51

GlobeSurfer

®

II 1.8 - 7.2 - 7.2 S

REFERENCE MANUAL

To add a new port forwarding service:

1.

Select the ‘Port Forwarding’ tab in the ‘Security’ management screen. The ‘Port Forwarding’ screen will appear (see Figure 5.75).

Figure 5.75 Port Forwarding

2.

Click the ‘New Entry’ link. The ‘Add Port Forwarding Rule’ screen will appear (see Figure 5.76).

Figure 5.76 Add port Forwarding Rule

3.

Enter the IP address or the host name of the computer that will provide the service (the “server”). Note that only one LAN

computer can be assigned to provide a specific service or application.

4.

The Protocol combo box lets you select or specify the type of protocol that will be used. In addition to the list of popular

protocols it provides, you may also choose any or a specific protocol. If you choose the ‘User defined’ option, the screen

will refresh, and you will be redirected to the ‘Edit Service’ page where you can specify a protocol. To learn more about

defining protocols, see chapter 6.6.15.

5.

By default, GlobeSurfer

®

II will forward traffic to the same port as the incoming port. If you wish to redirect traffic to a

different port, select the ‘Specify’ option. The screen will refresh, and an additional field will appear enabling you to enter

the port number:

Figure 5.77 Forward to a specific port

6.

The Schedule combo box allows you to define the time period during which this rule will take effect. You can select

between ‘Always’ or a specific schedule. If you choose the ‘User Defined’ option, the screen will refresh, and you will be

directed to the ‘Edit Scheduler rule’ page where you can define your own rule. To learn more about defining scheduler

rules, see section 6.6.4.

7.

Click the ‘OK’ button to save your changes. The ‘Port Forwarding’ screen will display a summary of the rule that you just

added (see Figure 5.78).

52

GlobeSurfer

®

II 1.8 - 7.2 - 7.2 S

REFERENCE MANUAL

Figure 5.78 Port Forwarding Summary

You may edit the port forwarding rule by modifying its entry under the ‘Local Host’ column in the ‘Port Forwarding’ screen.

To modify an entry:

1.

Click the Edit action icon for the rule. The ‘Edit Port Forwarding Rule’ screen will appear (see Figure 5.79). This screen

allows you to edit all the parameters that you configured when creating the port forwarding rule.

Figure 5.79 Port Forwardin Edit Rule

2.

Click the ‘OK’ button to save your changes and return to the ‘Port Forwarding’ screen.

You can disable a port forwarding rule in order to make a service unavailable without having to remove the rule from the ‘Port

Forwarding’ screen. This may be useful if you wish to make the service unavailable only temporarily and expect that you will

want to reinstate it in the future.

•

To temporarily disable a rule, clear the check box next to the service name.

•

To reinstate it at a later time, simply reselect the check box.

•

To remove a rule, click the Remove action icon for the service. The service will be permanently removed.

5.3.4

DMZ host

The DMZ (Demilitarized) Host feature allows one local computer to be exposed to the Internet. Designate a DMZ host when:

•

You wish to use a special-purpose Internet service, such as an on-line game or video-conferencing program, that is not

present in the Port Forwarding list and for which no port range information is available.

•

You are not concerned with security and wish to expose one computer to all services without restriction.

53

GlobeSurfer

®

II 1.8 - 7.2 - 7.2 S

REFERENCE MANUAL

Warning

: A DMZ host is not protected by the firewall and may be vulnerable to attack.

Designating a DMZ host may also put other computers in the home network at risk.

When designating a DMZ host, you must consider the security implications and protect it if necessary.

An incoming request for access to a service in the home network, such as a Web-server, is fielded by GlobeSurfer

®

II.

GlobeSurfer

®

II will forward this request to the DMZ host (if one is designated) unless the service is being provided by another

PC in the home network (assigned in Port Forwarding), in which case that PC will receive the request instead.

To designate a local computer as a DMZ Host:

1.

Select the ‘DMZ Host’ tab in the ‘Security’ management screen. The ‘DMZ Host’ screen will appear (see Figure 5.80).

Figure 5.80 DMZ Host

2.

Enter the local IP address of the computer that you would like to designate as a DMZ host, and select the check-box. Note

that only one LAN computer may be a DMZ host at any time.

3.

Click ‘OK’ to save the settings.

You can disable the DMZ host so that it will not be fully exposed to the Internet, but keep its IP address recorded on the ‘DMZ

Host’ screen. This may be useful if you wish to disable the DMZ host but expect that you will want to enable it again in the future.

To disable the DMZ host so that it will not be fully exposed to the Internet, clear the check-box next to the DMZ IP designation,

and click ‘OK’.

To reinstate it at a later time, simply reselect the check box.

5.3.5

Port triggering

Port triggering can be used for dynamic port forwarding configuration. By setting port triggering rules, you can allow inbound

traffic to arrive at a specific LAN host, using ports different than those used for the outbound traffic. This is called port

triggering since the outbound traffic triggers to which ports inbound traffic is directed.

For example, consider a gaming server that is accessed using UDP protocol on port 2222. The gaming server responds by

connecting the user using UDP on port 3333 when starting gaming sessions. In such a case you must use port triggering,

since this scenario conflicts with the following default firewall settings:

The firewall blocks inbound traffic by default.

The server replies to GlobeSurfer

®

II’s IP, and the connection is not sent back to your host, since it is not part of a session.

In order to solve this you need to define a Port Triggering entry, which allows inbound traffic on UDP port 3333, only after

a LAN host generated traffic to UDP port 2222. This will result in accepting the inbound traffic from the gaming server, and

sending it back to the LAN Host which originated the outgoing traffic to UDP port 2222.

Select the ‘Port Triggering’ tab in the ‘Security’ management screen. The ‘Port Triggering’ screen will appear (see Figure 5.81).

This screen will list all of the port triggering entries.

54

GlobeSurfer

®

II 1.8 - 7.2 - 7.2 S

REFERENCE MANUAL

Figure 5.81 Port triggering

Let’s add an entry for the gaming example above:

1.

Select ‘User Defined’ from the ‘Add...’ drop down list. The ‘Edit Service’ screen will appear (see Figure 5.82).

Figure 5.82 Add Port Triggering Rule

2.

Enter a name for the service (e.g. “game_server”), and click the ‘New Trigger Ports’ link. The ‘Edit Service Server Ports’

screen will appear (see Figure 5.83).

Figure 5.83 Edit Service Server Ports

3.

In the Protocol combo-box, select UDP. The screen will refresh, providing source and destination port options (see Figure 5.84).

55

GlobeSurfer

®

II 1.8 - 7.2 - 7.2 S

REFERENCE MANUAL

4.

Leave the Source Ports combo-box at its default “Any”. In the Destination Ports combo-box, select “Single”. The screen will

refresh again, providing an additional field in which you should enter “2222” as the destination port.

Figure 5.84 Edit Server Ports

5.

Click ‘OK’ to save the settings.

6.

Back in the ‘Edit Service’ screen, click the ‘New Opened Ports’ link. The ‘Edit Service Opened Ports’ screen will appear (see

Figure 5.85).

Figure 5.85 Edit Service Opened Ports

7.

Similar to the trigger ports screen, select UDP as the protocol, leave the source port at “Any”, and enter a 3333 as the

single destination port (see Figure 5.86).

Figure 5.86 Edit Service Opened Ports

8.

Click ‘OK’ to save the settings. The ‘Edit Service’ screen will present your entered information. Click ‘OK’ again to save the

port triggering rule. The ‘Port Triggering’ screen will now include the new port triggering entry (see Figure 5.87).