass through an external HTTP proxy server. To this end, check
the
Force upstream proxy
checkbox, and fill-in the
Name
or
IP
and the
Port
of the proxy server.
4. Click
Apply
to save and activate your settings.
Gennet s.a.
99
Page 100 / 237
OxyGEN
mini
Office
Administrator’s Guide
DMZ Filters
A DMZ (DeMilitarized Zone) is a local subnet that can be accessed from the Internet and is usually used
to host Web servers, FTP servers etc. Being a local subnet, the Ethernet ports that are part of the DMZ
and the IP addressing scheme used for the DMZ subnet are configured, like for every LAN service, using
the relevant configuration options of the
Network
configuration menu (see page 69). From a security
point of view, however, the DMZ is treated like a semi-external network using public IP addresses and
kept totally separated from the Data, Voice and Video private LANs. To be more precise:
1. Connections from the Internet towards the DMZ are filtered through the firewall.
2. Connections from the DMZ towards the Internet are allowed and no NAT is applied.
3. Connections from the DMZ towards the LAN (private VLANs) are filtered through the firewall.
4. Connections from the LAN (private VLANs) towards the DMZ are allowed, but NAT is applied
hiding the internal IP addressing scheme.
The
DMZ Filters
sub-menu controls item 1 of the list above, through the configuration of the services
that are allowed to pass the firewall from the Internet towards the hosts in the DMZ.
Figure 9.7: Internet-to-DMZ Protocol Filters
From the list of services/protocols displayed, check the ones that should be allowed through the
firewall and click
Apply
to activate your settings.
Note
Entries corresponding to all allowed services/applications are automatically added to
the list of
IP Filters
, since the
DMZ Filters
functionality can be considered as a special case
of IP fltering. The
IP Filters
sub-menu gives the administrator the freedom to configure
more complex cases, whereas the
DMZ Filters
configuration page presents, in a simpler
form, only Internet
DMZ rules.
Gennet s.a.
100

Rate

4.5 / 5 based on 2 votes.

Popular Gennet-OxyGEN Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top