ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual
4-6
Firewall Protection and Content Filtering
v1.0, September 2007
An example of the menu for defining or editing a rule is shown in
Figure 4-3
. The parameters are:
•
Service
. From this list, select the application or service to be allowed or blocked. The list
already displays many common services, but you are not limited to these choices. Use the
Services menu to add any additional services or applications that do not already appear.
•
Action
. Choose how you would like this type of traffic to be handled. You can block or allow
always, or you can choose to block or allow according to the schedule you have defined in the
Schedule menu.
•
Source Address
. Specify traffic originating on the LAN (outbound) or the WAN (inbound),
and choose whether you would like the traffic to be restricted by source IP address. You can
select Any, a Single address, or a Range. If you select a range of addresses, enter the range in
the start and finish boxes. If you select a single address, enter it in the start box.
•
Destination Address
.The Destination Address will be assumed to be from the opposite (LAN
or WAN) of the Source Address. As with the Source Address, you can select Any, a Single
address, or a Range unless NAT is enabled and the destination is the LAN. In that case, you
must enter a Single LAN address in the start box.
•
Log
. You can select whether the traffic will be logged. The choices are:
–
Never — no log entries will be made for this service.
–
Match — traffic of this type that matches the parameters and action will be logged.
Inbound Rules (Port Forwarding)
Because the FVG318 uses Network Address Translation (NAT), your network presents only one
IP address to the Internet, and outside users cannot directly address any of your local computers.
However, by defining an inbound rule you can make a local server (for example, a Web server or
game server) visible and available to the Internet. The rule tells the firewall to direct inbound
traffic for a particular service to one local server based on the destination port number. This is also
known as port forwarding.
Remember that allowing inbound services opens holes in your VPN firewall. Only enable those
ports that are necessary for your network. Following are two application examples of inbound
rules:
Note:
Some residential broadband ISP accounts do not allow you to run any server
processes (such as a Web or FTP server) from your location. Your ISP may
periodically check for servers and may suspend your account if it discovers any
active services at your location. If you are unsure, refer to the Acceptable Use
Policy of your ISP.