NETGEAR DGN2000 Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

NETGEAR

DGN2000

Page 56 / 126 Scroll up to view Page 51 - 55

Wireless-N ADSL2+ Modem Router DGN2000 Reference Manual

3-8

Protecting Your Network

v1.0, July 2008

•

WAN Users

. These settings determine which packets are covered by the rule, based on their

source (WAN) IP address. Select the option that you want:

–

Any

: All IP addresses are covered by this rule.

–

Address range

: If this option is selected, you must fill in the

Start

and

Finish

fields.

–

Single address

: Enter the required address in the

Start

field.

•

Log

. You can select whether the traffic will be logged. The choices are:

–

Never

. No log entries will be made for this service.

–

Always

. Any traffic for this service type will be logged.

–

Match

. Traffic of this type that matches the settings and action will be logged.

–

Not match

. Traffic of this type that does not match the settings and action will be logged.

Inbound Rule Example: Allowing Video conferencing

If you want to allow incoming video conferencing to be initiated from a restricted range of outside

IP addresses, such as from a branch office, you can create an inbound rule. In the example shown

in the following figure, CU-SeeMe connections are allowed only from a specified range of

external IP addresses. In this case, we have also specified logging of any incoming CU-SeeMe

requests that do not match the allowed settings.

Figure 3-6

Page 57 / 126

Wireless-N ADSL2+ Modem Router DGN2000 Reference Manual

Protecting Your Network

3-9

v1.0, July 2008

Considerations for Inbound Rules

•

If your external IP address is assigned dynamically by your ISP, the IP address might change

periodically as the DHCP lease expires. Consider using the Dynamic DNS screen so that

external users can always find your network.

•

If the IP address of the local server computer is assigned by DHCP, it might change when the

computer is rebooted. To avoid this, use the Reserved IP address feature in the LAN IP Setup

screen to keep the computer’s IP address constant.

•

Local computers must access the local server using the computer’s local LAN address

(192.168.0.11 in the example in the previous figure). Attempts by local computers to access

the server using the external WAN IP address will fail.

Outbound Rules (Service Blocking)

The modem router allows you to block the use of certain Internet services by computers on your

network. This is called service blocking or port filtering. You can define an outbound rule to block

Internet access from a local computer based on the following:

•

IP address of the local computer (source address)

•

IP address of the Internet site being contacted (destination address)

•

Time of day

•

Type of service being requested (service port number)

Following is an application example of outbound rules.

Outbound Rule Example: Blocking Instant Messenger

If you want to block Instant Messenger usage by employees during working hours, you can create

an outbound rule to block that application from any internal IP address to any external address

according to the schedule that you create in the Schedule screen.You can specify that the modem

router logs any attempt to use Instant Messenger during this blocked period. You can also open or

close AOL or MSN Instant Messenger ports: see the Firewall Rules screen in the “

Order of

Precedence for Rules

” section on

page 3-11

Page 58 / 126

Wireless-N ADSL2+ Modem Router DGN2000 Reference Manual

3-10

Protecting Your Network

v1.0, July 2008

The settings are:

•

Service

. From this list, select the application or service to be allowed or blocked. The list

already displays many common services, but you are not limited to these choices. Use the

Add

Custom Service

button in the Services screen to add any additional services or applications

that do not already appear.

•

Action

. Choose how you want this type of traffic to be handled. You can block or allow

always, or you can block or allow according to the schedule you have defined in the Schedule

screen.

•

LAN Users

. These settings determine which packets are covered by the rule, based on their

source LAN IP address. Select the option that you want:

–

Any

. All IP addresses are covered by this rule.

–

Address range

. If this option is selected, you must fill in the

Start

and

Finish

fields.

–

Single address

. Enter the required address in the

Start

field.

•

WAN Users

. These settings determine which packets are covered by the rule, based on their

destination WAN IP address. Select the option that you want:

–

Any

. All IP addresses are covered by this rule.

Figure 3-7

Page 59 / 126

Wireless-N ADSL2+ Modem Router DGN2000 Reference Manual

Protecting Your Network

3-11

v1.0, July 2008

–

Address range

. If this option is selected, you must fill in the

Start

and

Finish

fields.

–

Single address

. Enter the required address in the

Start

field.

•

Log

. You can select whether the traffic will be logged. The choices are:

–

Never

. No log entries will be made for this service.

–

Always

. Any traffic for this service type will be logged.

–

Match

. Traffic of this type that matches the settings and action will be logged.

–

Not match

. Traffic of this type that does not match the settings and action will be logged.

Order of Precedence for Rules

As you define new rules, they are added to the tables in the Firewall Rules screen, as shown in the

following figure:

For any traffic attempting to pass through the firewall, the packet information is subjected to the

rules in the order shown in the Rules table, beginning at the top and proceeding to the default rules

at the bottom. In some cases, the order of precedence of two or more rules might be important in

determining the disposition of a packet. The

Move

button allows you to relocate a defined rule to a

new position in the table.

Figure 3-8

Page 60 / 126

Wireless-N ADSL2+ Modem Router DGN2000 Reference Manual

3-12

Protecting Your Network

v1.0, July 2008

The Firewall Rules screen also lets you easily open or close AOL or MSN Instant Messenger

ports:

Under Instant Messaging (IM) Ports, select a radio button:

•

Close IM Ports

. Specifies to disable instant messaging traffic.

•

Open IM Ports

. Specifies to enable instant messaging traffic. IM ports are open by

default.

Click

Apply

to save your changes.

Services

Services are functions performed by server computers at the request of client computers. For

example, Web servers serve Web pages, time servers serve time and date information, and game

hosts serve data about other players’ moves. When a computer on the Internet sends a request for

service to a server computer, the requested service is identified by a service or port number. This

number appears as the destination port number in the transmitted IP packets. For example, a packet

that is sent with destination port number 80 is an HTTP (Web server) request.

The service numbers for many common protocols are defined by the Internet Engineering Task

Force (IETF) and published in RFC1700, “Assigned Numbers.” Service numbers for other

applications are typically chosen from the range 1024 to 65535 by the authors of the application.

Although the modem router already holds a list of many service port numbers, you are not limited

to these choices. Use the following procedure to create your own service definitions.

How to Define Services

http://192.168.0.1

with its default

user name of

admin

, and default password of

password

, or using whatever password and

LAN address you have chosen for the modem router.

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share