Wireless Cable Voice Gateway Model CVG824G Reference Manual

Protecting Your Network

3-5

v1.0, November 2006

2.

Under Advanced on the main menu, select MAC Filtering. The MAC Filtering screen will

display. At the top of the page is a table of Trusted Devices that are currently connected to the

wireless voice gateway.

To add a device to the MAC Filtering list:

1.

Select a device using one of the following methods:

a.

If the desired device is in the Trusted Devices table, click the radio button of that PC to

capture is MAC address.

b.

If the desired device is not in the Trusted Devices table, you can manually enter the MAC

address of the PC you wish to block. If no Device Name appears when you enter its MAC

address, you can type a descriptive name in the Device Name field.

2.

Click

Add

. The device will appear in the MAC Filter List field.

To delete a device from the MAC Filtering list:

1.

Select the MAC address of the PC from the MAC Filter List.

2.

Click

Delete

to delete the entry.

3.

Click

Apply

to activate the settings.

Blocking Access by Time of Day

The default blocking schedule is to block access all day. However, you can also block access

according to a daily schedule for each PC individually.

To block access for a PC:

1.

In the MAC Filter List, select the PC for which the schedule will be modified.

2.

In the Day(s) to Block section, click the boxes next to the days when you want access blocked.

Figure 3-4

Wireless Cable Voice Gateway Model CVG824G Reference Manual

3-6

Protecting Your Network

1.0, November 2006

3.

In the Time of Day to Block section, select either All Day, or set the hours for Internet

blocking

4.

Click

Apply

to activate the settings.

Inbound and Outbound Rules

You can use firewall rules to block or allow specific traffic passing through from one side to the

other. Inbound rules (WAN to LAN) restrict access by outsiders to private resources, selectively

allowing only specific outside users to access specific resources. Outbound rules (LAN to WAN)

determine what outside resources local users can have access to.

A firewall has two default rules, one for inbound traffic and one for outbound. The default rules of

the gateway are:

•

Inbound:

Block all access from outside except responses to requests from the LAN side.

Instructions for setting up inbound rules can be found in

“Port Forwarding” on page 3-8

•

Outbound:

Allow all access from the LAN side to the outside. Use Port Blocking to set up

outbound rules (see

“Port Blocking” on page 3-7

).

You may define more rules that specify exceptions to the default rules. By adding custom rules,

you can block or allow access based on the service or application, source or destination IP

addresses, and time of day.

Wireless Cable Voice Gateway Model CVG824G Reference Manual

Protecting Your Network

3-7

v1.0, November 2006

Port Blocking

You can use Port Blocking to block outbound traffic on specific ports.

To configure port blocking:

1.

Under Advanced on the main menu, select Port Blocking. The Port Blocking screen will

display.

2.

Select the service that you want to block from the drop-down menu of

Add Predefined

Services

. (If the service that you want to block is not in the predefined list, you can add a

custom service.)

3.

Enter the range of ports that you want to block and select whether the ports are TCP, UDP or

Both.

4.

Enter the Local IP Address for the computer to which this rule will apply.

5.

Click

Add.

The selected service will appear in the

Port Filter List

To specify specific Days or Times to block a rule:.

Figure 3-5

Wireless Cable Voice Gateway Model CVG824G Reference Manual

3-8

Protecting Your Network

1.0, November 2006

1.

From the

Port Filter List

pull-down menu, select the rule that you added. and check the

Enable

radio box.

2.

Select the radio box of the Day(s) you want to apply the rule.

3.

Select the time of day for the rule to be in effect by either check the All Day radio box or

specifying a Start Time and End Time from the pull-down menus.

4.

Click

Add.

The new Port Blocking rule will appear in the Outbound Rules table.

To delete an existing rule:

1.

Select the rule from the

Port Filter List.

2.

Click

Delete

.

Port Forwarding

You can use port forwarding to set up a rule that directs inbound traffic for a particular service to a

local server (for example, a Web server or game server) based on the destination port. This makes

the server visible and available to the Internet.

Unless you set up port forwarding, the gateway prevents this type of traffic.The gateway uses

Network Address Translation (NAT). NAT presents a single IP address for your network to the

Internet. Outside users cannot directly address your local computers.

Before setting up Port Forwarding, consider the following:

•

If the IP address of the local server PC is assigned by DHCP, it may change when the PC is

rebooted. To avoid this, you can assign a static IP address to your server outside the range that

is assigned by DHCP, but in the same subnet as the rest of your LAN. By default, the IP

addresses in the range of 192.168.0.2 through 192.168.0.9 are reserved for this.

•

Local computers must access the local server using the local LAN address of the computer

(192.168.0.XXX, by default). Attempts by local computers to access the server using the

external WAN IP address will fail.

Remember that allowing inbound services opens holes in your firewall. Only enable those ports

that are necessary for your network.

Note:

Some residential broadband ISP accounts do not allow you to run any server

processes (such as a Web or FTP server) from your location. Your ISP may check

for servers and may suspend your account if it discovers active services at your

location. If you are unsure, refer to the acceptable use policy of your ISP.

Wireless Cable Voice Gateway Model CVG824G Reference Manual

Protecting Your Network

3-9

v1.0, November 2006

To forward inbound traffic:

1.

Select the service that you want to forward from the drop-down menu of Predefined Services.

If the service that you want to forward is not in the predefined list, you can add a custom

service. Enter the range of ports that you want to forward and select whether the ports are TCP,

UDP or Both.

2.

Enter a new Start Port and End Port if you want to change the suggested port numbers.

3.

From the drop-down Protocol menu, select the protocol: TCP, UDP, or Both.

4.

Enter the IP address of the computer on your network to which you would like to direct the

inbound traffic in the Local IP Address field.

5.

Click

Add

. The new Port Forwarding rule will appear in the Active Forwarding Rules table.

To delete an existing rule:

1.

Check the radio button on the left side of the table adjacent to the rule you want to delete.

2.

Click

Delete

to delete the Port Forwarding rule.

Figure 3-6