Advanced Settings

31

NETGEAR Wireless Cable Gateway CG3000

Access Control by MAC Address

You can use access control to specify which wireless computers or devices can connect to

the gateway based on their MAC addresses. If you do not set up access control, any wireless

computer or device that is configured with the correct SSID and wireless security settings will

be allowed to access to your wireless network.

1.

Log in to the gateway as described in

Log In to Your Gateway

on page

9.

2.

In the main menu, under Advanced, select Wireless Settings.

3.

Click the

Setup Access List

button to display the Wireless Card Access List screen.

Note:

If you are configuring the gateway from a wireless computer, make sure

to add your computer’s MAC address to the Access List. Otherwise you will

lose your wireless connection when you click Apply. You must then access the

gateway from a wired computer, or from a wireless computer that is on the

access control list, to make any further changes.

4.

By default the Allow Any radio button is selected. You can either allow computers to connect

to the network based on their MAC addresses, or deny connections based on MAC address.

Select either the

Allow List

or

Deny List

radio button.

5.

Add devices to the Access List using either of these methods:

•

If the computer is in the Connected Wireless Devices table, click its radio button to

capture its MAC address. Then click

Add

.

•

Enter the MAC address of the device in the Add Access Filter fields. The MAC

address can usually be found on the bottom of the wireless device. Then click

Add

.

6.

Click

Apply

to save these settings.

Advanced Settings

32

NETGEAR Wireless Cable Gateway CG3000

Firewall Rules: Port Blocking

You can use port blocking to block outbound traffic on specific ports. Outbound traffic rules

control access to outside resources from local users.The default rule is to allow all access

from the LAN side to the outside. You can use port blocking to add predefined or custom rules

to specify exceptions to the default rule.

Note:

Any outbound traffic that is not blocked by rules that you have

created is allowed by the default rule.

1.

Select

Advanced > Firewall Rules.

The Port Blocking section is near the bottom of the

screen

.

2.

In the

Services

field, select a service from the drop-down list. (For example, FTP, which

uses TCP ports 20 and 21.)

3.

To add a custom rule that is not in the list of services, specify these settings in the Add

Custom Rules table:

•

Name

. Enter a name for the service.

•

Start Port

. Enter the start port for the service.

•

End Port

.Enter the end port for the service.

•

Protocol

. Select the protocol for the ports:

-

TCP

. Select TCP only.

-

UDP

. Select UDP only.

-

Both

. Select both TCP and UDP.

•

Local IP Address

. Complete the local IP address for the computer that is using the

service.

Advanced Settings

33

NETGEAR Wireless Cable Gateway CG3000

4.

Perform one of the following actions:

•

Click

Add

to save your settings. The Active Filters table now displays the list of ports

that are currently forwarded.

•

To delete a service, select the radio button in the Active Filters table for the service

that you want to delete, and then click

Delete

.

•

To reset the selection in the Services drop-down list and to clear all the fields in the

Add Custom Rules table, click

Reset

.

Firewall Rules: Port Forwarding

A firewall has default rules for inbound traffic (WAN to LAN) and for outbound traffic. Port

forwarding affects the inbound rules. These rules restrict access from outsiders. By default,

the gateway blocks access from outside except responses to requests from the LAN side.

You can use port forwarding to add rules to specify exceptions to the default rule.

Because the gateway uses Network Address Translation (NAT), your network presents only

one IP address to the Internet, and outside users cannot directly address any of your local

computers. However, by defining an inbound rule you can make a local server (for example,

a web server or game server) or computer visible and available to the Internet. The rule tells

the Gateway to direct inbound traffic for a particular service to one local server or computer

based on the destination port number. This is also known as port forwarding.

Some residential broadband ISPs do not allow you to run server processes (such as a Web

or FTP server) from your location. Your ISP might check for servers and suspend your

account if it finds active services at your location. See the Acceptable Use policy of your ISP.

To configure port forwarding and services for specific inbound traffic:

1.

Select

Advanced > Firewall Rules.

The Port Forwarding section is on the top.

2.

In the

Service

field, select a service from the

drop-down list. (For example, FTP, which

uses TCP ports 20 and 21.)

3.

To add a custom rule that is not in the list of

services, specify these settings in the Add

Custom Rules table:

•

Name

. Enter a name for the service.

•

Start Port

. Enter the start port for the

service.

•

End Port

.Enter the end port for the

service.

•

Protocol

. Select the port protocol:

-

TCP

. Select TCP only.

-

UDP

. Select UDP only.

-

Both

. Select both TCP and UDP.

Advanced Settings

34

NETGEAR Wireless Cable Gateway CG3000

•

Local IP Address

. Enter the local IP address for the computer that uses the service.

4.

Perform one of these actions:

•

Click

Add

. The Active Forwarding Rules table displays the list of forwarded ports.

•

To delete a service, select the radio button in the Active Forwarding Rules table for the

service that you want to delete, and then click

Delete

.

•

To reset the selection in the

Services

field and to clear all the fields in the Add Custom

Rules table, click

Reset

.

Considerations for Port Forwarding

•

If the IP address of the local server PC is assigned by DHCP, it might change when the

PC is rebooted. To avoid this, you can assign a static IP address to your server outside

the range that is assigned by DHCP, but in the same subnet as your LAN. By default, the

IP addresses from 192.168.1.2 through 192.168.1.9 are reserved for this purpose.

•

Local PCs must access the local server using the PCs’ local LAN address

(192.168.1.XXX, by default). Attempts by local PCs to access the server using the

external WAN IP address will fail.

•

Port forwarding opens holes in your firewall. Only enable ports that are necessary.

WAN Setup

Select

Advanced > WAN Setup

to set up a Default DMZ Computer to display the following

screen. A Default DMZ Computer lets you set up a PC that is available to anyone on the

Internet for services that you haven't defined. For security reasons, do this only if you are

willing to risk open access. If you do not assign a Default DMZ Computer, the gateway

discards any undefined service request.

Respond To Ping On Internet Port

. If you want the CG3000 to respond to a 'Ping' from the

Internet, click this check box. This can be used as a diagnostic tool.

MTU Size

. The normal MTU (Maximum Transmit Unit) value for most Ethernet networks is

1500 Bytes. For some ISPs you may need to reduce the MTU. But this is rarely required, and

should not be done unless you are sure it is necessary for your ISP connection

Advanced Settings

35

NETGEAR Wireless Cable Gateway CG3000

Assign a Computer as The DMZ Host

1.

Type the last field of the IP address field in the DMZ Address field.

2.

Click

Apply

.

Remove a Computer from Being a DMZ Computer:

1.

Type 0 in last field of the IP address field in DMZ Address.

2.

Click

Apply

.

Dynamic DNS

A Dynamic DNS (DDNS) Service provides a central public database where information such

as email addresses, host names and IP addresses can be stored and retrieved. The

Dynamic DNS server also stores password-protected information and accepts queries based

on e-mail addresses. The Router supports only basic DDNS and the login and password may

not be secure. If you have a private WAN IP address, do not use DDNS service as it may

lead to problems.

Note:

you have to register for the DNS service. When you register, the DDNS

client service provider gives you a password or key.

Select

Advanced > Dynamic DNS

to display the following screen:

Select the

Use A Dynamic DNS Service

check box.

1.

Select the name of your dynamic DNS Service Provider.

2.

Type the Host Name (or domain name) that your dynamic DNS service provider gave you.

3.

Type the

User Name

for your DDNS account.

4.

Type the

Password

(or key) for your DDNS account.

5.

Click

Apply

to have the DDNS service used.

Use Wildcards

. If you have DYNDNS as your DDNS service provider, you may select the

Use Wildcards check box to activate this optional feature.