Chapter 3.

Security Settings

|

41

N300 Wireless Dual Band ADSL2+ Modem Router DGND3300v2 User Manual

4.

Click

Apply

to have your changes take effect.

The new rule will be listed in the table when you return to the Firewall Rules screen.

Port Forwarding

Using the port forwarding feature, you can allow certain types of incoming traffic to reach

servers on your local network. For example, you might make a local Web server, FTP server,

or game server visible and available to the Internet.

Use the Port Forwarding screen to configure the N300 wireless modem router to forward

specific incoming protocols to computers on your local network. In addition to servers for

specific applications, you can also specify a default DMZ server to which all other incoming

protocols are forwarded. The DMZ server is configured in the WAN Setup screen, as

discussed in

Configuring the WAN Setup Options

on page

117.”

Before starting, you need to determine which type of service, application, or game you will

provide, and the local IP address of the computer that will provide the service. Be sure the

computer’s IP address never changes.

Select

Security > Port Forwarding

in the main menu. The Port Forwarding screen displays:

Figure 22.

WAN Servers

These settings determine which Internet locations are covered by the rule, based on their

destination (WAN) IP address. Select the option you want:

•

Any

. All local IP addresses are covered by this rule.

•

Address range

. If this option is selected, you must fill in the Start and Finish fields.

•

Single address

. Enter the required address in the Start fields.

Log

This determines whether packets covered by this rule are logged. Select the action you

want:

•

Always

. Always log traffic considered by this rule, whether it matches or not. This is

useful when debugging your rules.

•

Never

. Never log traffic considered by this rule, whether it matches or not.

•

Match

. Log traffic only if matches this rule. (The action is determined by this rule.)

•

Not Match

. Log traffic that is considered by this rule, but does not match. (The action is

not

determined by this rule.)

Field

Outbound Rules

Inbound Rules

Downloaded from

www.Manualslib.com

manuals search engine

42

|

Chapter 3.

Security Settings

N300 Wireless Dual Band ADSL2+ Modem Router DGND3300v2 User Manual

You can add a pre-set port forwarding rule or a custom rule.

Adding a Pre-set Port Forwarding Rule

1.

From the Port Forwarding screen, click

Add

to display the following screen:

Figure 23.

2.

In the Service Name

list, select the rule.

3.

Fill in the Server IP Address field, and then click

Apply

.

Adding a Custom Port Forwarding Rule

1.

From the Port Forwarding screen, click

Add.

2.

Select the

Custom Rule

radio button, and the screen changes:

Figure 24.

3.

In the Service Name field, enter a name.

4.

In the Service Type list, select the protocol. If you are unsure, select

TCP/UDP

.

5.

Fill in the Starting Port and Ending Port fields.

6.

In the Server IP Address field, enter the IP address of your local computer that will provide

this service.

Downloaded from

www.Manualslib.com

manuals search engine

Chapter 3.

Security Settings

|

43

N300 Wireless Dual Band ADSL2+ Modem Router DGND3300v2 User Manual

7.

Click

Apply

. The service appears in the list.

Port Triggering

Port triggering is an advanced feature that can be used to easily enable gaming and other

Internet applications that would otherwise be blocked by the firewall. Using this feature

requires that you know the port numbers that are used by the application.

Note:

For information about port forwarding and port blocking, see

Firewall Rules

on page

38.

Once configured, port triggering operates as follows:

1.

A PC makes an outgoing connection using a port number defined in the Port Triggering

table.

2.

The N300 wireless modem router records this connection, opens the incoming port or ports

associated with this entry in the Port Triggering List, and associates them with the PC.

3.

The remote system receives the PC’s request, and responds using a different port number.

4.

The N300 wireless modem router matches the response to the previous request, and

forwards the response to the PC. (Without port triggering, this response would be treated as

a new connection request rather than a response. As such, it would be handled in

accordance with the port forwarding rules.)

Note:

Only one PC can use a port triggering application at any time. After

a PC has finished using a port triggering application, there is a short

time-out period before the application can be used by another PC.

To configure port triggering:

1.

In the main menu, select

Security > Port Triggering

. The Port Triggering screen

displays.

Downloaded from

www.Manualslib.com

manuals search engine

44

|

Chapter 3.

Security Settings

N300 Wireless Dual Band ADSL2+ Modem Router DGND3300v2 User Manual

Figure 25.

2.

Specify the information for port triggering:

•

Service Name

. Enter a name for the rule, up to 30 characters.

•

Service User

. The PC on the LAN that can use the port triggering rule to create a

dynamic inbound mapping to it. There are 2 options:

-

The port triggering rule is applied to all PCs on the LAN. That is, any PC on the

LAN can use the rule and make the router to open a dynamic mapping to it.

-

The port triggering rule is applied only to the user-specified PC on the LAN.

•

Service Type

. Defines whether the traffic is TCP or UDP.

•

Triggering Port

. The destination port number of the traffic. That is, when there is a

packet from a LAN PC that the rule is applied to, with the specified service type and

destined to the specified triggering port, the router creates a rule for dynamic mapping

to the LAN PC.

•

Required Inbound Connection

. This defines what the dynamic mapping is. The

connection type defines whether the dynamic mapping is for TCP traffic, UDP traffic,

or TCP and UDP traffic. The open port range is specified by the starting port and the

ending port, and this defines the port that the dynamic mapping is applied to.

3.

Click

Apply

to save your settings and activate the port triggers that you have enabled.

Blocking Access to Internet Services

The N300 wireless modem router allows you to block the use of certain Internet services by

computers on your network. This is called service blocking or port filtering. Services are

functions performed by server computers at the request of client computers. For example,

Web servers serve Web pages, time servers serve time and date information, and game

hosts serve data about other players’ moves. When a computer on your network sends a

request for service to a server computer on the Internet, the requested service is identified by

a service or port number. This number appears as the destination port number in the

transmitted IP packets. For example, a packet that is sent with destination port number 80 is

an HTTP (Web server) request.

Downloaded from

www.Manualslib.com

manuals search engine

Chapter 3.

Security Settings

|

45

N300 Wireless Dual Band ADSL2+ Modem Router DGND3300v2 User Manual

To block access to Internet services:

1.

From the main menu, select

Security > Services

. The Services screen displays.

Figure 26.

2.

To add a service, click

Add Custom Service

. The following screen displays.

Figure 27.

3.

Enter a name for the service.

4.

From the Service Type drop-down list, select the application or service to be allowed or

blocked. If you know that the application uses either TCP or UDP, select the appropriate

protocol. If you are not sure, select

Both

.

5.

You can block the specified service for a single computer, a range of computers with

consecutive IP addresses, or all computers on your network. Enter the starting port and

ending port numbers. If the application uses a single port number, enter that number in both

fields.

You must determine which port number or range of numbers is used by the application.

The service port numbers for many common protocols are defined by the Internet

Engineering Task Force (IETF) and published in RFC1700, “Assigned Numbers.” Service

numbers for other applications are typically chosen from the range 1024 to 65535 by the

authors of the application. You can often determine port number information by contacting

the publisher of the application, by asking user groups or newsgroups, or by searching.

6.

Click

Apply

so that your changes take effect.

Scheduling Blocking

To schedule blocking:

1.

From the main menu, select

Security > Schedule

. The Schedule screen displays.

Downloaded from

www.Manualslib.com

manuals search engine