Page 41 / 177 Scroll up to view Page 36 - 40
Chapter 3.
Security Settings
|
41
N300 Wireless Dual Band ADSL2+ Modem Router DGND3300v2 User Manual
4.
Click
Apply
to have your changes take effect.
The new rule will be listed in the table when you return to the Firewall Rules screen.
Port Forwarding
Using the port forwarding feature, you can allow certain types of incoming traffic to reach
servers on your local network. For example, you might make a local Web server, FTP server,
or game server visible and available to the Internet.
Use the Port Forwarding screen to configure the N300 wireless modem router to forward
specific incoming protocols to computers on your local network. In addition to servers for
specific applications, you can also specify a default DMZ server to which all other incoming
protocols are forwarded. The DMZ server is configured in the WAN Setup screen, as
discussed in
Configuring the WAN Setup Options
on page
117.”
Before starting, you need to determine which type of service, application, or game you will
provide, and the local IP address of the computer that will provide the service. Be sure the
computer’s IP address never changes.
Select
Security > Port Forwarding
in the main menu. The Port Forwarding screen displays:
Figure 22.
WAN Servers
These settings determine which Internet locations are covered by the rule, based on their
destination (WAN) IP address. Select the option you want:
Any
. All local IP addresses are covered by this rule.
Address range
. If this option is selected, you must fill in the Start and Finish fields.
Single address
. Enter the required address in the Start fields.
Log
This determines whether packets covered by this rule are logged. Select the action you
want:
Always
. Always log traffic considered by this rule, whether it matches or not. This is
useful when debugging your rules.
Never
. Never log traffic considered by this rule, whether it matches or not.
Match
. Log traffic only if matches this rule. (The action is determined by this rule.)
Not Match
. Log traffic that is considered by this rule, but does not match. (The action is
not
determined by this rule.)
Field
Outbound Rules
Inbound Rules
Downloaded from
www.Manualslib.com
manuals search engine
Page 42 / 177
42
|
Chapter 3.
Security Settings
N300 Wireless Dual Band ADSL2+ Modem Router DGND3300v2 User Manual
You can add a pre-set port forwarding rule or a custom rule.
Adding a Pre-set Port Forwarding Rule
1.
From the Port Forwarding screen, click
Add
to display the following screen:
Figure 23.
2.
In the Service Name
list, select the rule.
3.
Fill in the Server IP Address field, and then click
Apply
.
Adding a Custom Port Forwarding Rule
1.
From the Port Forwarding screen, click
Add.
2.
Select the
Custom Rule
radio button, and the screen changes:
Figure 24.
3.
In the Service Name field, enter a name.
4.
In the Service Type list, select the protocol. If you are unsure, select
TCP/UDP
.
5.
Fill in the Starting Port and Ending Port fields.
6.
In the Server IP Address field, enter the IP address of your local computer that will provide
this service.
Downloaded from
www.Manualslib.com
manuals search engine
Page 43 / 177
Chapter 3.
Security Settings
|
43
N300 Wireless Dual Band ADSL2+ Modem Router DGND3300v2 User Manual
7.
Click
Apply
. The service appears in the list.
Port Triggering
Port triggering is an advanced feature that can be used to easily enable gaming and other
Internet applications that would otherwise be blocked by the firewall. Using this feature
requires that you know the port numbers that are used by the application.
Note:
For information about port forwarding and port blocking, see
Firewall Rules
on page
38.
Once configured, port triggering operates as follows:
1.
A PC makes an outgoing connection using a port number defined in the Port Triggering
table.
2.
The N300 wireless modem router records this connection, opens the incoming port or ports
associated with this entry in the Port Triggering List, and associates them with the PC.
3.
The remote system receives the PC’s request, and responds using a different port number.
4.
The N300 wireless modem router matches the response to the previous request, and
forwards the response to the PC. (Without port triggering, this response would be treated as
a new connection request rather than a response. As such, it would be handled in
accordance with the port forwarding rules.)
Note:
Only one PC can use a port triggering application at any time. After
a PC has finished using a port triggering application, there is a short
time-out period before the application can be used by another PC.
To configure port triggering:
1.
In the main menu, select
Security > Port Triggering
. The Port Triggering screen
displays.
Downloaded from
www.Manualslib.com
manuals search engine
Page 44 / 177
44
|
Chapter 3.
Security Settings
N300 Wireless Dual Band ADSL2+ Modem Router DGND3300v2 User Manual
Figure 25.
2.
Specify the information for port triggering:
Service Name
. Enter a name for the rule, up to 30 characters.
Service User
. The PC on the LAN that can use the port triggering rule to create a
dynamic inbound mapping to it. There are 2 options:
-
The port triggering rule is applied to all PCs on the LAN. That is, any PC on the
LAN can use the rule and make the router to open a dynamic mapping to it.
-
The port triggering rule is applied only to the user-specified PC on the LAN.
Service Type
. Defines whether the traffic is TCP or UDP.
Triggering Port
. The destination port number of the traffic. That is, when there is a
packet from a LAN PC that the rule is applied to, with the specified service type and
destined to the specified triggering port, the router creates a rule for dynamic mapping
to the LAN PC.
Required Inbound Connection
. This defines what the dynamic mapping is. The
connection type defines whether the dynamic mapping is for TCP traffic, UDP traffic,
or TCP and UDP traffic. The open port range is specified by the starting port and the
ending port, and this defines the port that the dynamic mapping is applied to.
3.
Click
Apply
to save your settings and activate the port triggers that you have enabled.
Blocking Access to Internet Services
The N300 wireless modem router allows you to block the use of certain Internet services by
computers on your network. This is called service blocking or port filtering. Services are
functions performed by server computers at the request of client computers. For example,
Web servers serve Web pages, time servers serve time and date information, and game
hosts serve data about other players’ moves. When a computer on your network sends a
request for service to a server computer on the Internet, the requested service is identified by
a service or port number. This number appears as the destination port number in the
transmitted IP packets. For example, a packet that is sent with destination port number 80 is
an HTTP (Web server) request.
Downloaded from
www.Manualslib.com
manuals search engine
Page 45 / 177
Chapter 3.
Security Settings
|
45
N300 Wireless Dual Band ADSL2+ Modem Router DGND3300v2 User Manual
To block access to Internet services:
1.
From the main menu, select
Security > Services
. The Services screen displays.
Figure 26.
2.
To add a service, click
Add Custom Service
. The following screen displays.
Figure 27.
3.
Enter a name for the service.
4.
From the Service Type drop-down list, select the application or service to be allowed or
blocked. If you know that the application uses either TCP or UDP, select the appropriate
protocol. If you are not sure, select
Both
.
5.
You can block the specified service for a single computer, a range of computers with
consecutive IP addresses, or all computers on your network. Enter the starting port and
ending port numbers. If the application uses a single port number, enter that number in both
fields.
You must determine which port number or range of numbers is used by the application.
The service port numbers for many common protocols are defined by the Internet
Engineering Task Force (IETF) and published in RFC1700, “Assigned Numbers.” Service
numbers for other applications are typically chosen from the range 1024 to 65535 by the
authors of the application. You can often determine port number information by contacting
the publisher of the application, by asking user groups or newsgroups, or by searching.
6.
Click
Apply
so that your changes take effect.
Scheduling Blocking
To schedule blocking:
1.
From the main menu, select
Security > Schedule
. The Schedule screen displays.
Downloaded from
www.Manualslib.com
manuals search engine

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top