Page 66 / 216 Scroll up to view Page 61 - 65
Administrator’s Handbook
66
Enter the
Source IP
Address
or
Destination IP
Address
this filter will match on.
As you create new Matches, the pulldown items change. There can only be one match from each Match Type
for a given rule. Match Types like Source Port, Destination Port, and TCP Flags are only available if other
matches (for example, Protocol =TCP) have previously been created.
Select
Protocol
, if necessary, from the pull-down menu:
ICMP
,
TCP
,
UDP
, or
None
to specify any another IP
transport protocol.
If you chose
by number
, enter the
Protocol by number
here.
If you chose
by name
, enter the
Protocol by name
here.
Enter the
Source Port
this filter will match on.
Enter the
Destination Port
this filter will match on.
If you selected
ICMP
, enter the
ICMP Type
here.
When you are finished configuring the filter, click the
Enter Match
button.
The filter is automatically saved.
Page 67 / 216
67
Packet Filter Rules List
Your entries are displayed as a table.
NOTE:
Default Forwarding Filter
If you create one or more filters that have a matching action of forward, then action on a packet
matching none of the filters is to block any traffic.
Therefore, if the behavior you want is to force the routing of a certain type of packet and pass all oth-
ers through the normal routing mechanism, you must configure one filter to match the first type of
packet and apply Force Routing. A subsequent filter is required to match and forward all other pack-
ets.
Management IP traffic
If the Force Routing filter is applied to source IP addresses, it may inadvertently block communica-
tion with the router itself. You can avoid this by preceding the Force Routing filter with a filter that
matches the destination IP address of the Gateway itself.
Example:
Assume a configured Custom Service/Hosted Application for an internal web server whose Global Port Range is
8080-8080. Also assume that we want to allow only one external subnet access to this internal server,
207.53.17.0/24. And finally, assume that we want to disallow one IP address on that subnet, 207.53.17.9, from
access to that same server (perhaps they were abusing the system in some way). The rules we need are:
Input
Rules:
Rule
Order
Action
Source IP
Destination IP
Protocol
Source
Port
Destination
Port
1
Drop
207.53.17.9
-
TCP
8080
Page 68 / 216
Administrator’s Handbook
68
Port Warnings
:
If the packet filter or port forwarding rule involves TCP port 80 or 3389; or UDP port 47806, 43962,
69, 123, or 53; or If you attempt to add or change a match such that this occurs AND if running in
VDSL/Ethernet mode, the following warning will appear.
2
Pass
207.53.17.0/24
-
TCP
8080
3
Drop
-
-
TCP
8080
Page 69 / 216
69
Link: NAT/Gaming
When you click the
NAT/Gaming
link, the
NAT/Gaming
page appears.
NAT/Gaming
allows you to host internet applications when NAT is enabled. You can host different games and
software on different PCs.
From the
Service
pull-down menu, you can select any of a large number of predefined games and software. (See
List of Supported Games and Software
” on page
73
.)
In addition to choosing from these predefined services you can also select a user defined custom service. (See
Custom Services
” on page
71
.)
For each supported game or service, you can view the protocols and port ranges used by the game or service by
clicking the
Service Details
button. For example:
Select a hosting device from the
Needed by Device
pull-down menu.
1.
Once you choose a software service or game, click
Add
.
2.
Select a PC to host the software from the Select Host Device pull-down menu and
click
Save
.
Page 70 / 216
Administrator’s Handbook
70
Each time you enable a software service or game your entry will be added to the list of
Service
names dis-
played on the NAT Configuration page.
To remove a game or software from the hosted list, choose the game or software you want to remove and click the
Remove
button.

Rate

4 / 5 based on 3 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top