1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS124G
    5. /
  5. 18
Page 86 / 238 Scroll up to view Page 81 - 85
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
6-10
Firewall Protection and Content Filtering
202-10085-01, March 2005
5.
Select Action "ALLOW always".
6.
For Send to LAN Server, enter the local IP address of your web server PC.
7.
For Public Destination IP Address, choose "Other Public IP Address."
8.
Enter one of your public Internet addresses that will be used by clients on the Internet to reach
your web server.
9.
Click Apply.
Your rule will now appear in the Inbound Services table of the Rules menu (see
Figure 6-6
). This
rule is different from a normal inbound port forwarding rule in that the Destination box contains an
IP Address other than your normal WAN IP Address.
Figure 6-6:
Rule example: one-to-one NAT mapping on inbound services
Page 87 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
Firewall Protection and Content Filtering
6-11
202-10085-01, March 2005
To test the connection from a PC on the Internet, type
http://
<IP_address>
, where
<IP_address>
is the public IP address you have mapped to your web server. You should see the home page of
your web server.
Inbound Rule Example: Exposed Host
Specifying an exposed host allows you to set up a computer or server that is available to anyone on
the Internet for services that you haven't defined. To expose one of the PCs on your LAN as this
host, do the following (see
Figure 6-7
):
1.
Create an inbound rule that allows all protocols.
2.
Place the rule below all other inbound rules.
Note:
For security, NETGEAR strongly recommends that you avoid creating an exposed host.
When a computer is designated as the exposed host, it loses much of the protection of the firewall
and is exposed to many exploits from the Internet. If compromised, the computer can be used to
attack your network.
Figure 6-7:
Rule example: exposed host
1. Select All protocols and ALLOW Always (or Allow by Schedule)
2. Place rule below all other inbound rules
Page 88 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
6-12
Firewall Protection and Content Filtering
202-10085-01, March 2005
Considerations for Inbound Rules
If your external IP address is assigned dynamically by your ISP, the IP address may change
periodically as the DHCP lease expires. Consider using the Dyamic DNS feature in the
Advanced menus so that external users can always find your network.
If the IP address of the local server PC is assigned by DHCP, it may change when the PC is
rebooted. To avoid this, use the Reserved IP address feature in the LAN IP menu to keep the
PC’s IP address constant.
Local PCs must access the local server using the PCs’ local LAN address (192.168.0.99 in this
example). Attempts by local PCs to access the server using the external WAN IP address will
fail.
Outbound Rules (Service Blocking)
The FVS124G allows you to block the use of certain Internet services by PCs on your network.
This is called service blocking or port filtering.
Figure 6-8:
Add Outbound Service Rules screen
Page 89 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
Firewall Protection and Content Filtering
6-13
202-10085-01, March 2005
Note:
See
“Source MAC Filtering” on page 6-27
for yet another way to block outbound
traffic from selected PCs that would otherwise be allowed by the firewall.
Table 6-1.
Outbound Services
Item
Description
Services
Select the desired Service or application to be covered by this rule. If the desired
service or application does not appear in the list, you must define it using the
Services menu (see
“Customized Services” on page 6-16
).
Action
Select the desired action for outgoing connections covered by this rule:
BLOCK always
BLOCK by schedule, otherwise Allow
ALLOW always
ALLOW by schedule, otherwise Block
Note
: Any outbound traffic which is not blocked by rules you create will be allowed by
the Default rule.
ALLOW rules are only useful if the traffic is already covered by a BLOCK rule. That
is, you wish to allow a subset of traffic that is currently blocked by another rule.
Select Schedule
Select the desired time schedule (i.e., Schedule1, Schedule2, or Schedule3) that will
be used by this rule.
This drop down menu gets activated only when "BLOCK by schedule, otherwise
Allow" or "ALLOW by schedule, otherwise Block" is selected as Action.
Use schedule page to configure the time schedules (see
“Using a Schedule to
Block or Allow Specific Traffic” on page 6-22
).
LAN users
These settings determine which computers on your network are affected by this rule.
Select the desired options:
Any - All PCs and devices on your LAN.
Single address - Enter the required address and the rule will be applied to that
particular PC.
Address range - If this option is selected, you must enter the start and finish fields.
Groups- Select the Group you wish this rule to apply to. You can use the Network
Database screen to assign PCs to Groups. See
“Managing Groups and Hosts” on
page 6-20
.
WAN Users
These settings determine which Internet locations are covered by the rule, based on
their IP address. Select the desired option:
Any - All Internet IP address are covered by this rule.
Single address - Enter the required address in the start fields.
Address range - If this option is selected, you must enter the start and finish fields.
Page 90 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
6-14
Firewall Protection and Content Filtering
202-10085-01, March 2005
QoS Priority
This setting determines the priority of a service, which in turn, determines the quality
of that service for the traffic passing through the firewall. By default, the priority
shown is that of the selected service. The user can change it accordingly. If the user
does not make a selection (i.e, leaves it as None), then the native priority of the
service will be applied to the policy. +5 is the highest priority. See
“Quality of Service
(QoS) Priorities” on page 6-18
.
Log
This determines whether packets covered by this rule are logged. Select the desired
action:
Always - always log traffic considered by this rule, whether it matches or not. This is
useful when debugging your rules.
Never - never log traffic considered by this rule, whether it matches or not.
Table 6-1.
Outbound Services
Item
Description

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top