Pirelli Wireless-VoIP-AG-v1 Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

Pirelli

Wireless-VoIP-AG-v1

Page 71 / 149 Scroll up to view Page 66 - 70

DISCUS™ Multiplay Wireless VoIP AG

OGU 930500105-A1

Security Section

You can select between any, a specific computer in your LAN, or 'User

Defined'. If you choose the 'User Defined' option, the 'Edit Network Object'

screen will appear. Specifying an address is done by creating a 'Network

Object';

The Protocol combo-box lets you select or specify the type of protocol that

will be used. Selecting the 'Show All Services' option will expand the list of

available protocols. Select a protocol or add a new one using the 'User

Defined' option. This will commence a sequence that will add a new service,

representing the protocol.

Select the 'Reply an HTML page to the blocked client' check-box to display

the following message to the client: “Access Denied - this computer is not

allowed to surf the WAN. Please contact your admin.”. When this check-box

is unselected, the client's packets will simply be ignored and he/she will not

receive any notification.

The Schedule combo-box allows you to define the time period during which

this rule will take effect. By default, the rule will always be active. However,

you can configure scheduled rules by selecting 'User Defined'.

Click the 'OK' button to save your changes. The 'Access Control' screen will

display a summary of the rule that you just added.

PORT FORWARDING

In its default state, DISCUS™ Multiplay Wireless VoIP AG blocks all external

users from connecting to or communicating with your network.

Therefore the system is safe from hackers who may try to intrude on the net-

work and damage it. However, you may want to expose your network to the

Internet in certain limited and controlled ways in order to enable some applica-

tions to work from the LAN (game, voice and chat applications, for example) and

to enable Internet-access to servers in the home network. The Port Forwarding

feature supports both of these functionalities. If you are familiar with networking

terminology and concepts, you may have encountered this topic referred to as

“Local Servers”.

The 'Port Forwarding' screen lets you define the applications that require special

handling by the Router.

All you have to do is select the application's protocol and the local IP address of

the computer that will be using or providing the service. If required, you may add

new protocols in addition to the most common ones provided by the Router.

For example, if you wanted to use a File Transfer Protocol (FTP) application on

one of your PCs, you would simply select 'FTP' from the list and enter the local

IP address or host name of the designated computer.

All FTP-related data arriving at the Router from the Internet will henceforth be

forwarded to the specified computer. Similarly, you can grant Internet users

access to servers inside your home network, by identifying each service and the

PC that will provide it. This is useful, for example, if you want to host a Web

Page 72 / 149

DISCUS™ Multiplay Wireless VoIP AG

OGU 930500105-A1

Security Section

server inside your home network. When an Internet user points his/her browser

to the Router's external IP address, the gateway will forward the incoming HTTP

request to your Web server.

With one external IP address (Router's main IP address), different applications

can be assigned to your LAN computers, however each type of application is

limited to use one computer. For example, you can define that FTP will use

address X to reach computer A and Telnet will also use address X to reach com-

puter A, but attempting to define FTP to use address X to reach both computer

A and B will fail. The Router therefore provides the ability to add additional pub-

lic IP addresses to port forwarding rules, which you must first obtain from your

ISP, and enter into the 'NAT IP Addresses Pool'. You will then be able to define

FTP to use address X to reach computer A and address Y to reach computer B.

Additionally, port forwarding enables you to redirect traffic to a different port

instead of the one to which it was designated.

Lets say, that you have a Web server running on your PC on port 8080 and you

want to grant access to this server to anyone who accesses the Router via

HTTP. To accomplish this, do the following:

•

Define a port forwarding rule for the HTTP service, with the PC's IP or host name.

•

Specify 8080 in the 'Forward to Port' field.

All incoming HTTP traffic will now be forwarded to the PC running the Web

server on port 8080.

When setting a port forwarding service, you must ensure that the port is not

already in use by another application, which may stop functioning. A common

example is when using SIP signaling in Voice over IP - the port used by the

gateway's VoIP application (5060) is the same port on which port forwarding is

set for LAN SIP agents.

Page 73 / 149

DISCUS™ Multiplay Wireless VoIP AG

OGU 930500105-A1

Security Section

FIGURE 3.

Port Forwarding panel

To add a new port forwarding service:

Select the 'Port Forwarding' tab in the 'Security' management screen. The

'Port Forwarding' screen will appear

Click the 'New Entry' link. The 'Add Port Forwarding Rule' screen will appear

10.

Select the 'Specify Public IP Address' check-box if you would like to apply

this rule on a specific external IP address. The screen will refresh

11.

Enter the additional external IP address in the 'Public IP Address' field.

12.

Enter the host name or IP address of the computer that will provide the serv-

ice (the “server”) in the 'Local Host' field. Note that unless an additional exter-

nal IP address has been added, only one LAN computer can be assigned to

provide a specific service or application.

13.

The Protocol combo-box lets you select or specify the type of protocol that

will be used. Selecting the 'Show All Services' option will expand the list of

available protocols. Select a protocol or add a new one using the 'User

Defined' option. This will commence a sequence that will add a new service,

representing the protocol.

14.

By default, the Router will forward traffic to the same port as the incoming

port. If you wish to redirect traffic to a different port, select the 'Specify'

option. The screen will refresh, and an additional field will appear enabling

you to enter the port number.

15.

The Schedule combo-box allows you to define the time period during which

this rule will take effect. By default, the rule will always be active. However,

you can configure scheduled rules by selecting 'User Defined'.

16.

Click the 'OK' button to save your changes. The 'Port Forwarding' screen will

display a summary of the rule that you just added

Page 74 / 149

DISCUS™ Multiplay Wireless VoIP AG

OGU 930500105-A1

Security Section

DMZ HOST

The DMZ (Demilitarized) Host feature allows one local computer to be exposed

to the Internet.

Designate a DMZ host when:

•

You wish to use a special-purpose Internet service, such as an on-line game or video-

conferencing program, that is not present in the Port Forwarding list and for which no port range

information is available.

•

You are not concerned with security and wish to expose one computer to all services without

restriction.

An incoming request for access to a service in the home network, such as a

Web-server, is handled by the Router. DISCUS™ Multiplay Wireless VoIP AG

will forward this request to the DMZ host (if one is designated) unless the ser-

vice is being provided by another PC in the home network (assigned in Port For-

warding), in which case that PC will receive the request instead.

FIGURE 4.

DMZ Host panel

To designate a local computer as a DMZ Host:

17.

Select the 'DMZ Host' tab in the 'Security' management screen. The 'DMZ

Host' screen will appear

18.

Enter the local IP address of the computer that you would like to designate

as a DMZ host, and select the check-box. Note that only one LAN computer

may be a DMZ host at any time.

19.

Click 'OK' to save the settings.

A DMZ host is not protected by the firewall and may be vulnerable to attack. Designating a DMZ host

may also put other computers in the home network at risk. When designating a DMZ host, you must

consider the security implications and protect it if necessary.

Page 75 / 149

DISCUS™ Multiplay Wireless VoIP AG

OGU 930500105-A1

Security Section

PORT TRIGGERING

Port triggering can be used for dynamic port forwarding configuration. By setting

port triggering rules, you can allow inbound traffic to arrive at a specific LAN

host, using ports different than those used for the outbound traffic. This is called

port triggering since the outbound traffic triggers to which ports inbound traffic is

directed.

For example, consider a gaming server that is accessed using UDP protocol on

port 2222. The gaming server responds by connecting the user using UDP on

port 3333 when starting gaming sessions. In such a case you must use port trig-

gering, since this scenario conflicts with the following default firewall settings:

•

The firewall blocks inbound traffic by default.

•

The server replies to the Router's IP, and the connection is not sent back to your host, since it is

not part of a session.

In order to solve this you need to define a Port Triggering entry, which allows

inbound traffic on UDP port 3333, only after a LAN host generated traffic to UDP

port 2222. This will result in accepting the inbound traffic from the gaming

server, and sending it back to the LAN Host which originated the outgoing traffic

to UDP port 2222.

Select the 'Port Triggering' tab in the 'Security' management screen. The 'Port

Triggering' screen will appear.

FIGURE 5.

Port Triggering panel

WEB SITE RESTRICTIONS

You may configure the Router to block specific Internet web sites so that they

cannot be accessed from computers in the home network. Moreover, restric-

Rate

Popular Pirelli Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share