Wireless Cable Voice Gateway Model CBVG834G Adminstrators User Manual

3-6

Protecting Your Network

v1.0, February 2008

Enabling or Disabling Content Filtering Services

You can use the Services screen to disable or enable certain gateway features. From the main

menu, select Services. The Services screen displays:

Selecting the check box for a service enables it. Clearing the check box disables the corresponding

service. If you make changes, then you must click

Apply

in order for the changes to take effect.

The services are described as follows:

•

Firewall Features

.

Enabled by default. The gateway will perform stateful packet inspection

(SPI) and protect against Denial of Service (DoS) attacks.

•

Ipsec Pass-Through

. Enabled by default. IPSec and PPTP traffic will be forwarded. When it

is disabled, this traffic will be blocked.

•

PPTP Pass-Through

. Enabled by default. PPTP traffic will be forwarded. When it is disabled,

this traffic will be blocked.

•

Multicast.

Enabled by default. The gateway can pass multicasting streams through the

firewall.

•

Web Features

. Disabled by default. If enabled, certain Web-oriented features such as cookies,

java scripts, or pop-up windows will be blocked by the firewall. For example, if you enable

Filter Cookies

, many websites will not allow you to access their site.

Note:

To go to the Services screen, you must be logged in as

MSO

.

Figure 3-4

Wireless Cable Voice Gateway Model CBVG834G Adminstrators User Manual

Protecting Your Network

3-7

v1.0, February 2008

Using MAC Filtering to Block Access

By default, any computer has access to the Internet through your gateway. MAC Filtering allows

you to block access to the Internet to any computer on your LAN based on the hardware MAC

address of its Ethernet or wireless adapter.

To configure MAC Filtering:

1.

Log in to the gateway at its default LAN address by entering

, the parent

user name

MSO

, and default password of

changeme

; or use whatever password and LAN

address you have chosen for the gateway.

2.

Under the Advanced heading on the main menu, select MAC Filtering. The MAC Filtering

screen displays:

The Trusted Devices table is at the top of this screen. It shows devices that are currently connected

to the wireless voice gateway.

Note:

To configure MAC Filtering, you must be logged in as

MSO

.

Figure 3-5

Wireless Cable Voice Gateway Model CBVG834G Adminstrators User Manual

3-8

Protecting Your Network

v1.0, February 2008

To add a device to the Trusted Devices table:

1.

Select a device using one of the following methods:

•

If the device is in the Trusted Devices table, click the radio button of that PC to capture is

MAC address.

•

If the device is not in the Trusted Devices table, you can manually enter the MAC address

of the PC you want to block. If no Device Name displays when you enter its MAC

address, you can type a descriptive name in the

Device Name

field.

2.

Click

Add

. The device is listed in the Trusted Devices table.

To delete a device from the Trusted Devices table:

1.

Select the MAC address of the PC from the Trusted Devices table.

2.

Click

Delete

to delete the entry.

3.

Click

Apply

to activate the settings.

Inbound and Outbound Rules

You can use firewall rules to block or allow specific traffic passing through from one side to the

other. Inbound rules (WAN to LAN) restrict access by outsiders to private resources, selectively

allowing only specific outside users to access specific resources. Outbound rules (LAN to WAN)

determine what outside resources local users can have access to.

A firewall has two default rules, one for inbound traffic and one for outbound. The default rules of

the gateway are:

•

Inbound:

Block all access from outside except responses to requests from the LAN side.

Instructions for setting up inbound rules can be found in

“Port Forwarding” on page 3-10

•

Outbound:

Allow all access from the LAN side to the outside. Use Port Blocking to set up

outbound rules (see

“Enabling or Disabling Content Filtering Services” on page 3-6

).

You may define more rules that specify exceptions to the default rules. By adding custom rules,

you can block or allow access based on the service or application, source or destination IP

addresses, and time of day.

Wireless Cable Voice Gateway Model CBVG834G Adminstrators User Manual

Protecting Your Network

3-9

v1.0, February 2008

Port Blocking

You can use Port Blocking to block outbound traffic on specific ports.

To configure port blocking:

1.

Under the Advanced heading on the main menu, select Port Blocking. The Port Blocking

screen displays.

2.

Select the service that you want to block from the

Add Predefined Services

drop-down list. If

the service that you want to block is not in the predefined list, you can add a custom service.

3.

Enter the range of ports that you want to block and select whether the ports are TCP, UDP or

Both.

4.

Enter the Local IP Address for the computer to which this rule will apply.

5.

Click

Add

. The selected service is added to the Port Filter List

Blocking a Rule by Day or Time

To specify specific days or times to block a rule:.

1.

From the

Port Filter List

, select a rule, and then select the corresponding

Enable

check box.

2.

Select the check box for the

Day(s) to Block

when you want to apply the rule.

Figure 3-6

Wireless Cable Voice Gateway Model CBVG834G Adminstrators User Manual

3-10

Protecting Your Network

v1.0, February 2008

3.

For the time of day, either select the

All Day

check box or specify a

Start Time

and

End Time

from the pull-down menus.

4.

Click

Add

. The new Port Blocking rule is in the Outbound Rules table.

To delete an existing rule:

1.

Select the rule from the

Port Filter List

.

2.

Click

Delete

.

Port Forwarding

You can use port forwarding to set up a rule that directs inbound traffic for a particular service to a

local server (for example, a Web server or game server) based on the destination port. This makes

the server visible and available to the Internet.

Unless you set up port forwarding, the gateway prevents this type of traffic.The gateway uses

Network Address Translation (NAT). NAT presents a single IP address for your network to the

Internet. Outside users cannot directly address your local computers.

Before setting up Port Forwarding, consider the following:

•

If the IP address of the local server PC is assigned by DHCP, it may change when the PC is

rebooted. To avoid this, you can assign a static IP address to your server outside the range that

is assigned by DHCP, but in the same subnet as the rest of your LAN. By default, the IP

addresses in the range of 192.168.0.2 through 192.168.0.9 are reserved for this.

•

Local computers must access the local server using the local LAN address of the computer

(192.168.0.XXX, by default). Attempts by local computers to access the server using the

external WAN IP address will fail.

Remember that allowing inbound services opens holes in your firewall. Only enable those ports

that are necessary for your network.

Note:

Some residential broadband ISP accounts do not allow you to run any server

processes (such as a Web or FTP server) from your location. Your ISP may check

for servers and may suspend your account if it discovers active services at your

location. If you are unsure, refer to the acceptable use policy of your ISP.