1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. DGN2000
    5. /
  5. 12
Page 56 / 126 Scroll up to view Page 51 - 55
Wireless-N ADSL2+ Modem Router DGN2000 Reference Manual
3-8
Protecting Your Network
v1.0, July 2008
WAN Users
. These settings determine which packets are covered by the rule, based on their
source (WAN) IP address. Select the option that you want:
Any
: All IP addresses are covered by this rule.
Address range
: If this option is selected, you must fill in the
Start
and
Finish
fields.
Single address
: Enter the required address in the
Start
field.
Log
. You can select whether the traffic will be logged. The choices are:
Never
. No log entries will be made for this service.
Always
. Any traffic for this service type will be logged.
Match
. Traffic of this type that matches the settings and action will be logged.
Not match
. Traffic of this type that does not match the settings and action will be logged.
Inbound Rule Example: Allowing Video conferencing
If you want to allow incoming video conferencing to be initiated from a restricted range of outside
IP addresses, such as from a branch office, you can create an inbound rule. In the example shown
in the following figure, CU-SeeMe connections are allowed only from a specified range of
external IP addresses. In this case, we have also specified logging of any incoming CU-SeeMe
requests that do not match the allowed settings.
Figure 3-6
Page 57 / 126
Wireless-N ADSL2+ Modem Router DGN2000 Reference Manual
Protecting Your Network
3-9
v1.0, July 2008
Considerations for Inbound Rules
If your external IP address is assigned dynamically by your ISP, the IP address might change
periodically as the DHCP lease expires. Consider using the Dynamic DNS screen so that
external users can always find your network.
If the IP address of the local server computer is assigned by DHCP, it might change when the
computer is rebooted. To avoid this, use the Reserved IP address feature in the LAN IP Setup
screen to keep the computer’s IP address constant.
Local computers must access the local server using the computer’s local LAN address
(192.168.0.11 in the example in the previous figure). Attempts by local computers to access
the server using the external WAN IP address will fail.
Outbound Rules (Service Blocking)
The modem router allows you to block the use of certain Internet services by computers on your
network. This is called service blocking or port filtering. You can define an outbound rule to block
Internet access from a local computer based on the following:
IP address of the local computer (source address)
IP address of the Internet site being contacted (destination address)
Time of day
Type of service being requested (service port number)
Following is an application example of outbound rules.
Outbound Rule Example: Blocking Instant Messenger
If you want to block Instant Messenger usage by employees during working hours, you can create
an outbound rule to block that application from any internal IP address to any external address
according to the schedule that you create in the Schedule screen.You can specify that the modem
router logs any attempt to use Instant Messenger during this blocked period. You can also open or
close AOL or MSN Instant Messenger ports: see the Firewall Rules screen in the “
Order of
Precedence for Rules
” section on
page 3-11
.
Page 58 / 126
Wireless-N ADSL2+ Modem Router DGN2000 Reference Manual
3-10
Protecting Your Network
v1.0, July 2008
The settings are:
Service
. From this list, select the application or service to be allowed or blocked. The list
already displays many common services, but you are not limited to these choices. Use the
Add
Custom Service
button in the Services screen to add any additional services or applications
that do not already appear.
Action
. Choose how you want this type of traffic to be handled. You can block or allow
always, or you can block or allow according to the schedule you have defined in the Schedule
screen.
LAN Users
. These settings determine which packets are covered by the rule, based on their
source LAN IP address. Select the option that you want:
Any
. All IP addresses are covered by this rule.
Address range
. If this option is selected, you must fill in the
Start
and
Finish
fields.
Single address
. Enter the required address in the
Start
field.
WAN Users
. These settings determine which packets are covered by the rule, based on their
destination WAN IP address. Select the option that you want:
Any
. All IP addresses are covered by this rule.
Figure 3-7
Page 59 / 126
Wireless-N ADSL2+ Modem Router DGN2000 Reference Manual
Protecting Your Network
3-11
v1.0, July 2008
Address range
. If this option is selected, you must fill in the
Start
and
Finish
fields.
Single address
. Enter the required address in the
Start
field.
Log
. You can select whether the traffic will be logged. The choices are:
Never
. No log entries will be made for this service.
Always
. Any traffic for this service type will be logged.
Match
. Traffic of this type that matches the settings and action will be logged.
Not match
. Traffic of this type that does not match the settings and action will be logged.
Order of Precedence for Rules
As you define new rules, they are added to the tables in the Firewall Rules screen, as shown in the
following figure:
For any traffic attempting to pass through the firewall, the packet information is subjected to the
rules in the order shown in the Rules table, beginning at the top and proceeding to the default rules
at the bottom. In some cases, the order of precedence of two or more rules might be important in
determining the disposition of a packet. The
Move
button allows you to relocate a defined rule to a
new position in the table.
Figure 3-8
Page 60 / 126
Wireless-N ADSL2+ Modem Router DGN2000 Reference Manual
3-12
Protecting Your Network
v1.0, July 2008
The Firewall Rules screen also lets you easily open or close AOL or MSN Instant Messenger
ports:
1.
Under Instant Messaging (IM) Ports, select a radio button:
Close IM Ports
. Specifies to disable instant messaging traffic.
Open IM Ports
. Specifies to enable instant messaging traffic. IM ports are open by
default.
2.
Click
Apply
to save your changes.
Services
Services are functions performed by server computers at the request of client computers. For
example, Web servers serve Web pages, time servers serve time and date information, and game
hosts serve data about other players’ moves. When a computer on the Internet sends a request for
service to a server computer, the requested service is identified by a service or port number. This
number appears as the destination port number in the transmitted IP packets. For example, a packet
that is sent with destination port number 80 is an HTTP (Web server) request.
The service numbers for many common protocols are defined by the Internet Engineering Task
Force (IETF) and published in RFC1700, “Assigned Numbers.” Service numbers for other
applications are typically chosen from the range 1024 to 65535 by the authors of the application.
Although the modem router already holds a list of many service port numbers, you are not limited
to these choices. Use the following procedure to create your own service definitions.
How to Define Services
1.
Log in to the modem router at its default LAN address of
with its default
user name of
admin
, and default password of
password
, or using whatever password and
LAN address you have chosen for the modem router.

Rate

4.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top