1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVX538
    5. /
  5. 17
Page 81 / 240 Scroll up to view Page 76 - 80
ProSafe VPN Firewall 200 FVX538 Reference Manual
Firewall Protection and Content Filtering
4-21
v1.0, March 2009
In the example, CU-SeeMe connections are allowed only from a specified range of external IP
addresses.
LAN WAN or DMZ WAN Inbound Rule: Setting Up One-to-One NAT Mapping
In this example, we will configure multi-NAT to support multiple public IP addresses on one WAN
interface.
By creating an inbound rule, we will configure the firewall to host an additional public
IP address and associate this address with a Web server on the LAN.
If you arrange with your ISP to have more than one public IP address for your use, you can use the
additional public IP addresses to map to servers on your LAN or DMZ. One of these public IP
addresses will be used as the primary IP address of the router. This address will be used to provide
Internet access to your LAN PCs through NAT. The other addresses are available to map to your
servers.
The following addressing scheme is used to illustrate this procedure:
Netgear FVX538 ProSafe VPN Firewall
WAN1 IP address: 10.1.0.118
LAN IP address subnet: 192.168.1.1; subnet 255.255.255.0
DMZ IP address subnet: 192.168.10.1; subnet 255.255.255.0
Web server PC on the firewall’s LAN
LAN IP address: 192.168.1.2
DMZ IP Address: 192.168.10.2
Access to Web server is (simulated) public IP address: 10.1.0.52
To configure the FVX538 for additional IP addresses:
1.
Select
Security
from the main menu and
Firewall Rules
from the submenu.
2.
If your server is to be on your LAN, select
LAN WAN Rules.
If your server is to be on your DMZ, select
DMZ WAN Rules
.
3.
Click
Add
under the
Inbound Services
table. The
Add LAN WAN Inbound Service
screen
will display.
Tip:
If you arrange with your ISP to have more than one public IP address for your
use, you can use the additional public IP addresses to map to servers on your
LAN or DMZ. One of these public IP addresses will be used as the primary IP
address of the router which will be used to provide Internet access to your LAN
PCs through NAT. The other addresses are available to map to your servers.
Page 82 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
4-22
Firewall Protection and Content Filtering
v1.0, March 2009
4.
From the Service pull-down menu, select the HTTP service for a Web server.
5.
From the Action pull-down menu, select Allow Always.
6.
In the Send to LAN Server field, enter the local IP address of your Web server PC.
7.
From the Public Destination IP Address pull down menu, choose Other Public IP Address.
8.
Enter one of your public Internet addresses that will be used by clients on the Internet to reach
your Web server.
9.
Click
Apply
.
Figure 4-12
Page 83 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
Firewall Protection and Content Filtering
4-23
v1.0, March 2009
Your rule will now appear in the Inbound Services table of the Rules menu (see
Figure 4-13
). This
rule is different from a normal inbound port forwarding rule in that the Destination box contains an
IP Address other than your normal WAN IP Address.
To test the connection from a PC on the Internet, type
http://
<IP_address>
, where
<IP_address>
is the public IP address you have mapped to your Web server. You should see the home page of
your Web server.
LAN WAN or DMZ WAN Inbound Rule: Specifying an Exposed Host
Specifying an exposed host allows you to set up a computer or server that is available to anyone on
the Internet for services that you have not yet defined.
To expose one of the PCs on your LAN or DMZ as this host:
1.
Create an inbound rule that allows all protocols.
2.
Place the rule below all other inbound rules.
Figure 4-13
Note:
For security, NETGEAR strongly recommends that you avoid creating an exposed
host. When a computer is designated as the exposed host, it loses much of the
protection of the firewall and is exposed to many exploits from the Internet. If
compromised, the computer can be used to attack your network.
Page 84 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
4-24
Firewall Protection and Content Filtering
v1.0, March 2009
Outbound Rules Example
Outbound rules let you prevent users from using applications such as Instant Messenger, Real
Audio or other non-essential sites.
Figure 4-14
1. Select Any and Allow Always (or Allow by Schedule)
2. Place rule below all other inbound rules
Page 85 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
Firewall Protection and Content Filtering
4-25
v1.0, March 2009
LAN WAN Outbound Rule: Blocking Instant Messenger
If you want to block Instant Messenger usage by employees during working hours, you can create
an outbound rule to block that application from any internal IP address to any external address
according to the schedule that you have created in the Schedule menu.
You can also have the firewall log any attempt to use Instant Messenger during that blocked
period.
Adding Customized Services
Services are functions performed by server computers at the request of client computers. You can
configure up to 125 custom services.
For example, Web servers serve Web pages, time servers serve time and date information, and
game hosts serve data about other players’ moves. When a computer on the Internet sends a
request for service to a server computer, the requested service is identified by a service or port
number. This number appears as the destination port number in the transmitted IP packets. For
example, a packet that is sent with destination port number 80 is an HTTP (Web server) request.
The service numbers for many common protocols are defined by the Internet Engineering Task
Force (IETF) and published in RFC1700, “Assigned Numbers.” Service numbers for other
applications are typically chosen from the range 1024 to 65535 by the authors of the application.
Although the FVX538 already holds a list of many service port numbers, you are not limited to
these choices. Use the Services screen to add additional services and applications to the list for use
in defining firewall rules. The Services menu shows a list of services that you have defined, as
shown in
Figure 4-16
.
Figure 4-15

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top