Page 46 / 167 Scroll up to view Page 41 - 45
46
|
Chapter 4.
Content Filtering Settings
N300 Wireless ADSL2+ Modem Router DGN2200
Log
. You can select whether to log the traffic:
-
Never
. No log entries are made for this service.
-
Always
. Any traffic for this service type is logged.
-
Match
. Traffic of this type that matches the settings and action are logged.
-
Not match
. Traffic of this type that does not match the settings and action are logged.
Inbound Rule Example: Allowing Video Conferencing
Create an inbound rule to allow incoming video conferencing to be initiated from a restricted
range of outside IP addresses, such as from a branch office. In the following figure,
CU-SeeMe connections are allowed from a specified range of external IP addresses only. In
this case, incoming CU-SeeMe requests that do not match the allowed settings are logged.
Figure 11. Inbound video conferencing
Considerations for Inbound Rules
If your external IP address is assigned dynamically by your ISP, the IP address might
change periodically as the DHCP lease expires. Consider using the Dynamic DNS screen
described in
Dynamic DNS
on page
75 so that external users can always find your
network.
If the IP address of the local server computer is assigned by DHCP, it might change when
the computer is rebooted. To avoid this, use the Reserved IP address feature in the LAN
IP Setup screen to keep the computer’s IP address constant.
Local computers must access the local server using the computer’s local LAN address
(192.168.0.11 in the example shown in
Figure
11, Inbound video conferencing
). Attempts
by local computers to access the server using the external WAN IP address fail.
Page 47 / 167
Chapter 4.
Content Filtering Settings
|
47
N300 Wireless ADSL2+ Modem Router DGN2200
Outbound Rules (Service Blocking)
You can block computers on your local network from using certain Internet services. This is
called service blocking or port filtering. You can add an outbound rule to block Internet access
from a local computer based on the computer, Internet site, time of day, and type of service.
1.
Select
Security > Firewall Rules
to display the following screen:
2.
Under Outbound Services, click
Add.
3.
Fill in the fields as follows and click
Apply
to save your settings:
Service
. Select the application or service to be allowed or blocked. The list has many
services, but you are not limited to these choices. You can use the
Add Custom
Service
button (see
Set Up Services
on page
48) to add services or applications.
Action
. Choose how to handle this type of traffic. You can block or allow always, or
according to the schedule you define. (See
Schedule Services
on page
50.)
LAN Users
. These settings determine which packets are covered by the rule, based
on their source LAN IP address. Select the option that you want:
-
Any
. All IP addresses are covered by this rule.
-
Address range
. If this option is selected, fill in the Start and Finish fields.
-
Single address
. Enter the required address in the Start field.
WAN Users
. These settings determine which packets are covered by the rule, based
on their destination WAN IP address. Select the option that you want:
-
Any
. All IP addresses are covered by this rule.
-
Address range
. If this option is selected, fill in the Start and Finish fields.
-
Single address
. Enter the required address in the Start field.
Log
. You can select to log the traffic:
-
Never
. No log entries are made for this service.
-
Always
. Any traffic for this service type is logged.
-
Match
. Traffic of this type that matches the settings and action is logged.
-
Not match
. Traffic that does not match the settings and action is logged.
Page 48 / 167
48
|
Chapter 4.
Content Filtering Settings
N300 Wireless ADSL2+ Modem Router DGN2200
Set Up Services
Services are functions performed by server computers at the request of client computers. For
example, Web servers serve Web pages, time servers serve time and date information, and
game hosts serve data about other players’ moves. When a computer on the Internet sends a
request for service to a server computer, the requested service is identified by a service or
port number. This number appears as the destination port number in the transmitted IP
packets. For example, a packet that is sent with destination port number 80 is an HTTP (Web
server) request.
The service numbers for many common protocols are defined by the Internet Engineering
Task Force (IETF at
) and published in RFC1700, “Assigned Numbers.”
Service numbers for other applications are typically chosen from the range 1024 to 65535 by
the authors of the application. Although the modem router already holds a list of many service
port numbers, you are not limited to these choices.
To create your own service definitions:
1.
Select
Security > Services
to display the following screen:
2.
To create a new service, click the
Add
button. If you want to change a service, select it and
click
Edit
.
3.
Use the following screen to define or edit a service.
Name
. Enter a meaningful name for the service.
Type
. Select the correct type for this service. If in doubt, select
TCP/UDP
. The options
are TCP, UDP, and TCP/UDP.
Start Port
and
Finish Port
. If a port range is required, enter the range here. If a single
port is required, enter the same value in both fields.
4.
Click
Apply
to save your changes.
Page 49 / 167
Chapter 4.
Content Filtering Settings
|
49
N300 Wireless ADSL2+ Modem Router DGN2200
Set the Time Zone
The modem router uses the Network Time Protocol (NTP) to obtain the current time and date
from one of several network time servers on the Internet.
1.
Select
Security > Schedule
.
2.
Select your time zone. This setting determines the blocking schedule and time-stamping of
log entries.
3.
If your time zone is in daylight savings time, select the
Adjust for daylight savings time
check box to add one hour to standard time.
Note:
If your region uses daylight savings time, select
Adjust for daylight
savings time
on the first day and clear it after the last day.
4.
Click
Apply
to save your settings.
Page 50 / 167
50
|
Chapter 4.
Content Filtering Settings
N300 Wireless ADSL2+ Modem Router DGN2200
Schedule Services
If you enabled service blocking in the Block Services screen or port forwarding in the Ports
screen, you can set up a schedule for when blocking occurs or when access is not restricted.
1.
Select
Security > Schedule
.
2.
To block Internet services based on a schedule, select
Every Day
or select one or more
days.
3.
If you want to limit access completely for the selected days, select
All Day
. Otherwise, to
limit access during certain times for the selected days, enter times in the Start Blocking and
End Blocking fields.
Note:
Enter the values in 24-hour time format. For example, 10:30 a.m. would
be 10
hours and 30 minutes, and 10:30 p.m. would be 22 hours and 30
minutes. If you set the start time after the end time, the schedule is effective
through midnight the next day.
4.
Click
Apply
to save your settings.

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top