NETGEAR DGFV338 Router Manual PDF (Setup & Configuration Guide)

Page 81 / 212 Scroll up to view Page 76 - 80

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

Security and Firewall Protection

4-9

v1.0, April 2007

–

Address Range

: A range of IP addresses on the LAN will be affected by the rule.

–

Group

: Computers that are part of the Group defined in the Network Database will be

affected by the rule (groups are defined under the Network Configuration menu, LAN

Groups page on the Edit Group Names tab).

WAN Users

: Specifies whether all Internet addresses or specific IP addresses are included in the

rule.

–

Any

: All IP addresses on the Internet are included in the rule.

–

Single Address

: A single Internet IP address that is affected by the rule.

–

Address Range

: A range of IP addresses that are affected by the rule.

•

Destination

: The WAN IP address that will map to the incoming server. It can either be the

address of the ADSL or WAN Ethernet port* or another WAN IP address.

•

Priority

: The priority assigned to IP packets of this service. The priorities are defined by

“Type of Service (TOS) in the Internet Protocol Suite” standards, RFC 1349. The router marks

the Type Of Service (TOS) field as defined below:

–

Normal-Service

: No special priority given to the traffic. The IP packets for services with

this priority are marked with a TOS value of 0.

–

Minimize-Cost

: Used when data must be transferred over a link that has a lower “cost”.

The IP packets for services with this priority are marked with a TOS value of 1.

–

Maximize-Reliability

: Used when data needs to travel to the destination over a reliable

link and with little or no retransmission. The IP packets for services with this priority are

marked with a TOS value of 2.

–

Maximize-Throughput:

Used when the volume of data transferred during an interval is

important even if the latency over the link is high. The IP packets for services with this

priority are marked with a TOS value of 4.

–

Minimize-Delay

: Used when the time required (latency) for the packet to reach the

destination must be low. The IP packets for services with this priority are marked with a

TOS value of 8.

•

Log

: Specifies whether the packets for this rule should be logged or not. To log details for all

packets that match this rule, select Always. Select Never to disable logging.

Note:

This field is only enabled when under NAT mode since the router needs to

map traffic coming from a particular WAN port to a LAN machine.

Page 82 / 212

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

4-10

Security and Firewall Protection

v1.0, April 2007

For example, if an inbound rule for a schedule is selected as Block Always, then for every

packet that tries to make an outbound connection for that service, a message with the packet’s

source and destination addresses, along with other information will be recorded in the log.

Enabling logging may generate a significant volume of log messages and is recommended for

debugging purposes only.

Additional actions that can be taken on the rules are:

•

Edit

: Modify the configuration of the selected rule.

•

Select All

: Selects all the rules in the table.

•

Delete

: Deletes the selected policy or policies.

•

Enable

: Enables the selected rule or rules.

•

Disable

: Disables the selected rule or rules.

•

Add

: Add a new rule.

To create a new inbound service rule:

1.

Click

Add

under the

Inbound Services

table. The

Add LAN-WAN Inbound Service

will

appear.

Note:

See

“Setting up Port Triggering” on page 4-28

for yet another way to allow

certain types of inbound traffic that would otherwise be blocked by the

firewall.

Figure 4-5

Page 83 / 212

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

Security and Firewall Protection

4-11

v1.0, April 2007

2.

Complete the Inbound Service screen and click

Apply

. The new rule will be listed in the

Inbound Services

table.

To make changes to an existing inbound service rule:

1.

Select the radio button next to an row in the table.

2.

Click the button for the desired actions:

•

Edit

– to make any changes to the rule definition. The Inbound Service screen will be

displayed (see

“Inbound Rules (Port Forwarding)” on page 4-7

) with the data for the

selected rule.

•

Up

or

Down

– to move the selected rule to a new position in the table. .

•

Delete

– to delete the selected rule.

3.

Enable or disable a rule by selecting the check box in the

Status

column of the row adjacent to

the rule you want to modify.

•

Click

Enable

to enable the policy. The status circle will turn green.

•

Click

Disable

to disable the policy. The status circle will turn gray.

Figure 4-6

Note:

Since Rules are applied in the order listed (from top to bottom), the

hierarchy of the rules may make a difference in how traffic is handled.

Page 84 / 212

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

4-12

Security and Firewall Protection

v1.0, April 2007

Inbound Rule Example: A Local Public Web Server

If you host a public Web server on your local network, you can define a rule to allow inbound Web

(HTTP) requests from any outside IP address to the IP address of your Web server at any time of

day. This rule is shown in

Figure 4-7

:

Inbound Rule Example: Allowing Videoconference from Restricted Addresses

If you want to allow incoming videoconferencing to be initiated from a restricted range of outside

IP addresses, such as from a branch office, you can create an inbound rule. In the example shown

below, CU-SeeMe connections are allowed only from a specified range of external IP addresses.

Figure 4-7

Page 85 / 212

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

Security and Firewall Protection

4-13

v1.0, April 2007

Inbound Rule Example: One-to-One NAT Mapping

This application note describes how to configure multi-NAT to support multiple public IP

addresses on one WAN interface of a NETGEAR ProSafe Wireless ADSL Modem VPN Firewall

Router.

By creating an inbound rule, we will configure the firewall to host an additional public IP

addresses and associate this address with a Web server on the LAN.

IP Address Requirements – If you arrange with your ISP to have more than one public IP address

for your use, you can use the additional public IP addresses to map to servers on your LAN or

DMZ. One of these public IP addresses will be used as the primary IP address of the router. This

address will be used to provide Internet access to your LAN PCs through NAT. The other

addresses are available to map to your servers.

To configure the DGFV338 for additional IP addresses:

1.

Go to the LAN-WAN Rules menu.

2.

Click

Add

under the Inbound Services table to create an Inbound Services rule. The Add

LAN-WAN Inbound Services screen will display.

Figure 4-8

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share