Page 46 / 102 Scroll up to view Page 41 - 45
Reference Manual for the Model CG814M Wireless Cable Modem Gateway
4-6
Protecting Your Network
Most web surfing is done on port 80. The parental control feature monitors port 80 so proxy based
web surfing would not be inspected by the parental controls. The proxy filter should be used if
parental controls are being used.
Cookies
A cookie is a text file saved by your web browser which is sent to a particular web servier every
time you visit the site. Cookies are used to identify you to the web server automatically.
Java Applets
Java Applets are programs that run from within another application, such as a web browser.
ActiveX
An ActiveX control is a Microsoft Windows program that can be downloaded from a web page
and automatically executed by your web browser on your PC.
Popup Windows
Many internet sites open additional browser windows, called popups. They are often used for
advertisments. The CG814M can filter out many of these popup windows.
Port Blocking
Firewall rules are used to block or allow specific traffic passing through from one side to the other.
Inbound rules (WAN to LAN) restrict access by outsiders to private resources, selectively allowing
only specific outside users to access specific resources. Instructions for setting up inbound rules
can be found in
“Port Forwarding“ on page -7
. Outbound rules (LAN to WAN) determine what
outside resources local users can have access to. This section describes how to set up outbound
rules.
A firewall has two default rules, one for inbound traffic and one for outbound. The default rules of
the CG814M Gateway are:
Inbound: Block all access from outside except responses to requests from the LAN side.
Outbound: Allow all access from the LAN side to the outside.
You may define additional rules that will specify exceptions to the default rules. By adding custom
rules, you can block or allow access based on the service or application, source or destination IP
addresses, and time of day. You can also choose to log traffic that matches or does not match the
Downloaded from
www.Manualslib.com
manuals search engine
Page 47 / 102
Reference Manual for the Model CG814M Wireless Cable Modem Gateway
Protecting Your Network
4-7
rule you have defined.
To configure outbound rules on the CG814M Gateway, click the Port Blocking link on the
Advanced section of the main menu.
Figure 4-4: Port Blocking menu
To block outbound traffic, select the service you would like to block from the drop-down
list of predefined services. Click Add.
If the service you would like to block is not in the predefined list, you can add a custom
service. Enter the range of ports you would like to block and select whether the ports are
TCP, UDP or Both. Click Add.
To delete an existing rule, select its button on the left side of the table and click Delete.
Port Forwarding
Because the CG814M Gateway uses Network Address Translation (NAT), your network presents
Downloaded from
www.Manualslib.com
manuals search engine
Page 48 / 102
Reference Manual for the Model CG814M Wireless Cable Modem Gateway
4-8
Protecting Your Network
only one IP address to the Internet, and outside users cannot directly address any of your local
computers. However, by defining an inbound rule you can make a local server (for example, a web
server or game server) visible and available to the Internet. The rule tells the gateway to direct
inbound traffic for a particular service to one local server based on the destination port number.
This is also known as Port Forwarding.
Remember that allowing inbound services opens holes in your firewall. Only enable those ports
that are necessary for your network. Following are two application examples of inbound rules:
To configure inbound rules on the CG814M Gateway, click the Port Forwarding link on the
Advanced section of the main menu..
Figure 4-5: Port Forwarding menu
To forward inbound traffic:
Note:
Some residential broadband ISP accounts do not allow you to run any server
processes (such as a Web or FTP server) from your location. Your ISP may periodically
check for servers and may suspend your account if it discovers any active services at
your location. If you are unsure, refer to the Acceptable Use Policy of your ISP.
Downloaded from
www.Manualslib.com
manuals search engine
Page 49 / 102
Reference Manual for the Model CG814M Wireless Cable Modem Gateway
Protecting Your Network
4-9
1.
Select the service you would like to forward from the drop-down list of predefined
services.
If the service you would like to forward is not in the predefined list, you can add a
custom service. Enter the range of ports you would like to forward and select whether
the ports are TCP, UDP or Both.
2.
Enter the IP address of the computer on your network to which you would like to
direct the inbound traffic
3.
Click Add.
4.
To access the local computer from the Internet, you must use the WAN address of your
gateway, which can be found on the Basic Settings page.
To delete an existing rule, select its button on the left side of the table and click Delete.
Considerations for Port Forwarding
If your external IP address is assigned dynamically by your ISP, the IP address may change
periodically as the DHCP lease expires. Consider using the Dynamic DNS feature in the Advanced
menus so that external users can always find your network.
If the IP address of the local server PC is assigned by DHCP, it may change when the PC is
rebooted. To avoid this, you can assign a static IP address to your server outside the range that
is assigned by DHCP, but in the same subnet as the rest of your LAN. By default, the IP
addresses in the range of 192.168.0.2 through 192.168.0.9 are reserved for this.
Local PCs must access the local server using the PCs’ local LAN address (192.168.0.XXX, by
default). Attempts by local PCs to access the server using the external WAN IP address will
fail.
Port Triggering
Port Triggering is an advanced feature that allows you to dynamically open inbound ports based on
outbound traffic on different ports. This is an advanced feature that can be used for gaming and
other internet applications.
Port Forwarding can typically be used to enable similar functionality, but it is static and has some
limitations. Ports will be open to traffic from the internet until the port forwarding rule is removed.
Additionally, port forwarding does not work well for some applications when your WAN IP
address is assigned by DHCP, and is changed frequently. Port Triggering opens in incoming port
temporarily and can does not require the server on the internet to track your IP address if it is
Downloaded from
www.Manualslib.com
manuals search engine
Page 50 / 102
Reference Manual for the Model CG814M Wireless Cable Modem Gateway
4-10
Protecting Your Network
changed.
Port Triggering monitors outbound traffic. When the gateway detects traffic on the specified
outbound port, it remembers the IP address of the computer that sent the data and “triggers” the
incoming port. Incoming traffic on the triggered port is then forwarded to the triggering computer.
An example of Port Triggering for Internet Relay Chat (IRC) is shown in
Figure 4-6
. When you
connect to an IRC server, the server tries to connect back on port 113 to do an Ident lookup. Unless
you have configured Port Forwarding to open port 113, the traffic will be blocked. In this example,
the initial login to the server in the range of ports 6660 to 6670 will be detected. This will trigger
the gateway to temporarily forward port 113 to the PC that initiated the login.l
Figure 4-6: Port Triggering menu, with IRC example.
To configure Port Triggering:
Downloaded from
www.Manualslib.com
manuals search engine

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top