Chapter 5: Web Configuration

53

To have a user define firewall setting, please select

Advanced (User Define)

firewall and click

Apply

. There are two

selections for packet filtering rules appeared to ask you choosing one. Please choose the one you want and click

Configure

.

You have to select the interface from one of the radio buttons and click

Configure

. Later, in the next page, a button

named

Create a new filtering rule

will appear. Click on this

button to get into next page.

Example

Here provides you the way and the result of creating a new filtering rule. This is just an example and just for your

reference.

If you want enable the firewall and access into PPTP server for some reason, you can:

±

Set the protocol type as

TCP

and set the port range value start point as

1723

, or

±

Set the protocol type as

User Defined

and set the number as

47

.

After you click the

Create a new filtering rule

button, the following screen will appear. Please fill in the boxes and

click

Apply

to close this screen.

ADSL Router User Manual

54

Protocol Type:

Select the type that you want for the filtering rule.

Local Side:

Type in the source IP address and subnet mask.

Remote Side:

Type in the destination IP address and subnet mask.

Port Range:

Enter the start and end point number.

Direction:

The way of the data transmission. In Bound means the data is transferred from outside onto your

computer. Out Bound means the data is transferred from your computer onto outside through

Internet.

Block

stops the data transmission,

Allow

lets the data pass through.

After configuring the settings, please click

Apply

and the new one you created will be shown on the table.

Intrusion Detection

This page displays the rules for intrusion detection. The purpose of intrusion detection is to detect any attacks that

penetrate and destroy the firewall & standard detection systems. In addition, it is used to proactively prevent attacks

without human intervention before any damage can occur.

Chapter 5: Web Configuration

55

DOS Attack Block Duration:

It defines the duration that the suspicious host will be blocked once DOS activity is

detected. The unit is defined in second.

Scan Attack Block Duration:

It defines the duration that the suspicious host will be blocked once Scan activity is

detected. The unit is defined in second.

Victim Protection Block Duration:

This is to protect victims from spoofing style attacks -- a destination blocking

entry is added to black list. It specifies the default duration we are going to keep it in

the list to avoid the continuous attack against this victim. The unit is defined in

second.

Maximum TCP Open Handshaking Count:

The maximum number of unfinished TCP handshaking session will

trigger IDS for SYN flood per second.

Maximum Ping Count:

The maximum number of PINGs per second will trigger IDS for echo storm.

Maximum ICMP Count:

The maximum number of ICMP packets other than ICMP echo (PING) per second

will trigger IDS for ICMP flood.

You can select

Disable

and click

Apply

to disabled intrusion detection. Select Enabled to invoke this function. In

addition, click

Modify Rules

to enter or modify details for the rules if necessary. After finishing the modification,

click

Apply

.

ADSL Router User Manual

56

Virtual Server

The Router implements NAT to let your entire local network appear as a single machine to the Internet. The typical

situation is that you have local servers for different services and you want to make them publicly accessible. With

NAT applied, it will translate the internal IP addresses of these servers to a single IP address that is unique on the

Internet. NAT function not only eliminates the need for multiple public IP addresses but also provides a measure of

security for your LAN.

When the router receives an incoming IP packet requesting for access to your local server, the router will recognize

the service type according to the port number in this packet (e.g., port 80 indicates HTTP service and port 21

indicates FTP service). By specifying the port number, you tell the router which service should be forwarded to the

local IP address you specify.

After you setting the virtual server you should modify the filter rule whichever port and service you set on virtual

server. Because the firewall has protect the route by filter rule so that you should update the filter rule after you set up

virtual server.

This page shows all virtual server rules configured in your ADSL Router.

In the virtual server list table, you may select required entry to modify or delete it by clicking

Modify

or

Delete

.

Creating a New Server

In order to add new virtual server service entry, click

Create a new server

button.

Chapter 5: Web Configuration

57

ATM PVC Name:

Select the ATM PVC name from the drop down list. Currently only ppp-0 interface is

provided.

Protocol

:

Select a protocol type used by the service that will be forwarded.

TCP/IP Port

:

The Router supports port mapping function that translates a standard port number to a

non-standard number. Incoming data packets sent to a specific IP port can be mapped to the

port you specify. The most often used port numbers include:

21 (FTP), 80 (HTTP), 23 (Telnet) and 25(SMTP)

IP Address

:

Specify the internal IP address to which the packets are forwarded.

Then follow the steps below:

1.

Select the ATM PVC interface.

2.

Select the protocol type from the drop-down list.

3.

Select a service in TCP /IP Port field and enter the port number you want to use.

4.

Enter the IP address of the internal server in the IP Address filed and enter the TCP/IP port information in the

TCP/IP Port field.

5.

Click

Apply

to commit the setting.

Setting Up DMZ Host

Direct Mapping Zone (DMZ) uses a technology that makes Router forwarding all incoming packet to internal

specific server. To setup DMZ host for your router, please click

Setup DMZ Host

button.

Then follow the steps below: