Page 71 / 149 Scroll up to view Page 66 - 70
DISCUS™ Multiplay Wireless VoIP AG
(C) (2006) Pirelli Broadband Solutions S.p.A. All Rights Reserved. Proprietary Use Pursuant to Cover Page Instructions.
65
OGU 930500105-A1
Security Section
You can select between any, a specific computer in your LAN, or 'User
Defined'. If you choose the 'User Defined' option, the 'Edit Network Object'
screen will appear. Specifying an address is done by creating a 'Network
Object';
4.
The Protocol combo-box lets you select or specify the type of protocol that
will be used. Selecting the 'Show All Services' option will expand the list of
available protocols. Select a protocol or add a new one using the 'User
Defined' option. This will commence a sequence that will add a new service,
representing the protocol.
5.
Select the 'Reply an HTML page to the blocked client' check-box to display
the following message to the client: “Access Denied - this computer is not
allowed to surf the WAN. Please contact your admin.”. When this check-box
is unselected, the client's packets will simply be ignored and he/she will not
receive any notification.
6.
The Schedule combo-box allows you to define the time period during which
this rule will take effect. By default, the rule will always be active. However,
you can configure scheduled rules by selecting 'User Defined'.
7.
Click the 'OK' button to save your changes. The 'Access Control' screen will
display a summary of the rule that you just added.
PORT FORWARDING
In its default state, DISCUS™ Multiplay Wireless VoIP AG blocks all external
users from connecting to or communicating with your network.
Therefore the system is safe from hackers who may try to intrude on the net-
work and damage it. However, you may want to expose your network to the
Internet in certain limited and controlled ways in order to enable some applica-
tions to work from the LAN (game, voice and chat applications, for example) and
to enable Internet-access to servers in the home network. The Port Forwarding
feature supports both of these functionalities. If you are familiar with networking
terminology and concepts, you may have encountered this topic referred to as
“Local Servers”.
The 'Port Forwarding' screen lets you define the applications that require special
handling by the Router.
All you have to do is select the application's protocol and the local IP address of
the computer that will be using or providing the service. If required, you may add
new protocols in addition to the most common ones provided by the Router.
For example, if you wanted to use a File Transfer Protocol (FTP) application on
one of your PCs, you would simply select 'FTP' from the list and enter the local
IP address or host name of the designated computer.
All FTP-related data arriving at the Router from the Internet will henceforth be
forwarded to the specified computer. Similarly, you can grant Internet users
access to servers inside your home network, by identifying each service and the
PC that will provide it. This is useful, for example, if you want to host a Web
Page 72 / 149
DISCUS™ Multiplay Wireless VoIP AG
(C) (2006) Pirelli Broadband Solutions S.p.A. All Rights Reserved. Proprietary Use Pursuant to Cover Page Instructions.
66
OGU 930500105-A1
Security Section
server inside your home network. When an Internet user points his/her browser
to the Router's external IP address, the gateway will forward the incoming HTTP
request to your Web server.
With one external IP address (Router's main IP address), different applications
can be assigned to your LAN computers, however each type of application is
limited to use one computer. For example, you can define that FTP will use
address X to reach computer A and Telnet will also use address X to reach com-
puter A, but attempting to define FTP to use address X to reach both computer
A and B will fail. The Router therefore provides the ability to add additional pub-
lic IP addresses to port forwarding rules, which you must first obtain from your
ISP, and enter into the 'NAT IP Addresses Pool'. You will then be able to define
FTP to use address X to reach computer A and address Y to reach computer B.
Additionally, port forwarding enables you to redirect traffic to a different port
instead of the one to which it was designated.
Lets say, that you have a Web server running on your PC on port 8080 and you
want to grant access to this server to anyone who accesses the Router via
HTTP. To accomplish this, do the following:
Define a port forwarding rule for the HTTP service, with the PC's IP or host name.
Specify 8080 in the 'Forward to Port' field.
All incoming HTTP traffic will now be forwarded to the PC running the Web
server on port 8080.
When setting a port forwarding service, you must ensure that the port is not
already in use by another application, which may stop functioning. A common
example is when using SIP signaling in Voice over IP - the port used by the
gateway's VoIP application (5060) is the same port on which port forwarding is
set for LAN SIP agents.
Page 73 / 149
DISCUS™ Multiplay Wireless VoIP AG
(C) (2006) Pirelli Broadband Solutions S.p.A. All Rights Reserved. Proprietary Use Pursuant to Cover Page Instructions.
67
OGU 930500105-A1
Security Section
FIGURE 3.
Port Forwarding panel
To add a new port forwarding service:
8.
Select the 'Port Forwarding' tab in the 'Security' management screen. The
'Port Forwarding' screen will appear
9.
Click the 'New Entry' link. The 'Add Port Forwarding Rule' screen will appear
10.
Select the 'Specify Public IP Address' check-box if you would like to apply
this rule on a specific external IP address. The screen will refresh
11.
Enter the additional external IP address in the 'Public IP Address' field.
12.
Enter the host name or IP address of the computer that will provide the serv-
ice (the “server”) in the 'Local Host' field. Note that unless an additional exter-
nal IP address has been added, only one LAN computer can be assigned to
provide a specific service or application.
13.
The Protocol combo-box lets you select or specify the type of protocol that
will be used. Selecting the 'Show All Services' option will expand the list of
available protocols. Select a protocol or add a new one using the 'User
Defined' option. This will commence a sequence that will add a new service,
representing the protocol.
14.
By default, the Router will forward traffic to the same port as the incoming
port. If you wish to redirect traffic to a different port, select the 'Specify'
option. The screen will refresh, and an additional field will appear enabling
you to enter the port number.
15.
The Schedule combo-box allows you to define the time period during which
this rule will take effect. By default, the rule will always be active. However,
you can configure scheduled rules by selecting 'User Defined'.
16.
Click the 'OK' button to save your changes. The 'Port Forwarding' screen will
display a summary of the rule that you just added
Page 74 / 149
DISCUS™ Multiplay Wireless VoIP AG
(C) (2006) Pirelli Broadband Solutions S.p.A. All Rights Reserved. Proprietary Use Pursuant to Cover Page Instructions.
68
OGU 930500105-A1
Security Section
DMZ HOST
The DMZ (Demilitarized) Host feature allows one local computer to be exposed
to the Internet.
Designate a DMZ host when:
You wish to use a special-purpose Internet service, such as an on-line game or video-
conferencing program, that is not present in the Port Forwarding list and for which no port range
information is available.
You are not concerned with security and wish to expose one computer to all services without
restriction.
An incoming request for access to a service in the home network, such as a
Web-server, is handled by the Router. DISCUS™ Multiplay Wireless VoIP AG
will forward this request to the DMZ host (if one is designated) unless the ser-
vice is being provided by another PC in the home network (assigned in Port For-
warding), in which case that PC will receive the request instead.
FIGURE 4.
DMZ Host panel
To designate a local computer as a DMZ Host:
17.
Select the 'DMZ Host' tab in the 'Security' management screen. The 'DMZ
Host' screen will appear
18.
Enter the local IP address of the computer that you would like to designate
as a DMZ host, and select the check-box. Note that only one LAN computer
may be a DMZ host at any time.
19.
Click 'OK' to save the settings.
A DMZ host is not protected by the firewall and may be vulnerable to attack. Designating a DMZ host
may also put other computers in the home network at risk. When designating a DMZ host, you must
consider the security implications and protect it if necessary.
Page 75 / 149
DISCUS™ Multiplay Wireless VoIP AG
(C) (2006) Pirelli Broadband Solutions S.p.A. All Rights Reserved. Proprietary Use Pursuant to Cover Page Instructions.
69
OGU 930500105-A1
Security Section
PORT TRIGGERING
Port triggering can be used for dynamic port forwarding configuration. By setting
port triggering rules, you can allow inbound traffic to arrive at a specific LAN
host, using ports different than those used for the outbound traffic. This is called
port triggering since the outbound traffic triggers to which ports inbound traffic is
directed.
For example, consider a gaming server that is accessed using UDP protocol on
port 2222. The gaming server responds by connecting the user using UDP on
port 3333 when starting gaming sessions. In such a case you must use port trig-
gering, since this scenario conflicts with the following default firewall settings:
The firewall blocks inbound traffic by default.
The server replies to the Router's IP, and the connection is not sent back to your host, since it is
not part of a session.
In order to solve this you need to define a Port Triggering entry, which allows
inbound traffic on UDP port 3333, only after a LAN host generated traffic to UDP
port 2222. This will result in accepting the inbound traffic from the gaming
server, and sending it back to the LAN Host which originated the outgoing traffic
to UDP port 2222.
Select the 'Port Triggering' tab in the 'Security' management screen. The 'Port
Triggering' screen will appear.
FIGURE 5.
Port Triggering panel
WEB SITE RESTRICTIONS
You may configure the Router to block specific Internet web sites so that they
cannot be accessed from computers in the home network. Moreover, restric-

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top