Page 61 / 77 Scroll up to view Page 56 - 60
Chapter 5: Web Configuration
53
To have a user define firewall setting, please select
Advanced (User Define)
firewall and click
Apply
. There are two
selections for packet filtering rules appeared to ask you choosing one. Please choose the one you want and click
Configure
.
You have to select the interface from one of the radio buttons and click
Configure
. Later, in the next page, a button
named
Create a new filtering rule
will appear. Click on this
button to get into next page.
Example
Here provides you the way and the result of creating a new filtering rule. This is just an example and just for your
reference.
If you want enable the firewall and access into PPTP server for some reason, you can:
±
Set the protocol type as
TCP
and set the port range value start point as
1723
, or
±
Set the protocol type as
User Defined
and set the number as
47
.
After you click the
Create a new filtering rule
button, the following screen will appear. Please fill in the boxes and
click
Apply
to close this screen.
Page 62 / 77
ADSL Router User Manual
54
Protocol Type:
Select the type that you want for the filtering rule.
Local Side:
Type in the source IP address and subnet mask.
Remote Side:
Type in the destination IP address and subnet mask.
Port Range:
Enter the start and end point number.
Direction:
The way of the data transmission. In Bound means the data is transferred from outside onto your
computer. Out Bound means the data is transferred from your computer onto outside through
Internet.
Block
stops the data transmission,
Allow
lets the data pass through.
After configuring the settings, please click
Apply
and the new one you created will be shown on the table.
Intrusion Detection
This page displays the rules for intrusion detection. The purpose of intrusion detection is to detect any attacks that
penetrate and destroy the firewall & standard detection systems. In addition, it is used to proactively prevent attacks
without human intervention before any damage can occur.
Page 63 / 77
Chapter 5: Web Configuration
55
DOS Attack Block Duration:
It defines the duration that the suspicious host will be blocked once DOS activity is
detected. The unit is defined in second.
Scan Attack Block Duration:
It defines the duration that the suspicious host will be blocked once Scan activity is
detected. The unit is defined in second.
Victim Protection Block Duration:
This is to protect victims from spoofing style attacks -- a destination blocking
entry is added to black list. It specifies the default duration we are going to keep it in
the list to avoid the continuous attack against this victim. The unit is defined in
second.
Maximum TCP Open Handshaking Count:
The maximum number of unfinished TCP handshaking session will
trigger IDS for SYN flood per second.
Maximum Ping Count:
The maximum number of PINGs per second will trigger IDS for echo storm.
Maximum ICMP Count:
The maximum number of ICMP packets other than ICMP echo (PING) per second
will trigger IDS for ICMP flood.
You can select
Disable
and click
Apply
to disabled intrusion detection. Select Enabled to invoke this function. In
addition, click
Modify Rules
to enter or modify details for the rules if necessary. After finishing the modification,
click
Apply
.
Page 64 / 77
ADSL Router User Manual
56
Virtual Server
The Router implements NAT to let your entire local network appear as a single machine to the Internet. The typical
situation is that you have local servers for different services and you want to make them publicly accessible. With
NAT applied, it will translate the internal IP addresses of these servers to a single IP address that is unique on the
Internet. NAT function not only eliminates the need for multiple public IP addresses but also provides a measure of
security for your LAN.
When the router receives an incoming IP packet requesting for access to your local server, the router will recognize
the service type according to the port number in this packet (e.g., port 80 indicates HTTP service and port 21
indicates FTP service). By specifying the port number, you tell the router which service should be forwarded to the
local IP address you specify.
After you setting the virtual server you should modify the filter rule whichever port and service you set on virtual
server. Because the firewall has protect the route by filter rule so that you should update the filter rule after you set up
virtual server.
This page shows all virtual server rules configured in your ADSL Router.
In the virtual server list table, you may select required entry to modify or delete it by clicking
Modify
or
Delete
.
Creating a New Server
In order to add new virtual server service entry, click
Create a new server
button.
Page 65 / 77
Chapter 5: Web Configuration
57
ATM PVC Name:
Select the ATM PVC name from the drop down list. Currently only ppp-0 interface is
provided.
Protocol
:
Select a protocol type used by the service that will be forwarded.
TCP/IP Port
:
The Router supports port mapping function that translates a standard port number to a
non-standard number. Incoming data packets sent to a specific IP port can be mapped to the
port you specify. The most often used port numbers include:
21 (FTP), 80 (HTTP), 23 (Telnet) and 25(SMTP)
IP Address
:
Specify the internal IP address to which the packets are forwarded.
Then follow the steps below:
1.
Select the ATM PVC interface.
2.
Select the protocol type from the drop-down list.
3.
Select a service in TCP /IP Port field and enter the port number you want to use.
4.
Enter the IP address of the internal server in the IP Address filed and enter the TCP/IP port information in the
TCP/IP Port field.
5.
Click
Apply
to commit the setting.
Setting Up DMZ Host
Direct Mapping Zone (DMZ) uses a technology that makes Router forwarding all incoming packet to internal
specific server. To setup DMZ host for your router, please click
Setup DMZ Host
button.
Then follow the steps below:

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top