46

|

Chapter 4.

Content Filtering Settings

N300 Wireless ADSL2+ Modem Router DGN2200

•

Log

. You can select whether to log the traffic:

-

Never

. No log entries are made for this service.

-

Always

. Any traffic for this service type is logged.

-

Match

. Traffic of this type that matches the settings and action are logged.

-

Not match

. Traffic of this type that does not match the settings and action are logged.

Inbound Rule Example: Allowing Video Conferencing

Create an inbound rule to allow incoming video conferencing to be initiated from a restricted

range of outside IP addresses, such as from a branch office. In the following figure,

CU-SeeMe connections are allowed from a specified range of external IP addresses only. In

this case, incoming CU-SeeMe requests that do not match the allowed settings are logged.

Figure 11. Inbound video conferencing

Considerations for Inbound Rules

•

If your external IP address is assigned dynamically by your ISP, the IP address might

change periodically as the DHCP lease expires. Consider using the Dynamic DNS screen

described in

Dynamic DNS

on page

75 so that external users can always find your

network.

•

If the IP address of the local server computer is assigned by DHCP, it might change when

the computer is rebooted. To avoid this, use the Reserved IP address feature in the LAN

IP Setup screen to keep the computer’s IP address constant.

•

Local computers must access the local server using the computer’s local LAN address

(192.168.0.11 in the example shown in

Figure

11, Inbound video conferencing

). Attempts

by local computers to access the server using the external WAN IP address fail.

Chapter 4.

Content Filtering Settings

|

47

N300 Wireless ADSL2+ Modem Router DGN2200

Outbound Rules (Service Blocking)

You can block computers on your local network from using certain Internet services. This is

called service blocking or port filtering. You can add an outbound rule to block Internet access

from a local computer based on the computer, Internet site, time of day, and type of service.

1.

Select

Security > Firewall Rules

to display the following screen:

2.

Under Outbound Services, click

Add.

3.

Fill in the fields as follows and click

Apply

to save your settings:

•

Service

. Select the application or service to be allowed or blocked. The list has many

services, but you are not limited to these choices. You can use the

Add Custom

Service

button (see

Set Up Services

on page

48) to add services or applications.

•

Action

. Choose how to handle this type of traffic. You can block or allow always, or

according to the schedule you define. (See

Schedule Services

on page

50.)

•

LAN Users

. These settings determine which packets are covered by the rule, based

on their source LAN IP address. Select the option that you want:

-

Any

. All IP addresses are covered by this rule.

-

Address range

. If this option is selected, fill in the Start and Finish fields.

-

Single address

. Enter the required address in the Start field.

•

WAN Users

. These settings determine which packets are covered by the rule, based

on their destination WAN IP address. Select the option that you want:

-

Any

. All IP addresses are covered by this rule.

-

Address range

. If this option is selected, fill in the Start and Finish fields.

-

Single address

. Enter the required address in the Start field.

•

Log

. You can select to log the traffic:

-

Never

. No log entries are made for this service.

-

Always

. Any traffic for this service type is logged.

-

Match

. Traffic of this type that matches the settings and action is logged.

-

Not match

. Traffic that does not match the settings and action is logged.

48

|

Chapter 4.

Content Filtering Settings

N300 Wireless ADSL2+ Modem Router DGN2200

Set Up Services

Services are functions performed by server computers at the request of client computers. For

example, Web servers serve Web pages, time servers serve time and date information, and

game hosts serve data about other players’ moves. When a computer on the Internet sends a

request for service to a server computer, the requested service is identified by a service or

port number. This number appears as the destination port number in the transmitted IP

packets. For example, a packet that is sent with destination port number 80 is an HTTP (Web

server) request.

The service numbers for many common protocols are defined by the Internet Engineering

Task Force (IETF at

) and published in RFC1700, “Assigned Numbers.”

Service numbers for other applications are typically chosen from the range 1024 to 65535 by

the authors of the application. Although the modem router already holds a list of many service

port numbers, you are not limited to these choices.

To create your own service definitions:

1.

Select

Security > Services

to display the following screen:

2.

To create a new service, click the

Add

button. If you want to change a service, select it and

click

Edit

.

3.

Use the following screen to define or edit a service.

•

Name

. Enter a meaningful name for the service.

•

Type

. Select the correct type for this service. If in doubt, select

TCP/UDP

. The options

are TCP, UDP, and TCP/UDP.

•

Start Port

and

Finish Port

. If a port range is required, enter the range here. If a single

port is required, enter the same value in both fields.

4.

Click

Apply

to save your changes.

Chapter 4.

Content Filtering Settings

|

49

N300 Wireless ADSL2+ Modem Router DGN2200

Set the Time Zone

The modem router uses the Network Time Protocol (NTP) to obtain the current time and date

from one of several network time servers on the Internet.

1.

Select

Security > Schedule

.

2.

Select your time zone. This setting determines the blocking schedule and time-stamping of

log entries.

3.

If your time zone is in daylight savings time, select the

Adjust for daylight savings time

check box to add one hour to standard time.

Note:

If your region uses daylight savings time, select

Adjust for daylight

savings time

on the first day and clear it after the last day.

4.

Click

Apply

to save your settings.

50

|

Chapter 4.

Content Filtering Settings

N300 Wireless ADSL2+ Modem Router DGN2200

Schedule Services

If you enabled service blocking in the Block Services screen or port forwarding in the Ports

screen, you can set up a schedule for when blocking occurs or when access is not restricted.

1.

Select

Security > Schedule

.

2.

To block Internet services based on a schedule, select

Every Day

or select one or more

days.

3.

If you want to limit access completely for the selected days, select

All Day

. Otherwise, to

limit access during certain times for the selected days, enter times in the Start Blocking and

End Blocking fields.

Note:

Enter the values in 24-hour time format. For example, 10:30 a.m. would

be 10

hours and 30 minutes, and 10:30 p.m. would be 22 hours and 30

minutes. If you set the start time after the end time, the schedule is effective

through midnight the next day.

4.

Click

Apply

to save your settings.