Reference Manual for the Model CG814M Wireless Cable Modem Gateway

4-6

Protecting Your Network

Most web surfing is done on port 80. The parental control feature monitors port 80 so proxy based

web surfing would not be inspected by the parental controls. The proxy filter should be used if

parental controls are being used.

Cookies

A cookie is a text file saved by your web browser which is sent to a particular web servier every

time you visit the site. Cookies are used to identify you to the web server automatically.

Java Applets

Java Applets are programs that run from within another application, such as a web browser.

ActiveX

An ActiveX control is a Microsoft Windows program that can be downloaded from a web page

and automatically executed by your web browser on your PC.

Popup Windows

Many internet sites open additional browser windows, called popups. They are often used for

advertisments. The CG814M can filter out many of these popup windows.

Port Blocking

Firewall rules are used to block or allow specific traffic passing through from one side to the other.

Inbound rules (WAN to LAN) restrict access by outsiders to private resources, selectively allowing

only specific outside users to access specific resources. Instructions for setting up inbound rules

can be found in

“Port Forwarding“ on page -7

. Outbound rules (LAN to WAN) determine what

outside resources local users can have access to. This section describes how to set up outbound

rules.

A firewall has two default rules, one for inbound traffic and one for outbound. The default rules of

the CG814M Gateway are:

•

Inbound: Block all access from outside except responses to requests from the LAN side.

•

Outbound: Allow all access from the LAN side to the outside.

You may define additional rules that will specify exceptions to the default rules. By adding custom

rules, you can block or allow access based on the service or application, source or destination IP

addresses, and time of day. You can also choose to log traffic that matches or does not match the

Downloaded from

www.Manualslib.com

manuals search engine

Reference Manual for the Model CG814M Wireless Cable Modem Gateway

Protecting Your Network

4-7

rule you have defined.

To configure outbound rules on the CG814M Gateway, click the Port Blocking link on the

Advanced section of the main menu.

Figure 4-4: Port Blocking menu

•

To block outbound traffic, select the service you would like to block from the drop-down

list of predefined services. Click Add.

•

If the service you would like to block is not in the predefined list, you can add a custom

service. Enter the range of ports you would like to block and select whether the ports are

TCP, UDP or Both. Click Add.

•

To delete an existing rule, select its button on the left side of the table and click Delete.

Port Forwarding

Because the CG814M Gateway uses Network Address Translation (NAT), your network presents

Downloaded from

www.Manualslib.com

manuals search engine

Reference Manual for the Model CG814M Wireless Cable Modem Gateway

4-8

Protecting Your Network

only one IP address to the Internet, and outside users cannot directly address any of your local

computers. However, by defining an inbound rule you can make a local server (for example, a web

server or game server) visible and available to the Internet. The rule tells the gateway to direct

inbound traffic for a particular service to one local server based on the destination port number.

This is also known as Port Forwarding.

Remember that allowing inbound services opens holes in your firewall. Only enable those ports

that are necessary for your network. Following are two application examples of inbound rules:

To configure inbound rules on the CG814M Gateway, click the Port Forwarding link on the

Advanced section of the main menu..

Figure 4-5: Port Forwarding menu

•

To forward inbound traffic:

Note:

Some residential broadband ISP accounts do not allow you to run any server

processes (such as a Web or FTP server) from your location. Your ISP may periodically

check for servers and may suspend your account if it discovers any active services at

your location. If you are unsure, refer to the Acceptable Use Policy of your ISP.

Downloaded from

www.Manualslib.com

manuals search engine

Reference Manual for the Model CG814M Wireless Cable Modem Gateway

Protecting Your Network

4-9

1.

Select the service you would like to forward from the drop-down list of predefined

services.

If the service you would like to forward is not in the predefined list, you can add a

custom service. Enter the range of ports you would like to forward and select whether

the ports are TCP, UDP or Both.

2.

Enter the IP address of the computer on your network to which you would like to

direct the inbound traffic

3.

Click Add.

4.

To access the local computer from the Internet, you must use the WAN address of your

gateway, which can be found on the Basic Settings page.

•

To delete an existing rule, select its button on the left side of the table and click Delete.

Considerations for Port Forwarding

If your external IP address is assigned dynamically by your ISP, the IP address may change

periodically as the DHCP lease expires. Consider using the Dynamic DNS feature in the Advanced

menus so that external users can always find your network.

•

If the IP address of the local server PC is assigned by DHCP, it may change when the PC is

rebooted. To avoid this, you can assign a static IP address to your server outside the range that

is assigned by DHCP, but in the same subnet as the rest of your LAN. By default, the IP

addresses in the range of 192.168.0.2 through 192.168.0.9 are reserved for this.

•

Local PCs must access the local server using the PCs’ local LAN address (192.168.0.XXX, by

default). Attempts by local PCs to access the server using the external WAN IP address will

fail.

Port Triggering

Port Triggering is an advanced feature that allows you to dynamically open inbound ports based on

outbound traffic on different ports. This is an advanced feature that can be used for gaming and

other internet applications.

Port Forwarding can typically be used to enable similar functionality, but it is static and has some

limitations. Ports will be open to traffic from the internet until the port forwarding rule is removed.

Additionally, port forwarding does not work well for some applications when your WAN IP

address is assigned by DHCP, and is changed frequently. Port Triggering opens in incoming port

temporarily and can does not require the server on the internet to track your IP address if it is

Downloaded from

www.Manualslib.com

manuals search engine

Reference Manual for the Model CG814M Wireless Cable Modem Gateway

4-10

Protecting Your Network

changed.

Port Triggering monitors outbound traffic. When the gateway detects traffic on the specified

outbound port, it remembers the IP address of the computer that sent the data and “triggers” the

incoming port. Incoming traffic on the triggered port is then forwarded to the triggering computer.

An example of Port Triggering for Internet Relay Chat (IRC) is shown in

Figure 4-6

. When you

connect to an IRC server, the server tries to connect back on port 113 to do an Ident lookup. Unless

you have configured Port Forwarding to open port 113, the traffic will be blocked. In this example,

the initial login to the server in the range of ports 6660 to 6670 will be detected. This will trigger

the gateway to temporarily forward port 113 to the PC that initiated the login.l

Figure 4-6: Port Triggering menu, with IRC example.

To configure Port Triggering:

Downloaded from

www.Manualslib.com

manuals search engine