Wireless-N ADSL2+ Modem Router DGN2000 Reference Manual

Protecting Your Network

3-3

v1.0, July 2008

Changing the Administrator Login Time-out

For security, the administrator’s login to the modem router configuration times out after a period of

inactivity. To change the login time-out period:

1.

In the Set Password screen, type a number in the

Administrator login times

out field. The

suggested default value is 5 minutes.

2.

Click

Apply

to save your changes, or click

Cancel

to keep the current period.

Configuring Basic Firewall Services

Basic firewall services that you can configure include access blocking and scheduling of firewall

security. These topics are presented in the following sections.

Blocking Keywords, Sites, and Services

The modem router provides a variety of options for blocking Internet-based content and

communications services. With its content filtering feature, the Wireless-N ADSL2+ Modem

Router prevents objectionable content from reaching your PCs. The modem router allows you to

control access to Internet content by screening for keywords within Web addresses. Key content

filtering options include:

•

Keyword blocking of HTTP traffic.

•

Outbound service blocking. Limits access from your LAN to Internet locations or services that

you specify as off-limits.

•

Denial of service (DoS) protection. Automatically detects and thwarts denial of service (DoS)

attacks such as Ping of Death, SYN flood, LAND Attack, and IP spoofing.

•

Blocking unwanted traffic from the Internet to your LAN.

The following section explains how to configure your modem router

to perform these functions.

How to Block Keywords and Sites

The modem router allows you to restrict access to Internet content based on functions such as Web

addresses and Web address keywords.

1.

Log in to the modem router at its default LAN address of

with its default

user name of

admin

and default password of

password

, or using whatever password and LAN

address you might have previously set for the modem router.

Wireless-N ADSL2+ Modem Router DGN2000 Reference Manual

3-4

Protecting Your Network

v1.0, July 2008

2.

In the main menu, under Security, select

Block Sites

to display the following screen

.

3.

To enable keyword blocking, select one of the following:

•

Per Schedule

. Turn on keyword blocking according to the settings in the Schedule screen.

•

Always

. Turn on keyword blocking all the time, independent of the Schedule screen.

4.

Enter a keyword or domain in the

Keyword

field, click

Add Keyword

, and then click

Apply

.

Some examples of keyword application follow:

•

If the keyword XXX is specified, the URL http://www.badstuff.com/xxx.html is blocked.

•

If the keyword .com is specified, only websites with other domain suffixes (such as .edu or

.gov) can be viewed.

•

Enter a period (

.

) as to block all Internet browsing access.

Up to 32 entries are supported in the Keyword list.

5.

To delete a keyword or domain, select it from the list, click

Delete Keyword

, and then click

Apply

.

6.

To specify a trusted user, enter that computer’s IP address in the

Trusted IP Address

field,

and click

Apply

.

Figure 3-3

Wireless-N ADSL2+ Modem Router DGN2000 Reference Manual

Protecting Your Network

3-5

v1.0, July 2008

You can specify one trusted user, which is a computer that will be exempt from blocking and

logging. Since the trusted user will be identified by an IP address, you should configure that

computer with a fixed IP address.

7.

Click

Apply

to save your settings.

Firewall Rules

Firewall rules block or allow specific traffic passing through from one side of the router to the

other. Inbound rules (WAN to LAN) restrict access by outsiders to private resources, selectively

allowing only specific outside users to access specific resources. Outbound rules (LAN to WAN)

determine what outside resources local users can have access to.

A firewall has two default rules, one for inbound traffic and one for outbound. The default rules of

the modem router are:

•

Inbound. Block all access from outside except responses to requests from the LAN side.

•

Outbound. Allow all access from the LAN side to the outside.

You can define additional rules that will specify exceptions to the default rules. By adding custom

rules, you can block or allow access based on the service or application, source or destination IP

addresses, and time of day. You can also choose to log traffic that matches or does not match the

rule you have defined.

You can change the order of precedence of rules so that the rule that applies most often takes effect

first. See

“Order of Precedence for Rules” on page 3-11

for more details.

To access the rules configuration of the modem router, select

Firewall Rules

on the main menu,

and then click

Add

for either an outbound or inbound service. The Firewall Rules screen displays.

Wireless-N ADSL2+ Modem Router DGN2000 Reference Manual

3-6

Protecting Your Network

v1.0, July 2008

•

To edit an existing rule, select its button on the left side of the table, and click

Edit

.

•

To delete an existing rule, select its button on the left side of the table, and click

Delete

.

•

To move an existing rule to a different position in the table, select its button on the left side of

the table, and click

Move

. At the prompt, enter the number of the desired new position and

click

OK

.

Inbound Rules (Port Forwarding)

Because the modem router uses Network Address Translation (NAT), your network presents only

one IP address to the Internet, and outside users cannot directly address any of your local

computers. However, by defining an inbound rule you can make a local server (for example, a Web

server or game server) visible and available to the Internet. The rule tells the modem router to

direct inbound traffic for a particular service to one local server based on the destination port

number. This is also known as port forwarding.

Figure 3-4

Note:

Some residential broadband ISP accounts do not allow you to run any server

processes (such as a Web or FTP server) from your location. Your ISP might

periodically check for servers and might suspend your account if it discovers any

active services at your location. If you are unsure, refer to the acceptable use policy

of your ISP.

Wireless-N ADSL2+ Modem Router DGN2000 Reference Manual

Protecting Your Network

3-7

v1.0, July 2008

Remember that allowing inbound services opens holes in your firewall. Enable only those ports

that are necessary for your network. Following are two application examples of inbound rules.

Inbound Rule Example: A Local Public Web Server

If you host a public Web server on your local network, you can define a rule to allow inbound Web

(HTTP) requests from any outside IP address to the IP address of your Web server at any time of

day. This rule is shown in the following figure:

The settings are:

•

Service

. From this list, select the application or service to be allowed or blocked. The list

already displays many common services, but you are not limited to these choices. Use the

Services screen to add any additional services or applications that do not already appear. See

“How to Define Services” on page 3-12

.

•

Action

. Choose how you want this type of traffic to be handled. You can block or allow

always, or you can block or allow according to the schedule you have defined in the Schedule

screen.

•

Send to LAN Server

. Enter the IP address of the computer or server on your LAN that will

receive the inbound traffic covered by this rule.

Figure 3-5