Page 51 / 126 Scroll up to view Page 46 - 50
Wireless-N ADSL2+ Modem Router DGN2000 Reference Manual
Protecting Your Network
3-3
v1.0, July 2008
Changing the Administrator Login Time-out
For security, the administrator’s login to the modem router configuration times out after a period of
inactivity. To change the login time-out period:
1.
In the Set Password screen, type a number in the
Administrator login times
out field. The
suggested default value is 5 minutes.
2.
Click
Apply
to save your changes, or click
Cancel
to keep the current period.
Configuring Basic Firewall Services
Basic firewall services that you can configure include access blocking and scheduling of firewall
security. These topics are presented in the following sections.
Blocking Keywords, Sites, and Services
The modem router provides a variety of options for blocking Internet-based content and
communications services. With its content filtering feature, the Wireless-N ADSL2+ Modem
Router prevents objectionable content from reaching your PCs. The modem router allows you to
control access to Internet content by screening for keywords within Web addresses. Key content
filtering options include:
Keyword blocking of HTTP traffic.
Outbound service blocking. Limits access from your LAN to Internet locations or services that
you specify as off-limits.
Denial of service (DoS) protection. Automatically detects and thwarts denial of service (DoS)
attacks such as Ping of Death, SYN flood, LAND Attack, and IP spoofing.
Blocking unwanted traffic from the Internet to your LAN.
The following section explains how to configure your modem router
to perform these functions.
How to Block Keywords and Sites
The modem router allows you to restrict access to Internet content based on functions such as Web
addresses and Web address keywords.
1.
Log in to the modem router at its default LAN address of
with its default
user name of
admin
and default password of
password
, or using whatever password and LAN
address you might have previously set for the modem router.
Page 52 / 126
Wireless-N ADSL2+ Modem Router DGN2000 Reference Manual
3-4
Protecting Your Network
v1.0, July 2008
2.
In the main menu, under Security, select
Block Sites
to display the following screen
.
3.
To enable keyword blocking, select one of the following:
Per Schedule
. Turn on keyword blocking according to the settings in the Schedule screen.
Always
. Turn on keyword blocking all the time, independent of the Schedule screen.
4.
Enter a keyword or domain in the
Keyword
field, click
Add Keyword
, and then click
Apply
.
Some examples of keyword application follow:
If the keyword XXX is specified, the URL http://www.badstuff.com/xxx.html is blocked.
If the keyword .com is specified, only websites with other domain suffixes (such as .edu or
.gov) can be viewed.
Enter a period (
.
) as to block all Internet browsing access.
Up to 32 entries are supported in the Keyword list.
5.
To delete a keyword or domain, select it from the list, click
Delete Keyword
, and then click
Apply
.
6.
To specify a trusted user, enter that computer’s IP address in the
Trusted IP Address
field,
and click
Apply
.
Figure 3-3
Page 53 / 126
Wireless-N ADSL2+ Modem Router DGN2000 Reference Manual
Protecting Your Network
3-5
v1.0, July 2008
You can specify one trusted user, which is a computer that will be exempt from blocking and
logging. Since the trusted user will be identified by an IP address, you should configure that
computer with a fixed IP address.
7.
Click
Apply
to save your settings.
Firewall Rules
Firewall rules block or allow specific traffic passing through from one side of the router to the
other. Inbound rules (WAN to LAN) restrict access by outsiders to private resources, selectively
allowing only specific outside users to access specific resources. Outbound rules (LAN to WAN)
determine what outside resources local users can have access to.
A firewall has two default rules, one for inbound traffic and one for outbound. The default rules of
the modem router are:
Inbound. Block all access from outside except responses to requests from the LAN side.
Outbound. Allow all access from the LAN side to the outside.
You can define additional rules that will specify exceptions to the default rules. By adding custom
rules, you can block or allow access based on the service or application, source or destination IP
addresses, and time of day. You can also choose to log traffic that matches or does not match the
rule you have defined.
You can change the order of precedence of rules so that the rule that applies most often takes effect
first. See
“Order of Precedence for Rules” on page 3-11
for more details.
To access the rules configuration of the modem router, select
Firewall Rules
on the main menu,
and then click
Add
for either an outbound or inbound service. The Firewall Rules screen displays.
Page 54 / 126
Wireless-N ADSL2+ Modem Router DGN2000 Reference Manual
3-6
Protecting Your Network
v1.0, July 2008
To edit an existing rule, select its button on the left side of the table, and click
Edit
.
To delete an existing rule, select its button on the left side of the table, and click
Delete
.
To move an existing rule to a different position in the table, select its button on the left side of
the table, and click
Move
. At the prompt, enter the number of the desired new position and
click
OK
.
Inbound Rules (Port Forwarding)
Because the modem router uses Network Address Translation (NAT), your network presents only
one IP address to the Internet, and outside users cannot directly address any of your local
computers. However, by defining an inbound rule you can make a local server (for example, a Web
server or game server) visible and available to the Internet. The rule tells the modem router to
direct inbound traffic for a particular service to one local server based on the destination port
number. This is also known as port forwarding.
Figure 3-4
Note:
Some residential broadband ISP accounts do not allow you to run any server
processes (such as a Web or FTP server) from your location. Your ISP might
periodically check for servers and might suspend your account if it discovers any
active services at your location. If you are unsure, refer to the acceptable use policy
of your ISP.
Page 55 / 126
Wireless-N ADSL2+ Modem Router DGN2000 Reference Manual
Protecting Your Network
3-7
v1.0, July 2008
Remember that allowing inbound services opens holes in your firewall. Enable only those ports
that are necessary for your network. Following are two application examples of inbound rules.
Inbound Rule Example: A Local Public Web Server
If you host a public Web server on your local network, you can define a rule to allow inbound Web
(HTTP) requests from any outside IP address to the IP address of your Web server at any time of
day. This rule is shown in the following figure:
The settings are:
Service
. From this list, select the application or service to be allowed or blocked. The list
already displays many common services, but you are not limited to these choices. Use the
Services screen to add any additional services or applications that do not already appear. See
“How to Define Services” on page 3-12
.
Action
. Choose how you want this type of traffic to be handled. You can block or allow
always, or you can block or allow according to the schedule you have defined in the Schedule
screen.
Send to LAN Server
. Enter the IP address of the computer or server on your LAN that will
receive the inbound traffic covered by this rule.
Figure 3-5

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top