36

4

4.

Security Settings

This chapter contains the following sections:

•

Firewall Rules to Control Network Access

•

Set Up Site Blocking

•

Set Up Service Blocking

•

Set the Time Zone

•

Schedule Services

•

Set Up Email Alerts

•

Set Up Port Forwarding to Local Servers

•

Set Up Port Triggering

Security Settings

37

N150 WiFi Router (N150R)

Firewall Rules to Control Network Access

Your router has a firewall that blocks unauthorized access to your wireless network and

permits authorized inbound and outbound communications. Authorized communications are

established according to inbound and outbound rules. The firewall has the following two

default rules. You can create custom rules to further restrict the outbound communications or

more widely open the inbound communications:

•

Inbound

. Block all access from outside except responses to requests from the LAN side.

•

Outbound

. Allow all access from the LAN side to the outside.

Inbound Rules (Port Forwarding)

Because the router uses Network Address Translation (NAT), your network presents only

one IP address to the Internet, and outside users cannot directly address any of your local

computers. However, by defining an inbound rule you can make a local server (for example,

a Web server or game server) visible and available to the Internet.

The rule tells the router to direct inbound traffic for a particular service to one local server

based on the destination port number. This is also known as port forwarding. Allowing

inbound services opens holes in your firewall. Enable only those ports that are necessary for

your network. The following are two examples of inbound rules.

Note:

Some residential broadband ISP accounts do not let you run server

processes (such as a Web or FTP server) from your location. Your

ISP might periodically check for servers and suspend your account

if it discovers any active services at your location. If you are unsure,

refer to the acceptable use policy of your ISP.

Outbound Rules (Service Blocking)

You can block computers on your local network from using certain Internet services. This is

called service blocking or port filtering. You can add an outbound rule to block Internet

access from a local computer based on the computer, Internet site, time of day, and type of

service.

Security Settings

38

N150 WiFi Router (N150R)

Set Up Site Blocking

Use keyword blocking to prevent certain types of HTTP traffic from accessing your network.

The blocking can be always or according to a scheduled.



To block traffic:

1.

Select

Security >

Site Blocking

.

2.

Select one of the keyword blocking options:

•

Per Schedule

. Turn on keyword blocking according to the Schedule screen settings.

•

Always

. Turn on keyword blocking all the time, independent of the Schedule screen.

3.

In the Keyword field, enter a keyword or domain, click

Add Keyword,

and click

Apply

.

The Keyword list. supports up to 32 entries. Here are some sample entries:

•

Specify XXX to block http://www.badstuff.com/xxx.html.

•

Specify .com if you want to allow only sites with domain suffixes such as .edu or .gov.

•

Enter a period (

.

) to block all Internet browsing access.

Delete Keyword or Domain



To delete keywords:

1.

Select the keyword or domain that you want to delete from the list.

2.

Click

Delete Keyword

and click

Apply

to save your changes.

Specify Trusted Computer

You can exempt one trusted computer from blocking and logging. The computer you exempt

has to have a fixed IP address.

Security Settings

39

N150 WiFi Router (N150R)



To specify a trusted computer:

1.

In the Trusted IP Address field, enter the IP address.

Click

Apply

to save your changes.

Set Up Service Blocking

Services are functions performed by server computers at the request of client computers. For

example, Web servers serve Web pages, time servers serve time and date information, and

game hosts serve data about other players’ moves. When a computer on the Internet sends

a request for service to a server computer, the requested service is identified by a service or

port number. This number appears as the destination port number in the transmitted IP

packets. For example, a packet that is sent with destination port number 80 is an HTTP (Web

server) request.

The service numbers for many common protocols are defined by the Internet Engineering

Task Force (IETF at

) and published in RFC1700, “Assigned Numbers.”

Service numbers for other applications are typically chosen from the range 1024 to 65535 by

the authors of the application. Although the router already holds a list of many service port

numbers, you are not limited to these choices.



To create your own service definitions:

1.

Select

Security > Service Blocking

to display the following screen:

2.

To create a new service, click the

Add

button. If you want to change a service, select it and

click

Edit

.

3.

Define or edit a service by specifying the following.

•

Name

. Enter a meaningful name for the service.

•

Type

. Select the correct type for this service. If in doubt, select

TCP/UDP

. The options

are TCP, UDP, and TCP/UDP.

•

Start Port

and

Finish Port

. If a port range is required, enter the range here. If a single

port is required, enter the same value in both fields.

4.

Click

Apply

to save your changes.

Security Settings

40

N150 WiFi Router (N150R)

Set the Time Zone

The router uses the Network Time Protocol (NTP) to obtain the current time and date from

one of several network time servers on the Internet.



To set the time zone:

1.

Select

Security > Schedule

.

2.

Select your time zone. This setting determines the blocking schedule and time-stamping of

log entries.

3.

If your time zone is in daylight savings time, select the

Adjust for daylight savings time

check box to add one hour to standard time.

Note:

If your region uses daylight savings time, select

Adjust for daylight

savings time

on the first day and clear it after the last day.

4.

Click

Apply

to save your settings.