Page 31 / 51 Scroll up to view Page 26 - 30
ADSL2+ Router User’s Guide
5-5
5.4
Outbound IP Filter Configuration
Packet filtering is a basic security measure that should be used on any network that is exposed to a
security risk. A packet filter system examines data packets and scrutinizes them in order to control network
access. Filtering rules determine whether packets are passed through the Router from either side of the
gateway. The rules are created and controlled by the network administrator and can be precisely defined.
These rules are used to block access to the LAN from outside the network and/or to deny access to the WAN
from within the network. The Router uses filtering rules to examine data packet headers for specific
information. Packets passing through the Router that do not meet the criteria specified by the rule set are
dropped.
Effective implementation of packet filtering requires detailed knowledge of network services and
communication protocols. An overly complicated filtering scheme can adversely affect the Router’s
performance, while an inadequate set of rules may needlessly compromise security.
This Router has two fields to configure for filtering which are
Outbound
and
Inbound Filters.
Figure 5-5. Outbound IP Filter menu
This window will aid the use in configuring filters for IP addresses. This will deny specified LAN IP
addresses or specific ports associated with these LAN IP address from accessing the Internet. Well known
ports have already been previously set in the
IP Filters List
and can be modified by clicking their
corresponding edit icon, and simple adding an IP address to the configuration. To access this screen, click
the
Advanced
tab along the top of the configuration window and then the
Filters
tab to the left hand side.
Downloaded from
www.Manualslib.com
manuals search engine
Page 32 / 51
C2-010 / C2-010-I ADSL2+ Router User’s Guide
5-6
Filter
Settings
Description
Src IP
Address
Select Any IP, Single IP,
or
IP Range
from the drop-down menu and then enter the
appropriate IP address or addresses that will be the source of packets this filter will act
upon.
Dest IP
Address
Select Any IP, Single IP,
or
IP Range
from the drop-down menu and then enter the
appropriate IP address or addresses that will be the destination of packets this filter will act
upon.
Source
Port
Select
Any Port, Single Port, Port Range,
or
Safe Range
. A port or range of ports that will be
used to connect to the Source IP address or addresses entered above.
If
Any Port
is
entered, all ports in this IP range will be acted upon by this filter.
Dest Port
Select
Any Port, Single Port, Port Range,
or
Safe Range
. A port or range of ports that will be
used to connect to the Destination IP address or addresses entered above.
If
Any Port
is
entered, all ports in this IP range will be acted upon by this filter.
Protocol
The protocol associated with this IP filter. The user may choose between
TCP, UDP
or
TCP;UDP
.
Action
Select between
Allow
or
Deny
.
Allow
will instruct the filter to allow packets that meet the
criteria entered above to cross the router, while
Deny
will instruct the router to drop any
packets that meet the above criteria.
It should be noted the
Allow
will create a much more
restrictive filter than the
Deny
setting.
5.5
Inbound IP Filter Configuration
This window will aid the use in configuring filters for IP addresses. This will deny specified LAN IP
addresses or specific ports associated with these LAN IP address from accessing the Internet. Well known
ports have already been previously set in the
IP Filters List
and can be modified by clicking their
corresponding edit icon, and simple adding an IP address to the configuration. To access this screen, click
the
Advanced
tab along the top of the configuration window and then the
Filters
tab to the left hand side.
Figure 5-6. Inbound IP Filter menu
Downloaded from
www.Manualslib.com
manuals search engine
Page 33 / 51
ADSL2+ Router User’s Guide
5-7
Filter
Settings
Description
Src IP
Address
Select Any IP, Single IP,
or
IP Range
from the drop-down menu and then enter the
appropriate IP address or addresses that will be the source of packets this filter will act
upon.
Dest IP
Address
Select Any IP, Single IP,
or
IP Range
from the drop-down menu and then enter the
appropriate IP address or addresses that will be the destination of packets this filter will act
upon.
Source
Port
Select
Any Port, Single Port, Port Range,
or
Safe Range
. A port or range of ports that will be
used to connect to the Source IP address or addresses entered above.
If
Any Port
is
entered, all ports in this IP range will be acted upon by this filter.
Dest Port
Select
Any Port, Single Port, Port Range,
or
Safe Range
. A port or range of ports that will be
used to connect to the Destination IP address or addresses entered above.
If
Any Port
is
entered, all ports in this IP range will be acted upon by this filter.
Protocol
The protocol associated with this IP filter. The user may choose between
TCP, UDP
or
TCP;UDP
.
Action
Select between
Allow
or
Deny
.
Allow
will instruct the filter to allow packets that meet the
criteria entered above to cross the router, while
Deny
will instruct the router to drop any
packets that meet the above criteria.
It should be noted the
Allow
will create a much more
restrictive filter than the
Deny
setting.
Downloaded from
www.Manualslib.com
manuals search engine
Page 34 / 51
C2-010 / C2-010-I ADSL2+ Router User’s Guide
5-8
5.6 Firewall
This Router comes equipped with a firewall. The
Firewall
configuration screen allows the Router to enforce
specific predefined policies intended to protect against certain common types of attacks. To configure the Router’s
firewall, click the
Advanced
tab at the top of the screen and then the
Firewall
tab to the left.
Figure 5-7. Firewall Configuration Menu
When DoS, Port Scan, or Service Filtering Protection is enabled, it will create a firewall policy to protect your
network against the following:
Dos Protection
Port Scan Protection
Service Filtering
SYN Flood check
ICMP Redirection
check
Nmap/FIN attack
URG/PSH attack
Xmas Tree Scan
Null Scan attack
SYN/RST attack
SYN/FIN Scan
Ping from WAN
Telnet from WAN
FTP from WAN
DNS from WAN
IKE from WAN
RIP from WAN
DHCP from WAN
A DoS "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate
users of a service from using that service. Examples include: attempts to "flood" a network, thereby
preventing legitimate network traffic, attempts to disrupt connections between two machines, thereby
preventing access to a service, attempts to prevent a particular individual from accessing a service, or,
attempts to disrupt service to a specific system or person.
Port scan protection is designed to block attempts to discover vulnerable ports or services that might be
exploited in an attack from the WAN.
Downloaded from
www.Manualslib.com
manuals search engine
Page 35 / 51
ADSL2+ Router User’s Guide
The Service Filtering options allow you to block FTP, Telnet response, Pings, etc, from the external
network.
Check the category you want to block to enable filtering of that type of packet.
When you have selected the desired Firewall policies, click the
Apply
button to enforce the policies.
5-9
5.7 DMZ
Click on the DMZ menu button to display the DMZ menu. If your computer cannot run Internet
applications properly with the device, then you can enable this option to allow the computer accessing the
unrestricted Internet. Enter the IP address of the computer as a DMZ (Demilitarized Zone) host. Adding the
computer to the DMZ may expose it under insecurity risk; thus suggest not using this option unless no other
alternatives.
User can select to enable or disable the UPNP Settings and VPN Pass-Through in this page; the default
settings are both Enabled.
Figure 5-8. DMZ menu
Downloaded from
www.Manualslib.com
manuals search engine

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top