1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. CG3000DCR Comcast
    5. /
  5. 7
Page 31 / 53 Scroll up to view Page 26 - 30
Advanced Settings
31
NETGEAR Wireless Cable Gateway CG3000
Access Control by MAC Address
You can use access control to specify which wireless computers or devices can connect to
the gateway based on their MAC addresses. If you do not set up access control, any wireless
computer or device that is configured with the correct SSID and wireless security settings will
be allowed to access to your wireless network.
1.
Log in to the gateway as described in
Log In to Your Gateway
on page
9.
2.
In the main menu, under Advanced, select Wireless Settings.
3.
Click the
Setup Access List
button to display the Wireless Card Access List screen.
Note:
If you are configuring the gateway from a wireless computer, make sure
to add your computer’s MAC address to the Access List. Otherwise you will
lose your wireless connection when you click Apply. You must then access the
gateway from a wired computer, or from a wireless computer that is on the
access control list, to make any further changes.
4.
By default the Allow Any radio button is selected. You can either allow computers to connect
to the network based on their MAC addresses, or deny connections based on MAC address.
Select either the
Allow List
or
Deny List
radio button.
5.
Add devices to the Access List using either of these methods:
If the computer is in the Connected Wireless Devices table, click its radio button to
capture its MAC address. Then click
Add
.
Enter the MAC address of the device in the Add Access Filter fields. The MAC
address can usually be found on the bottom of the wireless device. Then click
Add
.
6.
Click
Apply
to save these settings.
Page 32 / 53
Advanced Settings
32
NETGEAR Wireless Cable Gateway CG3000
Firewall Rules: Port Blocking
You can use port blocking to block outbound traffic on specific ports. Outbound traffic rules
control access to outside resources from local users.The default rule is to allow all access
from the LAN side to the outside. You can use port blocking to add predefined or custom rules
to specify exceptions to the default rule.
Note:
Any outbound traffic that is not blocked by rules that you have
created is allowed by the default rule.
1.
Select
Advanced > Firewall Rules.
The Port Blocking section is near the bottom of the
screen
.
2.
In the
Services
field, select a service from the drop-down list. (For example, FTP, which
uses TCP ports 20 and 21.)
3.
To add a custom rule that is not in the list of services, specify these settings in the Add
Custom Rules table:
Name
. Enter a name for the service.
Start Port
. Enter the start port for the service.
End Port
.Enter the end port for the service.
Protocol
. Select the protocol for the ports:
-
TCP
. Select TCP only.
-
UDP
. Select UDP only.
-
Both
. Select both TCP and UDP.
Local IP Address
. Complete the local IP address for the computer that is using the
service.
Page 33 / 53
Advanced Settings
33
NETGEAR Wireless Cable Gateway CG3000
4.
Perform one of the following actions:
Click
Add
to save your settings. The Active Filters table now displays the list of ports
that are currently forwarded.
To delete a service, select the radio button in the Active Filters table for the service
that you want to delete, and then click
Delete
.
To reset the selection in the Services drop-down list and to clear all the fields in the
Add Custom Rules table, click
Reset
.
Firewall Rules: Port Forwarding
A firewall has default rules for inbound traffic (WAN to LAN) and for outbound traffic. Port
forwarding affects the inbound rules. These rules restrict access from outsiders. By default,
the gateway blocks access from outside except responses to requests from the LAN side.
You can use port forwarding to add rules to specify exceptions to the default rule.
Because the gateway uses Network Address Translation (NAT), your network presents only
one IP address to the Internet, and outside users cannot directly address any of your local
computers. However, by defining an inbound rule you can make a local server (for example,
a web server or game server) or computer visible and available to the Internet. The rule tells
the Gateway to direct inbound traffic for a particular service to one local server or computer
based on the destination port number. This is also known as port forwarding.
Some residential broadband ISPs do not allow you to run server processes (such as a Web
or FTP server) from your location. Your ISP might check for servers and suspend your
account if it finds active services at your location. See the Acceptable Use policy of your ISP.
To configure port forwarding and services for specific inbound traffic:
1.
Select
Advanced > Firewall Rules.
The Port Forwarding section is on the top.
2.
In the
Service
field, select a service from the
drop-down list. (For example, FTP, which
uses TCP ports 20 and 21.)
3.
To add a custom rule that is not in the list of
services, specify these settings in the Add
Custom Rules table:
Name
. Enter a name for the service.
Start Port
. Enter the start port for the
service.
End Port
.Enter the end port for the
service.
Protocol
. Select the port protocol:
-
TCP
. Select TCP only.
-
UDP
. Select UDP only.
-
Both
. Select both TCP and UDP.
Page 34 / 53
Advanced Settings
34
NETGEAR Wireless Cable Gateway CG3000
Local IP Address
. Enter the local IP address for the computer that uses the service.
4.
Perform one of these actions:
Click
Add
. The Active Forwarding Rules table displays the list of forwarded ports.
To delete a service, select the radio button in the Active Forwarding Rules table for the
service that you want to delete, and then click
Delete
.
To reset the selection in the
Services
field and to clear all the fields in the Add Custom
Rules table, click
Reset
.
Considerations for Port Forwarding
If the IP address of the local server PC is assigned by DHCP, it might change when the
PC is rebooted. To avoid this, you can assign a static IP address to your server outside
the range that is assigned by DHCP, but in the same subnet as your LAN. By default, the
IP addresses from 192.168.1.2 through 192.168.1.9 are reserved for this purpose.
Local PCs must access the local server using the PCs’ local LAN address
(192.168.1.XXX, by default). Attempts by local PCs to access the server using the
external WAN IP address will fail.
Port forwarding opens holes in your firewall. Only enable ports that are necessary.
WAN Setup
Select
Advanced > WAN Setup
to set up a Default DMZ Computer to display the following
screen. A Default DMZ Computer lets you set up a PC that is available to anyone on the
Internet for services that you haven't defined. For security reasons, do this only if you are
willing to risk open access. If you do not assign a Default DMZ Computer, the gateway
discards any undefined service request.
Respond To Ping On Internet Port
. If you want the CG3000 to respond to a 'Ping' from the
Internet, click this check box. This can be used as a diagnostic tool.
MTU Size
. The normal MTU (Maximum Transmit Unit) value for most Ethernet networks is
1500 Bytes. For some ISPs you may need to reduce the MTU. But this is rarely required, and
should not be done unless you are sure it is necessary for your ISP connection
Page 35 / 53
Advanced Settings
35
NETGEAR Wireless Cable Gateway CG3000
Assign a Computer as The DMZ Host
1.
Type the last field of the IP address field in the DMZ Address field.
2.
Click
Apply
.
Remove a Computer from Being a DMZ Computer:
1.
Type 0 in last field of the IP address field in DMZ Address.
2.
Click
Apply
.
Dynamic DNS
A Dynamic DNS (DDNS) Service provides a central public database where information such
as email addresses, host names and IP addresses can be stored and retrieved. The
Dynamic DNS server also stores password-protected information and accepts queries based
on e-mail addresses. The Router supports only basic DDNS and the login and password may
not be secure. If you have a private WAN IP address, do not use DDNS service as it may
lead to problems.
Note:
you have to register for the DNS service. When you register, the DDNS
client service provider gives you a password or key.
Select
Advanced > Dynamic DNS
to display the following screen:
Select the
Use A Dynamic DNS Service
check box.
1.
Select the name of your dynamic DNS Service Provider.
2.
Type the Host Name (or domain name) that your dynamic DNS service provider gave you.
3.
Type the
User Name
for your DDNS account.
4.
Type the
Password
(or key) for your DDNS account.
5.
Click
Apply
to have the DDNS service used.
Use Wildcards
. If you have DYNDNS as your DDNS service provider, you may select the
Use Wildcards check box to activate this optional feature.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top