1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. DGFV338
    5. /
  5. 18
Page 86 / 212 Scroll up to view Page 81 - 85
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
4-14
Security and Firewall Protection
v1.0, April 2007
3.
From the Device pull-down menu, (see
Figure 4-9
), select the HTTP service for a Web server.
4.
From the Action pull-down menu, select ALLOW always.
5.
For Send to LAN Server, enter the local IP address of your Web server PC.
6.
From the Public Destination IP Address pull-down menu, select Other Public IP Address and
enter one of your public Internet addresses that will be used by clients on the Internet to reach
your Web server.
7.
Click
Apply
.
Figure 4-9
Page 87 / 212
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
Security and Firewall Protection
4-15
v1.0, April 2007
Your rule will now appear in the Inbound Services table of the Rules menu (see
Figure 4-10
). This
rule is different from a normal inbound port forwarding rule in that the Destination box contains an
IP Address other than your normal WAN IP Address.
To test the connection from a PC on the Internet, enter
http://
<IP_address>
, where
<IP_address>
is the public IP address you have mapped to your Web server. You should see the home page of
your Web server.
Inbound Rule Example: Exposed Host
Specifying an exposed host allows you to set up a computer or server that is available to anyone on
the Internet for services that you haven't defined.
To expose one of the PCs on your LAN as this host (see
Figure 4-11
):
1.
Create an inbound rule that allows all protocols.
2.
Place the rule below all other inbound rules by the clicking the
Down
icon adjacent to the rule.
Figure 4-10
Note:
For security, NETGEAR strongly recommends that you avoid creating an
exposed host. When a computer is designated as the exposed host, it loses
much of the protection of the firewall and is exposed to many exploits from the
Internet. If compromised, the computer can be used to attack your network.
Page 88 / 212
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
4-16
Security and Firewall Protection
v1.0, April 2007
Considerations for Inbound Rules
The DHCP setup and how the PCs access the server’s LAN address impact the Inbound Rules.
If your external IP address is assigned dynamically by your ISP, the IP address may change
periodically as the DHCP lease expires. Consider using the Dyamic DNS feature in the
Advanced menus so that external users can always find your network.
If the IP address of the local server PC is assigned by DHCP, it may change when the PC is
rebooted. To avoid this, use the Reserved IP address feature in the LAN IP menu to keep the
PC’s IP address constant.
Local PCs must access the local server using the PCs’ local LAN address (192.168.0.99 in this
example). Attempts by local PCs to access the server using the external WAN IP address will
fail.
Figure 4-11
1. Select Any protocol and ALLOW Always (or Allow by Schedule)
2. Place rule below all other inbound rules by clicking the down icon
Page 89 / 212
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
Security and Firewall Protection
4-17
v1.0, April 2007
Order of Precedence for Rules
As you define new rules, they are added to the tables in the Rules menu, as shown in
Figure 4-12
:
For any traffic attempting to pass through the firewall, the packet information is subjected to the
rules in the order shown in the LAN WAN Rules Table, beginning at the top and proceeding to the
default rules at the bottom. In some cases, the order of precedence of two or more rules may be
important in determining the disposition of a packet. The
Up
and
Down
icons adjacent to each rule
allows you to relocate a defined rule to a new position in the table.
Customized Services
Services are functions performed by server computers at the request of client computers. You can
configure up to 125 custom services.
For example, Web servers serve Web pages, time servers serve time and date information, and
game hosts serve data about other players’ moves. When a computer on the Internet sends a
request for service to a server computer, the requested service is identified by a service or port
number. This number appears as the destination port number in the transmitted IP packets. For
example, a packet that is sent with destination port number 80 is an HTTP (Web server) request.
The service numbers for many common protocols are defined by the Internet Engineering Task
Force (IETF) and published in RFC1700, “Assigned Numbers.” Service numbers for other
applications are typically chosen from the range 1024 to 65535 by the authors of the application.
Figure 4-12
Page 90 / 212
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
4-18
Security and Firewall Protection
v1.0, April 2007
Although the DGFV338 already holds a list of many service port numbers, you are not limited to
these choices. Use the Services menu to add additional services and applications to the list for use
in defining firewall rules. The Services menu shows a list of services that you have defined, as
shown in
Figure 4-13
:
To define a new service, first you must determine which port number or range of numbers is used
by the application. This information can usually be determined by contacting the publisher of the
application or from user groups of newsgroups. When you have the port number information, go
the Services menu and click on the Add Custom Service button. The Add Services menu will
appear, as shown in
Figure 4-13
.
To add a service:
1.
Select
Security
from the main menu and
Services
from the submenu. The
Services
screen will
display.
1.
Enter a descriptive name for the service so that you will remember what it is.
2.
Select whether the service uses TCP or UDP as its transport protocol. If you can’t determine
which is used, select both.
3.
Enter the lowest port number used by the service.
4.
Enter the highest port number used by the service. If the service only uses a single port
number, enter the same number in both fields.
5.
Click
Add
.
The new service will now appear in the Custom Services Table.
Figure 4-13

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top