1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS338
    5. /
  5. 15
Page 71 / 178 Scroll up to view Page 66 - 70
FVS338 ProSafe VPN Firewall 50 Reference Manual
Firewall Protection and Content Filtering
4-13
v1.0, September 2006
Allowing Videoconference from Restricted Addresses
If you want to allow incoming videoconferencing to be initiated from a restricted range of outside
IP addresses, such as from a branch office, you can create an inbound rule. In the example shown
to the right, CU-SeeMe connections are allowed only from a specified range of external IP
addresses.
Setting Up One-to-One NAT Mapping
In this example, we will configure multi-NAT to support multiple public IP addresses on one WAN
interface.
By creating an inbound rule, we will configure the firewall to host an additional public
IP address and associate this address with a Web server on the LAN.
To configure the FVS338 for additional IP addresses:
1.
Select
Security
from the main menu and
Firewall Rules
from the submenu.
2.
Click
Add
under the
Inbound Services
table. The
Add LAN WAN Inbound Service
screen
will display.
Figure 4-7
Tip:
If your ISP allows you to have more than one public IP address for your use, you
can use the additional public IP addresses to map to servers on your LAN. One of
these public IP addresses will be used as the primary IP address of the router. This
address will be used to provide Internet access to your LAN PCs through NAT. The
other addresses are available to map to your servers.
Page 72 / 178
FVS338 ProSafe VPN Firewall 50 Reference Manual
4-14
Firewall Protection and Content Filtering
v1.0, September 2006
3.
From the service pull-down menu, select the HTTP service for a Web server.
4.
From the Action pull-down menu, select Allow Always.
5.
In the Send to LAN Server field, enter the local IP address of your Web server PC.
6.
From the Public Destination IP Address pull down menu, choose Other Public IP Address.
7.
Enter one of your public Internet addresses that will be used by clients on the Internet to reach
your Web server.
8.
Click
Apply.
The rule will display in the Inbound Services table shown in
Figure 4-9
.
Your rule will now appear in the Inbound Services table of the Rules menu (see
Figure 4-9
). This
rule is different from a normal inbound port forwarding rule in that the Destination box contains an
IP Address other than your normal WAN IP Address.
Figure 4-8
Page 73 / 178
FVS338 ProSafe VPN Firewall 50 Reference Manual
Firewall Protection and Content Filtering
4-15
v1.0, September 2006
.
To test the connection from a PC on the Internet, type
http://
<IP_address>
, where
<IP_address>
is the public IP address you have mapped to your Web server. You should see the home page of
your Web server.
Specifying an Exposed Host
Specifying an exposed host allows you to set up a computer or server that is available to anyone on
the Internet for services that you have not yet defined.
To expose one of the PCs on your LAN as this host:
1.
Create an inbound rule that allows all protocols.
2.
Place the rule below all other inbound rules.
Figure 4-9
Note:
For security, NETGEAR strongly recommends that you avoid creating an exposed
host. When a computer is designated as the exposed host, it loses much of the
protection of the firewall and is exposed to many exploits from the Internet. If
compromised, the computer can be used to attack your network.
Page 74 / 178
FVS338 ProSafe VPN Firewall 50 Reference Manual
4-16
Firewall Protection and Content Filtering
v1.0, September 2006
Outbound Rules Example – Blocking Instant Messenger
Outbound rules let you prevent users from using applications such as AOL Instant Messenger,
Real Audio or other non-essential sites.
If you want to block AOL Instant Messenger usage by employees during working hours, you can
create an outbound rule to block that application from any internal IP address to any external
address according to the schedule that you have created in the Schedule menu. You can also have
the firewall log any attempt to use Instant Messenger during that blocked period.
Figure 4-10
1. Select All protocols and ALLOW Always (or Allow by Schedule)
2. Place rule below all other inbound rules
Page 75 / 178
FVS338 ProSafe VPN Firewall 50 Reference Manual
Firewall Protection and Content Filtering
4-17
v1.0, September 2006
.
Adding Customized Services
Services are functions performed by server computers at the request of client computers. You can
configure up to 125 custom services.
For example, Web servers serve Web pages, time servers serve time and date information, and
game hosts serve data about other players’ moves. When a computer on the Internet sends a
request for service to a server computer, the requested service is identified by a service or port
number. This number appears as the destination port number in the transmitted IP packets. For
example, a packet that is sent with destination port number 80 is an HTTP (Web server) request.
The service numbers for many common protocols are defined by the Internet Engineering Task
Force (IETF) and published in RFC1700, “Assigned Internet Protocol Numbers.” Service numbers
for other applications are typically chosen from the range 1024 to 65535 by the authors of the
application.
Although the FVS338 already holds a list of many service port numbers, you are not limited to
these choices. Use the Services menu to add additional services and applications to the list for use
in defining firewall rules. The Services menu shows a list of services that you have defined, as
shown in
Figure 4-12
.
To define a new service, first you must determine which port number or range of numbers is used
by the application. This information can usually be determined by contacting the publisher of the
application or from user groups of newsgroups. When you have the port number information, you
can enter it on the Services screen.
Figure 4-11

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top