Page 56 / 110 Scroll up to view Page 51 - 55
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router
Chapter 4: Configuration
55
When using Virtual Servers your PCs will be exposed to the degree
specified in your Virtual Server settings provided the ports specified are
opened in your firewall packet filter settings.
Firewall and Access Control
Your router includes a full SPI (Stateful Packet Inspection) firewall for controlling Internet access from
your LAN, as well as helping to prevent attacks from hackers. In addition to this, when using NAT
(Network Address Translation. Please see the
WAN
configuration section for more details on NAT) the
router acts as a “natural” Internet firewall, as all PCs on your LAN will use private IP addresses that
cannot be directly accessed from the Internet.
Firewall
: Prevents access from outside your network. The router provides three levels of security
support:
NAT natural firewall
: This masks LAN users’ IP addresses which are invisible to outside users on the
Internet, making it much more difficult for a hacker to target a machine on your network. This natural
firewall is on when NAT function is enabled.
Firewall Security and Policy (General Settings)
: Inbound direction of Packet Filter rules to prevent
unauthorized computers or applications accessing your local network from the Internet.
Intrusion Detection
: Enable Intrusion Detection to detect, prevent and log malicious attacks.
Access Control
: Prevents access from PCs on your local network:
Firewall Security and Policy (General Settings)
: Outbound direction of Packet Filter rules to prevent
unauthorized computers or applications accessing the Internet.
URL Filter
: To block PCs on your local network from unwanted websites.
Page 57 / 110
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router
Chapter 4: Configuration
56
Any remote user who is attempting to perform this action may result in
blocking all the accesses to configure and manage of the device from the
Internet.
Here are the items within the
Firewall
section:
General Settings, Packet Filter, Intrusion Detection,
URL Filter, IM/P2P Blocking
and
Firewall Log.
General Settings
You can choose not to enable Firewall, to add all filter rules by yourself, or enable the Firewall using
preset filter rules and modify the port filter rules as required. The Packet Filter is used to filter packets
based-on Applications (Port) or IP addresses.
There are four options when you enable the Firewall, they are:
±
All blocked/User-defined
: no pre-defined port or address filter rules by default, meaning that all
inbound (Internet to LAN) and outbound (LAN to Internet) packets will be blocked. Users have to
add their own filter rules for further access to the Internet.
±
High/Medium/Low security level:
the predefined port filter rules for High, Medium and Low
security are displayed in Port Filters of Packet Filter.
Select either
High, Medium
or
Low
security level
to enable the Firewall. The only difference between
these three security levels is the preset port filter rules in the Packet Filter. Firewall functionality is the
same for all levels; it is only the list of preset port filters that changes between each setting. For more
detailed on level of preset port filter information, refer to
Table 1: Predefined Port Filter
.
If you choose of the preset security levels and then add custom filters, you may temporarily disable the
firewall and recover your custom filter settings by re-selecting the same security level.
The “
Block WAN Request
” is a stand-alone function and not relate to whether security enable or
disable. Mostly it is for preventing any scan tools from WAN site by hacker.
Page 58 / 110
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router
Chapter 4: Configuration
57
Packet Filter
This function is only available when the Firewall is enabled and one of these four security levels is
chosen (All blocked, High, Medium and Low).
The predefined port filter rules in the Packet Filter must
modify accordingly to the level of Firewall, which is selected.
See
Table1: Predefined Port Filter
for
more detailed information.
Example:
Predefined Port Filters Rules
The predefined port filter rules for High, Medium and Low security levels are listed. See Table 1.
Note
: Firewall – All Blocked/User-defined, you must define and create the port filter rules yourself.
No predefined
rule is being preconfigured.
Page 59 / 110
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router
Chapter 4: Configuration
58
Table 1: Predefined Port Filter
Port
Number
Firewall - Low
Firewall - Medium
Firewall – High
Application
Protocol
Start
End
Inbound
Outbound Inbound
Outbound
Inbound
Outbound
HTTP(80)
TCP(6)
80
80
NO
YES
NO
YES
NO
YES
DNS (53)
UDP(17)
53
53
NO
YES
NO
YES
NO
YES
DNS (53)
TCP(6)
53
53
NO
YES
NO
YES
NO
YES
FTP(21)
TCP(6)
21
21
NO
YES
NO
YES
NO
NO
Telnet(23)
TCP(6)
23
23
NO
YES
NO
YES
NO
NO
SMTP(25)
TCP(6)
25
25
NO
YES
NO
YES
NO
YES
POP3(110)
TCP(6)
110
110
NO
YES
NO
YES
NO
YES
NEWS(NNTP)
(Network
News
Transfer Protocol)
TCP(6)
119
119
NO
YES
NO
YES
NO
NO
RealAudio/
RealVideo
(7070)
UDP(17)
7070
7070
YES
YES
YES
YES
NO
NO
PING
ICMP(1)
N/A
N/A
NO
YES
NO
YES
NO
YES
H.323(1720)
TCP(6)
1720
1720
YES
YES
NO
YES
NO
NO
T.120(1503)
TCP(6)
1503
1503
YES
YES
NO
YES
NO
NO
SSH(22)
TCP(6)
22
22
NO
YES
NO
YES
NO
NO
NTP /SNTP
UDP(17)
123
123
NO
YES
NO
YES
NO
YES
HTTP/HTTP
Proxy
(8080)
TCP(6)
8080
8080
NO
YES
NO
NO
NO
NO
HTTPS(443)
TCP(6)
443
443
NO
YES
NO
YES
N/A
N/A
ICQ (5190)
TCP(6)
5190
5190
YES
YES
N/A
N/A
N/A
N/A
MSN (1863)
TCP(6)
1863
1863
YES
YES
N/A
N/A
N/A
N/A
MSN (7001)
UDP(17)
7001
7001
YES
YES
N/A
N/A
N/A
N/A
MSN
VEDIO
(9000)
TCP(6)
9000
9000
NO
YES
N/A
N/A
N/A
N/A
Inbound:
Internet to LAN;
Outbound:
LAN to Internet.
YES:
Allowed;
NO:
Blocked;
N/A:
Not Applicable
Page 60 / 110
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router
Chapter 4: Configuration
59
Packet Filter – Add TCP/UDP Filter
Rule Name:
Users-define description to identify this entry or click
to select existing
predefined rules. The maximum name length is 32 characters.
Time Schedule:
It is self-defined time period.
You may specify a time schedule for your prioritization
policy. For setup and detail, refer to
Time Schedule
section
Source IP Address(es) / Destination IP Address(es):
This is the Address-Filter used to allow or block
traffic to/from particular IP address(es).
Selecting the
Subnet Mask
of the IP address range you wish to
allow/block the traffic to or form; set IP address and Subnet Mask to
0.0.0.0
to inactive the Address-Filter
rule.
Tip:
To block access,. to/from a single IP address, enter that IP address as the
Host IP Address
and
use a
Host Subnet Mask
of “255.255.255.255”.
Type:
It is the packet protocol type used by the application, select
TCP
,
UDP
or both
TCP/UDP
Source Port:
This Port or Port Ranges defines the port allowed to be used by the Remote/WAN to
connect to the application.
Default is set from range
0 ~ 65535.
It is recommended that this option be
configured by an advanced user.
Destination Port:
This is the Port or Port Ranges that defines the application.
Inbound / Outbound:
Select
Allow
or
Block
the access to the Internet (
“Outbound”
) or from the
Internet (
“Inbound”
).
Click
Apply
button to apply your changes.

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top