Wireless Cable Voice Gateway Model CVG834G Reference Manual

3-10

Protecting Your Network

v2.0, November 2007

4.

Click

Add

. The new Port Blocking rule appears in the Outbound Rules table.

To delete an existing rule:

1.

Select the rule from the

Port Filter List

.

2.

Click

Delete

.

Port Forwarding

You can use port forwarding to set up a rule that directs inbound traffic for a particular service to a

local server (for example, a Web server or game server) based on the destination port. This makes

the server visible and available to the Internet.

Unless you set up port forwarding, the gateway prevents this type of traffic.The gateway uses

Network Address Translation (NAT). NAT presents a single IP address for your network to the

Internet. Outside users cannot directly address your local computers.

Before setting up Port Forwarding, consider the following:

•

If the IP address of the local server PC is assigned by DHCP, it may change when the PC is

rebooted. To avoid this, you can assign a static IP address to your server outside the range that

is assigned by DHCP, but in the same subnet as the rest of your LAN. By default, the IP

addresses in the range of 192.168.0.2 through 192.168.0.9 are reserved for this.

•

Local computers must access the local server using the local LAN address of the computer

(192.168.0.XXX, by default). Attempts by local computers to access the server using the

external WAN IP address will fail.

Remember that allowing inbound services opens holes in your firewall. Only enable those ports

that are necessary for your network.

Forwarding Inbound Traffic

To forward inbound traffic:

1.

Select the service that you want to forward from the

Predefined Services

drop-down list.

Note:

Some residential broadband ISP accounts do not allow you to run any server

processes (such as a Web or FTP server) from your location. Your ISP may check

for servers and may suspend your account if it discovers active services at your

location. If you are unsure, refer to the acceptable use policy of your ISP.

Wireless Cable Voice Gateway Model CVG834G Reference Manual

Protecting Your Network

3-11

v2.0, November 2007

If the service that you want to forward is not in the predefined list, you can add a custom

service. Enter the range of ports that you want to forward and select whether the ports are TCP,

UDP or Both.

2.

If you want to change the suggested port numbers, enter a new

Start Port

and

End Port

.

3.

From the drop-down

Protocol

list, select the protocol: TCP, UDP, or Both.

4.

Enter the IP address of the computer on your network to which you would like to direct the

inbound traffic in the

Local IP Address

field.

5.

Click

Add

. The new Port Forwarding rule appears in the Active Forwarding Rules table.

Deleting a Rule

To delete an existing rule:

1.

Select the radio button for the rule that you want to delete.

2.

Click

Delete

to delete the Port Forwarding rule.

Figure 3-8

Wireless Cable Voice Gateway Model CVG834G Reference Manual

3-12

Protecting Your Network

v2.0, November 2007

Port Triggering

Port Triggering is an advanced feature that allows you to dynamically open inbound ports based on

outbound traffic on different ports. This feature can be used for gaming and other Internet

applications.

Port Triggering monitors outbound traffic. When the gateway detects traffic on the specified

outbound port, it remembers the IP address of the computer that sent the data and “triggers” the

incoming port. Incoming traffic on the triggered port is then forwarded to the triggering computer.

For example, port triggering can be used for Internet Relay Chat (IRC). When you connect to an

IRC server, the server tries to connect back on the port to do an Ident lookup. Unless you have

configured Port Forwarding to open that port, the traffic will be blocked. In this example, the

initial login to the server in the range of ports is detected. This triggers the gateway to temporarily

forward the port to the PC that initiated the login.

To configure Port Triggering:

1.

Under the Advanced heading on the main menu, select Port Triggering. The Port Triggering

screen appears:

Note:

Port Forwarding is similar to port triggering, but it is static and has some

limitations. Ports are open to traffic from the Internet until the port forwarding rule

is removed. Additionally, port forwarding does not work well for some

applications when your WAN IP address is assigned by DHCP, and is changed

frequently. Port Triggering opens an incoming port temporarily and does not

require the server on the internet to track your IP address if it is changed.

Figure 3-9

Wireless Cable Voice Gateway Model CVG834G Reference Manual

Protecting Your Network

3-13

v2.0, November 2007

2.

In the

Trigger Range

field, enter the outbound ports that will be monitored for activity. This

will be the “trigger.”

3.

In the

Target Range

field, enter the inbound ports that should be forwarded when the trigger

occurs.

4.

Select the appropriate protocol: TCP, UDP or Both.

5.

Select the

Enable

check box

6.

Click

Apply

.

There are two ways to clear a Port Triggering rule:

•

Clear the

Enable

check box to temporarily disable the rule.

•

Select the rule, and then click

Delete

.

Setting Up a DMZ Host

The Default DMZ Server feature is helpful when using some online games and video conferencing

applications that are incompatible with NAT. The gateway is programmed to recognize some of

these applications and to work properly with them, but there are other applications that may not

function well. In some cases, one local PC can run the application properly if that PC’s IP address

is entered as the Default DMZ Host.

Incoming traffic from the Internet is normally discarded by the gateway unless the traffic is a

response to one of your local computers or a service that you have configured in the Port

Forwarding or Port Triggering screen. Instead of discarding this traffic, you can have it forwarded

to one computer on your network. This computer is called the default DMZ host.

Note:

For security, you should avoid using the Default DMZ Server feature. When a

computer is designated as the default DMZ server, it loses much of the protection

of the firewall, and is exposed to many exploits from the Internet. If compromised,

the computer can be used to attack your network.

Wireless Cable Voice Gateway Model CVG834G Reference Manual

3-14

Protecting Your Network

v2.0, November 2007

To assign a computer or server to be a DMZ host:

1.

From the main menu, under the Advanced heading, select DMZ Host. The DMZ Host screen

appears:

2.

In the

DMZ Address

field, enter the IP address of the computer that you want to assign as a

DMZ host.

3.

Click

Apply

.

To disable the DMZ host, enter

0

(zero), and then click

Apply

.

If you want the gateway to respond to a ping from the Internet, select the

Respond to Ping on

WAN Port

check box. This should only be used as a diagnostic tool, since it allows your gateway

to be discovered. Do not select this check box unless you have a specific reason to do so.

Figure 3-10