Page 46 / 112
Scroll up to view Page 41 - 45
N
ETWORKING
AND
C
LIENT
S
ERVICES
4-14
Configuring Client Services
The Barricade includes a broad range of client services, including
firewall protection, network address translation, virtual server,
connection support for special applications, and restricted Internet
access for specified clients. You can configure these functions
using the Setup Wizard by clicking “Enter” at the bottom of the
Advanced Settings screen, or by selecting specific items from the
menu on the left of the screen.
Firewall Protection
The Barricade’s firewall can block common hacker attacks,
including IP Spoofing, Land Attack, Ping of Death, IP with zero
length, Smurf Attack, UDP port loopback, Snork Attack, TCP null
scan, and TCP SYN flooding. The firewall does not significantly
affect system performance, so we advise leaving it enabled to
protect your network users.
Downloaded from
www.Manualslib.com
manuals search engine
Page 47 / 112
C
ONFIGURING
THE
B
ARRICADE
4-15
Virtual Server
If you configure the Barricade as a virtual server, remote users
accessing services such as Web or FTP at your local site via public
IP addresses can be automatically redirected to local servers
configured with private IP addresses. In other words, depending
on the requested service (TCP/UDP port number), the Barricade
redirects the external service request to the appropriate server
(located at another internal IP address).
The WAN interface must have a fixed IP address to utilize this
function. For example, if you set Type/Public Port to TCP/80
(HTTP or Web) and the Private IP/Port to 192.168.2.2/80, then all
Downloaded from
www.Manualslib.com
manuals search engine
Page 48 / 112
N
ETWORKING
AND
C
LIENT
S
ERVICES
4-16
HTTP request from outside users will be transferred to 192.168.2.2.
Therefore, by just entering the IP Address provided by the ISP,
Internet users can access the service they need at the local address
to which you redirect them.
Some of the more common TCP service ports include:
HTTP: 80, FTP: 21, Telnet: 23 and POP3: 110.
Enabling Special Applications
Some applications require multiple connections, such as Internet
gaming, videoconferencing, Internet telephony and others. These
applications may not work when Network Address Translation
(NAT) is enabled. If you need to run applications that require
multiple connections, use the following screen to specify the
additional public ports to be opened for each application.
Downloaded from
www.Manualslib.com
manuals search engine
Page 49 / 112
C
ONFIGURING
THE
B
ARRICADE
4-17
Specify the port normally associated with an application in the
“Trigger Port” field, select the protocol type as TCP or UDP, then
enter the public ports associated with the trigger port to open
them for inbound traffic.
Note:
If an application still cannot function correctly after
enabling multiple ports via the Special Application screen,
you may have to open the client PC for full Internet access
using the DMZ Host option.
Client Filtering
You can filter Internet access for local clients based on IP address,
application type (i.e., HTTP port), and time of day.
For example, this screen shows that clients in the address range
192.168.2.50-99 are permanently restricted from using FTP (Port 21),
while clients in the address range
192.168.2.110-119 are blocked from
browsing the Internet from Monday through Friday.
Downloaded from
www.Manualslib.com
manuals search engine
Page 50 / 112
N
ETWORKING
AND
C
LIENT
S
ERVICES
4-18
Misc
Administrator
Time-out
– Enter time-out setting in minute for
administration protection.
Discard
PING
from
WAN
side
– You can enhance your network
security by preventing any host on the WAN to ping the Barricade.
Remote
Management
– By default, management access is only
available to users on your local network. However, you can also
manage the Barricade from a remote host by adding the IP address
of an administrator to this screen
.
Note:
If you specify an IP address of 0.0.0.0, any host can manage
the Barricade.
Virtual
DMZ
Host
– If you have a client PC that cannot run an
Internet application properly from behind the firewall or after
configuring the Special Applications function, then you can open
the client up to unrestricted two-way Internet access. Enter the IP
address of a DMZ host to this screen. Adding a client to the DMZ
(Demilitarized Zone) may expose your local network to a variety
of security risks, so only use this option as a last resort.
Downloaded from
www.Manualslib.com
manuals search engine
19216811.live