Wireless Cable Voice Gateway Model CVG824G Reference Manual

3-10

Protecting Your Network

1.0, November 2006

Port Triggering

Port Triggering is an advanced feature that allows you to dynamically open inbound ports based on

outbound traffic on different ports. This feature can be used for gaming and other Internet

applications.

Port Triggering monitors outbound traffic. When the gateway detects traffic on the specified

outbound port, it remembers the IP address of the computer that sent the data and “triggers” the

incoming port. Incoming traffic on the triggered port is then forwarded to the triggering computer.

For example, port triggering can be used for Internet Relay Chat (IRC). When you connect to an

IRC server, the server tries to connect back on the port to do an Ident lookup. Unless you have

configured Port Forwarding to open that port, the traffic will be blocked. In this example, the

initial login to the server in the range of ports is detected. This triggers the gateway to temporarily

forward the port to the PC that initiated the login.

To configure Port Triggering

1.

Under Advanced on the main menu, select Port Triggering The Port Triggering screen will

display.

2.

In the Trigger Range, enter the outbound ports that will be monitored for activity. This will be

the “trigger.”

3.

In the Target Range, enter the inbound ports that should be forwarded when the trigger occurs.

4.

Select the appropriate protocol: TCP, UDP or Both.

5.

Check the Enable box

6.

Click

Apply

.

Note:

Port Forwarding is similar to port triggering, but it is static and has some

limitations. Ports are open to traffic from the Internet until the port forwarding rule

is removed. Additionally, port forwarding does not work well for some

applications when your WAN IP address is assigned by DHCP, and is changed

frequently. Port Triggering opens an incoming port temporarily and does not

require the server on the internet to track your IP address if it is changed.

Wireless Cable Voice Gateway Model CVG824G Reference Manual

Protecting Your Network

3-11

v1.0, November 2006

To clear a Port Triggering rule:

1.

Either remove the check from the Enable box to temporarily disable the rule, or

2.

Select the rule and click

Delete

.

Setting Up A Default DMZ Host

The Default DMZ Server feature is helpful when using some online games and video conferencing

applications that are incompatible with NAT. The gateway is programmed to recognize some of

these applications and to work properly with them, but there are other applications that may not

function well. In some cases, one local PC can run the application properly if that PC’s IP address

is entered as the Default DMZ Host.

Figure 3-7

Note:

For security, you should avoid using the Default DMZ Server feature. When a

computer is designated as the Default DMZ Server, it loses much of the protection

of the firewall, and is exposed to many exploits from the Internet. If compromised,

the computer can be used to attack your network.

Wireless Cable Voice Gateway Model CVG824G Reference Manual

3-12

Protecting Your Network

1.0, November 2006

Incoming traffic from the Internet is normally discarded by the gateway unless the traffic is a

response to one of your local computers or a service that you have configured in the Port

Forwarding or Port Triggering page. Instead of discarding this traffic, you can have it forwarded to

one computer on your network. This computer is called the Default DMZ Host.

To assign a computer or server to be a DMZ Host:

1.

From the Advanced menu, select DMZ Host.

2.

Enter the IP address of the computer you would like to assign as a DMZ Host.

3.

Click

Apply

.

To disable the DMZ Host, enter “0” and click

Apply

.

If you want the gateway to respond to a “ping” from the Internet, check the “Respond to Ping on

WAN Port” check box. This should only be used as a diagnostic tool, since it allows your gateway

to be discovered. Do not check this box unless you have a specific reason to do so.

Turning On Universal Plug and Play (UPnP)

Universal Plug and Play (UPnP) helps devices, such as Internet appliances and computers, access

the network and connect to other devices as needed. UPnP devices can automatically discover the

services from other registered UPnP devices on the network.

UPnP can be enabled or disabled for automatic device configuration. The default setting for UPnP

is disabled. If disabled, the router will not allow any device to automatically control the resources,

such as port forwarding (mapping), of the router.

Other features of UPnP:

Figure 3-8

Wireless Cable Voice Gateway Model CVG824G Reference Manual

Protecting Your Network

3-13

v1.0, November 2006

•

Advertisement Period

. The number entered in this field (in minutes) determines how often

the router will advertise (broadcast) its UPnP information. This value can range from 1 to 1440

minutes. The default period is for 30 minutes.

–

Shorter durations will ensure that control points have current device status at the expense

of additional network traffic.

–

Longer durations may compromise the freshness of the device status but can significantly

reduce network traffic.

•

Advertisement Time To Live.

The time to live for the advertisement is measured in hops

(steps) for each UPnP packet sent. A hop is the number of steps allowed to propagate for each

UPnP advertisement before it disappears. The number of hops can range from 1 to 255. The

default value for the advertisement time to live is 4 hops, which should be fine for most home

networks. If you notice that some devices are not being updated or reached correctly, then you

may need to increase this value a little.

•

UPnP Portmap Table.

The UPnP Portmap Table displays the IP address of each UPnP device

that is currently accessing the router and which ports (internal and external) that device has

opened. The UPnP Portmap Table also displays what type of port is opened and if that port is

still active for each IP address.

To activate UPnP:

1.

Check the Turn UPnP On radio box.

2.

Click

Apply.

To Save, Cancel or Refresh the Table:

•

Click

Apply

to save the new settings to the gateway router.

•

Click

Cancel

to disregard any unsaved changes.

•

Click

Refresh

to update the portmap table and to show the active ports that are currently

opened by UPnP devices.

Wireless Cable Voice Gateway Model CVG824G Reference Manual

3-14

Protecting Your Network

1.0, November 2006

Enabling or Disabling Content Filtering Services

You can use the Services page to disable or enable certain gateway features which are described as

follows:

•

Firewall Features

.

When enabled, the gateway will perform Stateful Packet Inspection (SPI)

and protect against Denial of Service (DoS) attacks. Default is enabled.

•

VPN Pass-Through

. When enabled, IPSec and PPTP traffic will be forwarded. When it is

disabled, this traffic will be blocked. Default is enabled.

•

Multicast.

When enabled, the cable gateway has the ability to pass multicasting streams

through the firewall. Default is enabled.

•

Web Features

. If enabled, certain Web-oriented features such as cookies, java scripts, or pop-

up windows will be blocked by the firewall. The default is disabled. For example, if you

enable “Filter Cookies”, many Web sites will not allow you to access their site.

To disable a feature:

1.

Remove the check from its Enable check box.

Figure 3-9

Note:

To go to the Services page, you must be logged in as a parent.