1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS318N
    5. /
  5. 32
Page 156 / 414 Scroll up to view Page 151 - 155
Firewall Protection
156
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Figure 79.
IPv4 LAN WAN Inbound Rule: Allow a Videoconference from Restricted
Addresses
If you want to allow incoming videoconferencing to be initiated from a restricted range of
outside IP addresses, such as from a branch office, you can create an inbound rule (see the
following figure). In the example, CU-SeeMe connections are allowed only from a specified
range of external IP addresses.
Page 157 / 414
Firewall Protection
157
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Figure 80.
IPv4 LAN WAN or IPv4 DMZ WAN Inbound Rule: Set Up One-to-One NAT
Mapping
In this example, multi-NAT is configured to support multiple public IP addresses on one WAN
interface. An inbound rule configures the wireless VPN firewall to host an additional public IP
address and associate this address with a web server on the LAN.
The following addressing scheme is used to illustrate this procedure:
NETGEAR wireless VPN firewall:
-
WAN IP address. 10.1.0.118
-
LAN IP address subnet. 192.168.1.1 with subnet 255.255.255.0
-
DMZ IP address subnet. 192.168.10.1 with subnet 255.255.255.0
Web server computer on the wireless VPN firewall’s LAN:
-
LAN IP address. 192.168.1.2
-
DMZ IP address. 192.168.10.2
-
Access to web server is (simulated) public IP address. 10.1.0.52
Page 158 / 414
Firewall Protection
158
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Tip:
If you arrange with your ISP to have more than one public IP address for
your use, you can use the additional public IP addresses to map to
servers on your LAN or DMZ. One of these public IP addresses is used
as the primary IP address of the router that provides Internet access to
your LAN computers through NAT. The other addresses are available to
map to your servers.
To configure the wireless VPN firewall for additional IP addresses:
1.
Select
Security > Firewall
. The Firewall submenu tabs display.
2.
If your server is to be on your LAN, click the
LAN WAN Rules
submenu tab. (This is the
screen used in this example). If your server is to be on your DMZ, click the
DMZ WAN
Rules
submenu tab.
3.
Click the
Add
table button under the Inbound Services table. The Add LAN WAN Inbound
Service screen displays:
Figure 81.
4.
From the Service drop-down list, select
HTTP
for a web server.
5.
From the Action drop-down list, select
ALLOW Always
.
Page 159 / 414
Firewall Protection
159
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
6.
In the Send to LAN Server field, enter the local IP address of your web server computer
(192.168.1.2 in this example).
7.
In the WAN Destination IP Address fields, enter
10.1.0.52
.
8.
Click
Apply
to save your settings. The rule is now added to the Inbound Services table of
the LAN WAN Rules screen.
To test the connection from a computer on the Internet, type
http://
<IP_address>
, in which
<IP_address>
is the public IP address that you have mapped to your web server in
Step 7
.
You should see the home page of your web server.
IPv4 LAN WAN or IPv4 DMZ WAN Inbound Rule: Specifying an Exposed Host
Specifying an exposed host allows you to set up a computer or server that is available to
anyone on the Internet for services that you have not yet defined.
WARNING:
Do not set up an exposed host from a remote connection because
you will very likely lock yourself out from the wireless VPN
firewall.
To expose one of the computers on your LAN or DMZ as this host:
1.
Create an inbound rule that allows all protocols.
2.
Place the rule below all other inbound rules.
See an example in the following figure. (The inbound rule that allows all protocols is disabled
in this figure.)
Figure 82.
1. Select Any and Allow Always (or Allow by Schedule).
2. Place the rule below all other inbound rules. (The rule is disabled in this example.)
Page 160 / 414
Firewall Protection
160
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
WARNING:
For security, NETGEAR strongly recommends that you avoid
creating an exposed host. When a computer is designated as the
exposed host, it loses much of the protection of the firewall and is
exposed to many exploits from the Internet. If compromised, the
computer can be used to attack your network.
IPv6 LAN WAN Inbound Rule: Restrict RTelnet from a Single WAN User to a
Single LAN User
If you want to restrict incoming RTelnet sessions from a single IPv6 WAN user to a single
IPv6 LAN user, specify the initiating IPv6 WAN address and the receiving IPv6 LAN address.
See an example in the following figure.
Figure 83.
Examples of Outbound Firewall Rules
Outbound rules let you prevent users from using applications such as Instant Messenger,
Real Audio, or other nonessential sites.
IPv4 LAN WAN Outbound Rule: Block Instant Messenger
If you want to block Instant Messenger usage by employees during working hours, you can
create an outbound rule to block such an application from any internal IP address to any
external address according to the schedule that you have created on the Schedule screen.
The schedule should specify working hours.

Rate

4.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top