1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. DG632v3
    5. /
  5. 14
Page 66 / 132 Scroll up to view Page 61 - 65
Reference Manual for the Model DG632 ADSL Modem Router
6-14
Using Router Mode
Firewall Services
Services are functions performed by server computers at the request of client computers. For
example, Web servers serve Web pages, time servers serve time and date information, and game
hosts serve data about other players’ moves. When a computer on the Internet sends a request for
service to a server computer, the requested service is identified by a service or port number. This
number appears as the destination port number in the transmitted IP packets. For example, a packet
that is sent with destination port number 80 is an HTTP (Web server) request.
The service numbers for many common protocols are defined by the Internet Engineering Task
Force (IETF) and published in RFC1700, “Assigned Numbers.” Service numbers for other
applications are typically chosen from the range 1024 to 65535 by the authors of the application.
Although the DG632 already holds a list of many service port numbers, you are not limited to
these choices. Use the procedure below to create your own service definitions.
How to Define Services
1.
Log in to the modem at its default LAN address of http://192.168.0.1 with its default User
Name of
admin
, default password of
password
, or using whatever Password and LAN
address you have chosen for the modem.
2.
Select the Services link of the Security menu to display the Services menu shown in
Figure 6-9
:
Figure 6-9:
Services menu
To create a new Service, click the Add Custom Service button.
To edit an existing Service, select its button on the left side of the table and click Edit
Service.
Page 67 / 132
Reference Manual for the Model DG632 ADSL Modem Router
Using Router Mode
6-15
To delete an existing Service, select its button on the left side of the table and click Delete
Service.
3.
Use the page shown below to define or edit a service.
Figure 6-10:
Add Services menu
4.
Click Apply to save your changes.
Firewall Rules
Firewall rules are used to block or allow specific traffic passing through from one side to the other.
Inbound rules (WAN to LAN) restrict access by outsiders to private resources, selectively allowing
only specific outside users to access specific resources. Outbound rules (LAN to WAN) determine
what outside resources local users can have access to.
A firewall has two default rules, one for inbound traffic and one for outbound. The default rules of
the DG632 are:
Inbound: Block all access from outside except responses to requests from the LAN side.
Outbound: Allow all access from the LAN side to the outside.
You can define additional rules that will specify exceptions to the default rules. By adding custom
rules, you can block or allow access based on the service or application, source or destination IP
addresses, and time of day. You can also choose to log traffic that matches or does not match the
rule you have defined.
To access the rules configuration of the DG632, click the Firewall Rules link on the main menu,
then click Add for either an Outbound or Inbound Service.
Page 68 / 132
Reference Manual for the Model DG632 ADSL Modem Router
6-16
Using Router Mode
Figure 6-11:
Rules menu
To edit an existing rule, select its button on the left side of the table and click Edit.
To delete an existing rule, select its button on the left side of the table and click Delete.
Inbound Rules (Port Forwarding)
Because the DG632 uses Network Address Translation (NAT), your network presents only one IP
address to the Internet, and outside users cannot directly address any of your local computers.
However, by defining an inbound rule you can make a local server (for example, a Web server or
game server) visible and available to the Internet. The rule tells the modem to direct inbound
traffic for a particular service to one local server based on the destination port number. This is also
known as port forwarding.
Remember that allowing inbound services opens holes in your firewall. Only enable those ports
that are necessary for your network. Following are two application examples of inbound rules:
Note:
Some residential broadband ISP accounts do not allow you to run any server
processes (such as a Web or FTP server) from your location. Your ISP may periodically
check for servers and may suspend your account if it discovers any active services at
your location. If you are unsure, refer to the Acceptable Use Policy of your ISP.
Page 69 / 132
Reference Manual for the Model DG632 ADSL Modem Router
Using Router Mode
6-17
Inbound Rule Example: A Local Public Web Server
If you host a public Web server on your local network, you can define a rule to allow inbound Web
(HTTP) requests to the IP address of your Web server. This rule is shown in
Figure 6-12
:
Figure 6-12:
Rule example:
A Local Public Web Server
The parameters are:
1.
LAN Server IP Address
Enter the IP address of the computer or server on your LAN which will receive the inbound
traffic covered by this rule.
2.
Category
From this list, select the category of application or service to be allowed.
3.
Services
From this list, select the specific service or application. The list already displays many
common services, but you are not limited to these choices. Use the Services menu to add any
additional services or applications that do not already appear.
4.
Click Apply.
Considerations for Inbound Rules
If your external IP address is assigned dynamically by your ISP, the IP address may change
periodically as the DHCP lease expires. Consider using the Dynamic DNS feature in the
Advanced menus so that external users can always find your network.
If the IP address of the local server computer is assigned by DHCP, it may change when the
computer is rebooted. To avoid this, use the Reserved IP address feature in the LAN IP menu
to keep the computer’s IP address constant.
Page 70 / 132
Reference Manual for the Model DG632 ADSL Modem Router
6-18
Using Router Mode
Local computers must access the local server using the computer’s local LAN address
(192.168.0.11 in the example in
Figure 6-12
above). Attempts by local computers to access the
server using the external WAN IP address will fail.
Outbound Rules (Service Blocking)
The DG632 allows you to block the use of certain Internet services by computers on your network.
This is called service blocking or port filtering. You can define an outbound rule to block Internet
access from a local computer based on:
IP address of the local computer (source address)
Type of service being requested (service port number)
Following is an application example of outbound rules:
Outbound Rule Example: Doom
If you want to block usage of the game Doom, you can create an outbound rule to block that
application from any internal IP address.
Figure 6-13:
Rule example: Blocking Doom
The parameters are:
1.
Host IP Address
Enter the IP address of the computer on your LAN from which you would like to block traffic
covered by this rule.
2.
Category
From this list, select the category of application or service to be blocked.
3.
Services
From this list, select the specific service or application. The list already displays many
common services, but you are not limited to these choices. Use the Services menu to add any
additional services or applications that do not already appear.

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top