1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS124G
    5. /
  5. 17
Page 81 / 238 Scroll up to view Page 76 - 80
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
Firewall Protection and Content Filtering
6-5
202-10085-01, March 2005
Quality of service (QoS) priorities—Each service at its own native priority that impacts its
quality of performance and tolerance for jitter or delays. You can change this QoS priority if
desired to change the traffic mix through the system.
Inbound Rules (Port Forwarding)
Because the FVS124G uses Network Address Translation (NAT), your network presents only one
IP address to the Internet and outside users cannot directly address any of your local computers.
However, by defining an inbound rule you can make a local server (for example, a web server or
game server) visible and available to the Internet. The rule tells the firewall to direct inbound
traffic for a particular service to one local server based on the destination port number. This is also
known as port forwarding.
Figure 6-2:
Add Inbound Service Rules screen
Note:
See
“Port Triggering” on page 6-28
for yet another way to allow certain types of
inbound traffic that would otherwise be blocked by the firewall.
Page 82 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
6-6
Firewall Protection and Content Filtering
202-10085-01, March 2005
Table 6-1.
Inbound Services
Item
Description
Services
Select the desired Service or application to be covered by this rule. If the desired
service or application does not appear in the list, you must define it using the
Services menu (see
“Customized Services” on page 6-16
).
Action
Select the desired action for packets covered by this rule:
BLOCK always
BLOCK by schedule, otherwise Allow
ALLOW always
ALLOW by schedule, otherwise Block
Note
: Any inbound traffic which is not allowed by rules you create will be blocked by
the Default rule.
Select Schedule
Select the desired time schedule (i.e., Schedule1, Schedule2, or Schedule3) that will
be used by this rule.
This drop down menu gets activated only when "BLOCK by schedule, otherwise
Allow" or "ALLOW by schedule, otherwise Block" is selected as Action.
Use schedule page to configure the time schedules.
LAN users
These settings determine which computers on your network are affected by this rule,
based on their IP address. Select the desired IP Address in this field.
WAN Users
These settings determine which Internet locations are covered by the rule, based on
their IP address. Select the desired option:
Any - All Internet IP address are covered by this rule.
Single address - Enter the required address in the start fields.
Address range - If this option is selected, you must enter the start and finish fields.
Destination Address
These settings determine the destination IP address for this rule which will be
applicable to incoming traffic, this rule will be applied only when the destination IP
address of the incoming packet matches the IP address of the WAN interface
selected or Specific IP address entered in this field.Selecting ANY enables the rule
for any IP in destination field.similarly WAN1 and WAN2 corresponds to respective
wan interfaces.
QoS Priority
This setting determines the priority of a service, which in turn, determines the quality
of that service for the traffic passing through the firewall. By default, the priority
shown is that of the selected service. The user can change it accordingly. If the user
does not make a selection (i.e, leaves it as None), then the native priority of the
service will be applied to the policy. +5 is the highest priority. See
“Quality of Service
(QoS) Priorities” on page 6-18
.
Log
This determines whether packets covered by this rule are logged. Select the desired
action:
Always - always log traffic considered by this rule, whether it matches or not. This is
useful when debugging your rules.
Never - never log traffic considered by this rule, whether it matches or not.
Page 83 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
Firewall Protection and Content Filtering
6-7
202-10085-01, March 2005
Remember that allowing inbound services opens holes in your FVS124G VPN Firewall. Only
enable those ports that are necessary for your network.
Inbound Rule Example: A Local Public Web Server
If you host a public web server on your local network, you can define a rule to allow inbound web
(HTTP) requests from any outside IP address to the IP address of your web server at any time of
day. This rule is shown in
Figure 6-3
:
Figure 6-3:
Rule example:
a local public web server
Note:
Some residential broadband ISP accounts do not allow you to run any server
processes (such as a Web or FTP server) from your location. Your ISP may periodically
check for servers and may suspend your account if it discovers any active services at
your location. If you are unsure, refer to the Acceptable Use Policy of your ISP.
Page 84 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
6-8
Firewall Protection and Content Filtering
202-10085-01, March 2005
Inbound Rule Example: Allowing Videoconference from Restricted Addresses
If you want to allow incoming videoconferencing to be initiated from a restricted range of outside
IP addresses, such as from a branch office, you can create an inbound rule. In the example shown
in
Figure 6-4
, CU-SeeMe connections are allowed only from a specified range of external IP
addresses.
Figure 6-4:
Rule example: videoconference from restricted addresses
Inbound Rule Example: One-to-One NAT Mapping
This application note describes how to configure multi-NAT to support multiple public IP
addresses on one WAN interface of a NETGEAR FVS124G ProSafe VPN Firewall 25 with 4
Gigabit LAN and Dual WAN Ports.
By creating an inbound rule, we will configure the firewall to
host an additional public IP addresses and associate this address with a web server on the LAN.
This procedure was developed and tested using:
Netgear FVS124G VPN Firewall with version 1.0 firmware
WAN1 IP address is
10.1.0.118
Page 85 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
Firewall Protection and Content Filtering
6-9
202-10085-01, March 2005
LAN IP address subnet is
192.168.1.1
255.255.255.0
Web server PC on the firewall's LAN
LAN IP address is
192.168.1.2
Access to Web server is (simulated) public IP address
10.1.0.52
IP Address Requirements—If you arrange with your ISP to have more than one public IP address
for your use, you can use the additional public IP addresses to map to servers on your LAN. One of
these public IP addresses will be used as the primary IP address of the router. This address will be
used to provide Internet access to your LAN PCs through NAT. The other addresses are available
to map to your servers.
To configure the FVS124G for additional IP addresses:
1.
Go to the Rules menu.
2.
If your server is to be on your LAN, select "LAN-WAN".
3.
Click the Add button to create an Inbound Services rule.
4.
In the Add/Edit menu (see
Figure 6-5
), select the HTTP service for a web server.
Figure 6-5:
Rule example: one-to-one NAT mapping

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top