Pirelli PRGAV4202N Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

Pirelli

PRGAV4202N

Page 71 / 182 Scroll up to view Page 66 - 70

PRG AV4202N

OGU 930500275-A1

Security Section

ACCESS CONTROL

You may want to block specific computers within the home network (or even the

whole network) from accessing certain services on the Internet. For example,

you may want to prohibit one computer from surfing the Web, another computer

from transferring files using FTP, and the whole network from receiving incom-

ing e-mail.

Access Control defines restrictions on the types of requests that may pass from

the home network out to the Internet, and thus may block traffic flowing in both

directions. It can also be used for allowing specific services when maximum se-

curity is configured. In the e-mail example given above, you may prevent com-

puters in the home network from receiving e-mail by blocking their outgoing re-

quests to POP3 servers on the Internet.

There are numerous services you should consider blocking, such as popular

game and file sharing servers. For example, if you want to make sure that your

employees do not put your business at risk from illegally traded copyright files,

you may want to block several popular P2P and file sharing applications.

FIGURE 2.

Access Control panel

To allow or restrict services:

Select the 'Access Control' tab in the 'Security' management screen. The

'Access Control' screen will appear.

Click the 'New Entry' link. The 'Add Access Control Rule' screen will appear

The Address combo-box provides you the ability to specify the computer or

group of computers for which you would like to apply the access control rule.

You can select between any, a specific computer in your LAN, or 'User De-

Page 72 / 182

PRG AV4202N

Security Section

OGU 930500275-A1

fined'. If you choose the 'User Defined' option, the 'Edit Network Object'

screen will appear. Specifying an address is done by creating a 'Network

Object';

The Protocol combo-box lets you select or specify the type of protocol that

will be used. Selecting the 'Show All Services' option will expand the list of

available protocols. Select a protocol or add a new one using the 'User De-

fined' option. This will commence a sequence that will add a new service,

representing the protocol.

Select the 'Reply an HTML page to the blocked client' check-box to display

the following message to the client: “Access Denied - this computer is not al-

lowed to surf the WAN. Please contact your admin.”. When this check-box is

unselected, the client's packets will simply be ignored and he/she will not re-

ceive any notification.

The Schedule combo-box allows you to define the time period during which

this rule will take effect. By default, the rule will always be active. However,

you can configure scheduled rules by selecting 'User Defined'.

Click the 'OK' button to save your changes. The 'Access Control' screen will

display a summary of the rule that you just added.

PORT FORWARDING

In its default state, PRG AV4202N blocks all external users from connecting to

or communicating with your network.

Therefore the system is safe from hackers who may try to intrude on the net-

work and damage it. However, you may want to expose your network to the

Internet in certain limited and controlled ways in order to enable some applica-

tions to work from the LAN (game, voice and chat applications, for example)

and to enable Internet-access to servers in the home network. The Port For-

warding feature supports both of these functionalities. If you are familiar with

networking terminology and concepts, you may have encountered this topic re-

ferred to as “Local Servers”.

The 'Port Forwarding' screen lets you define the applications that require spe-

cial handling by the Router.

All you have to do is select the application's protocol and the local IP address of

the computer that will be using or providing the service. If required, you may

add new protocols in addition to the most common ones provided by the Router.

For example, if you wanted to use a File Transfer Protocol (FTP) application on

one of your PCs, you would simply select 'FTP' from the list and enter the local

IP address or host name of the designated computer.

All FTP-related data arriving at the Router from the Internet will henceforth be

forwarded to the specified computer. Similarly, you can grant Internet users ac-

cess to servers inside your home network, by identifying each service and the

PC that will provide it. This is useful, for example, if you want to host a Web

server inside your home network. When an Internet user points his/her browser

Page 73 / 182

PRG AV4202N

OGU 930500275-A1

Security Section

to the Router's external IP address, the gateway will forward the incoming HTTP

request to your Web server.

With one external IP address (Router's main IP address), different applications

can be assigned to your LAN computers, however each type of application is

limited to use one computer. For example, you can define that FTP will use ad-

dress X to reach computer A and Telnet will also use address X to reach com-

puter A, but attempting to define FTP to use address X to reach both computer

A and B will fail. The Router therefore provides the ability to add additional pub-

lic IP addresses to port forwarding rules, which you must first obtain from your

ISP, and enter into the 'NAT IP Addresses Pool'. You will then be able to define

FTP to use address X to reach computer A and address Y to reach computer B.

Additionally, port forwarding enables you to redirect traffic to a different port in-

stead of the one to which it was designated.

Lets say, that you have a Web server running on your PC on port 8080 and you

want to grant access to this server to anyone who accesses the Router via

HTTP. To accomplish this, do the following:



Define a port forwarding rule for the HTTP service, with the PC's IP or host

name.



Specify 8080 in the 'Forward to Port' field.

All incoming HTTP traffic will now be forwarded to the PC running the Web

server on port 8080.

When setting a port forwarding service, you must ensure that the port is not al-

ready in use by another application, which may stop functioning. A common ex-

ample is when using SIP signaling in Voice over IP - the port used by the gate-

way's VoIP application (5060) is the same port on which port forwarding is set

for LAN SIP agents.

Page 74 / 182

PRG AV4202N

Security Section

OGU 930500275-A1

FIGURE 3.

Port Forwarding panel

To add a new port forwarding service:

Select the 'Port Forwarding' tab in the 'Security' management screen. The

'Port Forwarding' screen will appear

Click the 'New Entry' link. The 'Add Port Forwarding Rule' screen will appear

Select the 'Specify Public IP Address' check-box if you would like to apply

this rule on a specific external IP address. The screen will refresh

Enter the additional external IP address in the 'Public IP Address' field.

Enter the host name or IP address of the computer that will provide the ser-

vice (the “server”) in the 'Local Host' field. Note that unless an additional ex-

ternal IP address has been added, only one LAN computer can be assigned

to provide a specific service or application.

The Protocol combo-box lets you select or specify the type of protocol that

will be used. Selecting the 'Show All Services' option will expand the list of

available protocols. Select a protocol or add a new one using the 'User De-

fined' option. This will commence a sequence that will add a new service,

representing the protocol.

By default, the Router will forward traffic to the same port as the incoming

port. If you wish to redirect traffic to a different port, select the 'Specify' op-

tion. The screen will refresh, and an additional field will appear enabling you

to enter the port number.

The Schedule combo-box allows you to define the time period during which

this rule will take effect. By default, the rule will always be active. However,

you can configure scheduled rules by selecting 'User Defined'.

Click the 'OK' button to save your changes. The 'Port Forwarding' screen will

display a summary of the rule that you just added.

Page 75 / 182

PRG AV4202N

OGU 930500275-A1

Security Section

DMZ HOST

The DMZ (Demilitarized) Host feature allows one local computer to be exposed

to the Internet.

Designate a DMZ host when:



You wish to use a special-purpose Internet service, such as an on-line game

or video-conferencing program, that is not present in the Port Forwarding list

and for which no port range information is available.



You are not concerned with security and wish to expose one computer to all

services without restriction.

A DMZ host is not protected by the firewall and may be vulnerable to attack. Designating a DMZ host

may also put other computers in the home network at risk. When designating a DMZ host, you must

consider the security implications and protect it if necessary.

An incoming request for access to a service in the home network, such as a

Web-server, is handled by the Router. PRG AV4202N will forward this request

to the DMZ host (if one is designated) unless the service is being provided by

another PC in the home network (assigned in Port Forwarding), in which case

that PC will receive the request instead.

FIGURE 4.

DMZ Host panel

To designate a local computer as a DMZ Host:

Select the 'DMZ Host' tab in the 'Security' management screen. The 'DMZ

Host' screen will appear

Enter the local IP address of the computer that you would like to designate

as a DMZ host, and select the check-box. Note that only one LAN computer

may be a DMZ host at any time.

Click 'OK' to save the settings.

Rate

Popular Pirelli Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share