1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FWG114P
    5. /
  5. 17
Page 81 / 296 Scroll up to view Page 76 - 80
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
Firewall Protection and Content Filtering
6-3
201-10301-02, May 2005
To delete a keyword or domain, select it from the list, click Delete Keyword, then click Apply.
Keyword application examples:
If the keyword "XXX" is specified, the URL <http://www.badstuff.com/xxx.html> is blocked,
as is the newsgroup alt.pictures.XXX.
If the keyword “.com” is specified, only Web sites with other domain suffixes (such as .edu or
.gov) can be viewed.
If you want to block all Internet browsing access, enter the keyword “.”.
Up to 255 entries are supported in the Keyword list.
To specify a Trusted User, enter that computer’s IP address in the Trusted User box and click
Apply. You may specify one Trusted User, which is a computer that will be exempt from blocking
and logging. Since the Trusted User will be identified by an IP address, you should configure that
computer with a fixed or reserved IP address.
Services and Rules Regulate Inbound and Outbound Traffic
The ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2 firewall lets you
regulate what ports are available to the various TCP/IP protocols. Follow these two steps to
configure inbound or outbound traffic:
1.
Define a Service
2.
Set up an Inbound or Outbound Rule that uses the Service
These steps are discussed below.
Defining a Service
Services are functions performed by server computers at the request of client computers. For
example, Web servers serve Web pages, time servers serve time and date information, and game
hosts serve data about other players’ moves. When a computer on the Internet sends a request for
service to a server computer, the requested service is identified by a service or port number. This
number appears as the destination port number in the transmitted IP packets. For example, a packet
that is sent with destination port number 80 is an HTTP (Web server) request.
Page 82 / 296
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
6-4
Firewall Protection and Content Filtering
201-10301-02, May 2005
The service numbers for many common protocols are defined by the Internet Engineering Task
Force (IETF) and published in RFC1700, “Assigned Numbers.” Service numbers for other
applications are typically chosen from the range 1024 to 65535 by the authors of the application.
Although the FWG114P v2 already holds a list of many service port numbers, you are not limited
to these choices. Use the Services menu to add additional services and applications to the list for
use in defining firewall rules. The Services menu shows a list of services that you have defined.
To define a new service, first you must determine which port number or range of numbers is used
by the application. This information can usually be determined by contacting the publisher of the
application or from user groups of newsgroups. When you have the port number information, go
the Services menu and click on the Add Custom Service button. The Add Services menu will
appear.
To add a service,
1.
Enter a descriptive name for the service so that you will remember what it is.
2.
Select whether the service uses TCP or UDP as its transport protocol.
If you can’t determine which is used, select both.
3.
Enter the lowest port number used by the service.
4.
Enter the highest port number used by the service.
If the service only uses a single port number, enter the same number in both fields.
5.
Click Apply.
The new service will now appear in the Services menu, and in the Service name selection box in
the Rules menu.
Using Inbound/Outbound Rules to Block or Allow Services
Firewall rules are used to block or allow specific traffic passing through from one side of the
wireless firewall/print server to the other. Inbound rules (WAN to LAN) restrict access by
outsiders to private resources, selectively allowing only specific outside users to access specific
resources. Outbound rules (LAN to WAN) determine what outside resources local users can have
access to.
A firewall has two default rules, one for inbound traffic and one for outbound. The default rules of
the FWG114P v2 are:
Inbound: Block all access from outside except responses to requests from the LAN side.
Outbound: Allow all access from the LAN side to the outside.
Page 83 / 296
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
Firewall Protection and Content Filtering
6-5
201-10301-02, May 2005
These default rules are shown in the Rules table of the Rules menu in
Figure 6-2
:
Figure 6-2:
Rules menu
You can define additional rules that will specify exceptions to the default rules. By adding custom
rules, you can block or allow access based on the service or application, source or destination IP
addresses, and time of day. You can also choose to log traffic that matches or does not match the
rule you have defined.
To create a new rule, click the Add button.
To edit an existing rule, select its button on the left side of the table and click Edit.
To delete an existing rule, select its button on the left side of the table and click Delete.
To move an existing rule to a different position in the table, select its button on the left side of the
table and click Move. At the script prompt, enter the number of the desired new position and click
OK.
An example of the menu for defining or editing a rule is shown in
Figure 6-3
. The parameters are:
Page 84 / 296
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
6-6
Firewall Protection and Content Filtering
201-10301-02, May 2005
Service. From this list, select the application or service to be allowed or blocked. The list
already displays many common services, but you are not limited to these choices. Use the
Services menu to add any additional services or applications that do not already appear.
Action. Choose how you would like this type of traffic to be handled. You can block or allow
always, or you can choose to block or allow according to the schedule you have defined in the
Schedule menu.
Source Address. Specify traffic originating on the LAN (outbound) or the WAN (inbound),
and choose whether you would like the traffic to be restricted by source IP address. You can
select Any, a Single address, or a Range. If you select a range of addresses, enter the range in
the start and finish boxes. If you select a single address, enter it in the start box.
Destination Address.The Destination Address will be assumed to be from the opposite (LAN
or WAN) of the Source Address. As with the Source Address, you can select Any, a Single
address, or a Range unless NAT is enabled and the destination is the LAN. In that case, you
must enter a Single LAN address in the start box.
Log. You can select whether the traffic will be logged. The choices are:
Never - no log entries will be made for this service.
Match - traffic of this type which matches the parameters and action will be logged.
Examples of Using Services and Rules to Regulate Traffic
Use the examples to see how you combine Services and Rules to regulate how the TCP/IP
protocols are used on your firewall to enable either blocking or allowing specific Internet traffic on
your wireless firewall/print server.
Inbound Rules (Port Forwarding)
Because the FWG114P v2 uses Network Address Translation (NAT), your network presents only
one IP address to the Internet, and outside users cannot directly address any of your local
computers. However, by defining an inbound rule, also known as port forwarding, you can make a
local server (for example, a Web server or game server) visible and available to the Internet. The
rule tells the router to direct inbound traffic for a particular service to one local server based on the
destination port number. This is also known as port forwarding.
Page 85 / 296
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
Firewall Protection and Content Filtering
6-7
201-10301-02, May 2005
Follow these guidelines when setting up port forwarding inbound rules:
If your external IP address is assigned dynamically by your ISP, the IP address may change
periodically as the DHCP lease expires. Consider using the Dyamic DNS feature in the
Advanced menus so that external users can always find your network.
If the IP address of the local server computer is assigned by DHCP, it may change when the
computer is rebooted. To avoid this, use the Reserved IP address feature in the LAN IP menu
to keep the computer’s IP address constant.
Local computers must access the local server using the local LAN address of the computer.
Attempts by local computers to access the server using the external WAN IP address will fail.
Remember that allowing inbound services opens holes in your FWG114P v2 Wireless Firewall/
Print Server. Only enable those ports that are necessary for your network. Following are two
application examples of inbound rules:
Example: Port Forwarding to a Local Public Web Server
If you host a public Web server on your local network, you can define a rule to allow inbound Web
(HTTP) requests from any outside IP address to the IP address of your Web server any time of day.
Figure 6-3:
Rule example:
A Local Public Web Server
Note:
Some home broadband accounts do not allow you to run any server processes
(such as a Web or FTP server). Your ISP may check for servers and suspend your
account if it discovers active servers at your location. If you are unsure, refer to the
Acceptable Use Policy of your ISP.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top