User Manual

Aolynk DR811/DR814 ADSL2+Broadband Router

4 Web-based Management

28

Figure 4-16

Advanced NAT configuration

&

Note:

NAT can only be configured when at least one of the following pairs of interface types

are defined:

●

external and internal

●

external and DMZ

●

DMZ and internal

&

Note:

●

Advanced NAT configuration can only be performed when the NAT to internal

interfaces is enabled.

●

Security must be enabled to configure NAT.

4.8 DMZ Configuration

The DMZ feature that DR series routers provide allows hosts in a DMZ zone to perform

unlimited bi-directional communication with other Internet users or servers. This not

only provides a security shelter for internal hosts to normally access the Internet, but

also satisfies the needs to install servers in LANs for services such as FTP and web to

fulfill two-way communication that small- to moderate-sized enterprises call for.

Follow these steps to configure DMZ:

User Manual

Aolynk DR811/DR814 ADSL2+Broadband Router

4 Web-based Management

29

Figure 4-17

DMZ configuration

●

Create a virtual interface as instructed in 4.4 LAN Setting, enter the following

parameters in the corresponding items and click the <Apply> button:

Figure 4-18

Create a virtual interface

The result will appear in a web page, showing that a virtual interface with the name of

item0 has been added into the list.

●

Add a security interface as instructed in 4.7 Security Interface, make settings

according to the following figure, and then click the <Apply> button:

Figure 4-19

Add a security interface

User Manual

Aolynk DR811/DR814 ADSL2+Broadband Router

4 Web-based Management

30

Where item0 is the virtual interface added at the last step.

●

Then, enter the

Port Filters

page of external-dmz (refer to 4.9 Security Policy),

configure to ensure that users under the external interface can access the Internet

services the DMZ zone specifies such as http, ftp, telnet, and so on. Meanwhile,

configure port filtering policies for external-internal to disable users under the

external interface from accessing host services under the internal interface.

●

Finally, configure to allow DMZ hosts to access DMZ zone. Make sure the IP

address of the DMZ host is in the same segment as that of the above configured

virtual interface (for example, configure the IP address as 172.16.1.100, the mask

as 255.255.0.0), enable the corresponding Internet service, and then connect the

host to the LAN port of the router, and configure the corresponding virtual server.

As such, DMZ is completely and securely configured.

4.9 Security Policy

A policy is the collective term for the rules that apply to incoming and outgoing traffic

between two interface types. Firewall must be enabled before you can create policies.

Click

Security

in the Main menu and choose the

Policy

tab in the Main Frame to open

the

Security Policy Configuration

page.

Figure 4-20

Security policy configuration

This page allows you to:

●

Edit a security policy present in the

Current Security Policies

list.

To edit an existing security policy, click the

label to open the web page

Port

Filter

to configure the port filter rules, and/or click the

label to open the

web page

Host Validators

to configure the host validator rules.

User Manual

Aolynk DR811/DR814 ADSL2+Broadband Router

4 Web-based Management

31

Figure 4-21

Firewall port

Figure 4-22

Host validator

&

Definition:

A host validator can be used to restrict data streams from a WAN interface to a LAN

interface or from a LAN interface to a WAN interface.

&

Note:

Security policies take effect only after the firewall starts.

4.10 Trigger

Security triggers are used to deal with application protocols that create separate

sessions. Some application protocols, such as Netmeeting, open secondary

connections during normal operations. Triggers tell the security mechanism to expect

User Manual

Aolynk DR811/DR814 ADSL2+Broadband Router

4 Web-based Management

32

these secondary sessions and instruct it how to handle them. Triggers handle the

situation dynamically, allowing the secondary sessions only when appropriate.

Click

Security

in the Main menu and choose the

Trigger

tab in the Main Frame to open

the

Security Trigger Configuration

page.

Figure 4-23

Security trigger

This page allows you to:

●

View security triggers present in the current security trigger list.

●

Create a new trigger and add it to the current security trigger list.

●

Delete an existing security trigger.

To create a new security trigger, click the

label to open the web page

Add

Trigger

.

Figure 4-24

Add trigger

Configure the trigger as follows: