advertisement
Packet Filter
This function is only available when the Firewall is enabled and one of these four security levels is chosen (All blocked, High, Medium and Low). The preset port filter rules in the Packet Filter must modify accordingly to the level of Firewall, which is selected. See Table1: Predefined Port Filter for more detail information.
65
66
Example: Predefined Port Filters Rules
The predefined port filter rules for High, Medium and Low security levels are listed. See Table 1.
Note: Firewall – All Blocked/User-defined, you must define and create the port filter rules yourself. No predefined rule is being preconfigured.
Table 1:
Predefined
Port Filter
Protocol
Port
Number
Firewall - Low Firewall - Medium Firewall – High
Start End Inbound Outbound Inbound Outbound Inbound Outbound
Application
HTTP(80) TCP(6) 80 80 NO YES NO YES NO YES
DNS (53) UDP(17) 53 53 NO YES NO YES NO YES
DNS (53)
FTP(21)
TCP(6) 53 53
TCP(6) 21 21
Telnet(23) TCP(6) 23 23
SMTP(25) TCP(6) 25 25
NO
NO
NO
NO
POP3(110) TCP(6) 110 110 NO
NEWS(NNTP)
(Network
News Transfer
Protocol)
RealAudio/
RealVideo
(7070)
TCP(6) 119 119 NO
UDP(17) 7070 7070 YES
PING ICMP(1) N/A N/A NO
YES
YES
YES
YES
YES
YES
YES
NO
NO
NO
NO
NO
NO
YES
YES
YES
YES
YES
YES
YES
YES
NO
NO
NO
NO
NO
NO
NO
YES
NO
NO
YES
YES
NO
NO
YES
YES
YES
NO
NO
NO
YES
YES
YES
NO
NO
NO
YES
NO
NO
H.323(1720) TCP(6) 1720 1720 YES
T.120(1503) TCP(6) 1503 1503 YES
SSH(22) TCP(6) 22 22 NO
NTP /SNTP UDP(17) 123 123 NO
HTTP/HTTP
Proxy (8080)
TCP(6) 8080 8080 NO
HTTPS(443) TCP(6) 443 443 NO
YES
YES
YES
NO
NO
NO
YES
YES
NO
NO
NO
NO
NO
YES
NO
ICQ (5190)
MSN (1863)
TCP(6) 5190 5190
TCP(6) 1863 1863
YES
YES
MSN (7001) UDP(17) 7001 7001 YES
MSN VEDIO
(9000)
TCP(6) 9000 9000 NO
YES
YES
YES
YES
YES
NO
N/A
N/A
N/A
N/A
YES
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
67
Inbound: Internet to LAN
Outbound: LAN to Internet
YES: Allowed
NO: Blocked
N/A: Not Applicable
Packet Filter – Add TCP/UDP Filter
Rule Name Helper: Users-define description to identify this entry or click “Select” drop-down menu to select existing predefined rules. The maximum name length is 32 characters.
Time Schedule: It is self-defined time period. You may specify a time schedule for your prioritization policy. For setup and detail, refer to Time Schedule section
Source IP Address(es) / Destination IP Address(es): This is the Address-Filter used to allow or block traffic to/from particular IP address(es). Selecting the Subnet Mask of the IP address range you wish to allow/block the traffic to or form; set IP address and Subnet Mask to 0.0.0.0 to inactive the Address-Filter rule.
Tip: To block access, to/from a single IP address, enter that IP address as the Host IP Address and use a Host Subnet Mask of “255.255.255.255”.
Type: It is the packet protocol type used by the application, select TCP, UDP or both TCP/UDP.
Protocol Number: Insert the port number.
Source Port: This Port or Port Ranges defines the port allowed to be used by the Remote/WAN to connect to the application. Default is set from range 0 ~ 65535. It is recommended that this option be configured by an advanced user.
Destination Port: This is the Port or Port Ranges that defines the application.
Inbound / Outbound: Select Allow or Block the access to the Internet (“Outbound”) or from the
Internet (“Inbound”).
Click Add button to apply your changes.
68
Packet Filter – Add Raw IP Filter
Go to “Type” drop-down menu, select “Use Protocol Number”.
Rule Name Helper: Users-define description to identify this entry or choosing “Select” drop-down menu to select existing predefined rules.
Time Schedule: It is self-defined time period. You may specify a time schedule for your prioritization policy. For setup and detail, refer to Time Schedule section
Source IP Address(es) / Destination IP Address(es): This is the Address-Filter used to allow or block traffic to/from particular IP address(es). Selecting the Subnet Mask of the IP address range you wish to allow/block the traffic to or form; set IP address and Subnet Mask to 0.0.0.0 to inactive the Address-Filter rule.
Tip: To block access, to/from a single IP address, enter that IP address as the Host IP
Address and use a Host Subnet Mask of “255.255.255.255”.
Type: It is the packet protocol type used by the application, select TCP, UDP or both TCP/UDP.
Protocol Number: Insert the port number, i.e. GRE 47.
Source Port: This Port or Port Ranges defines the port allowed to be used by the Remote/WAN to connect to the application. Default is set from range 0 ~ 65535. It is recommended that this option be configured by an advanced user.
Destination Port: This is the Port or Port Ranges that defines the application.
Inbound / Outbound: Select Allow or Block the access to the Internet (“Outbound”) or from the
Internet (“Inbound”).
Click the Add button to apply your changes.
Example: Configuring your firewall to allow a publicly accessible web server on your LAN
The predefined port filter rule for HTTP (TCP port 80) is the same no matter whether the firewall is set to a high, medium or low security level. To setup a web server located on the local network when the firewall is enabled, you have to configure the Port Filters setting for HTTP.
69
As you can see from the diagram below, when the firewall is enabled with one of the three presets
(Low/Medium/High), inbound HTTP access is not allowed which means remote access through
HTTP to your router is not allowed.
Note: Inbound indicates accessing from Internet to LAN and Outbound is from LAN to the
Internet.
70
Configuring Packet Filter:
1. Click Packet Filters. You will then be presented with the predefined port filter rules screen (in this case for the low security level), shown below:
Note: You may click Edit the predefined rule instead of Delete it. This is an example to show to how you add a filter on your own.
2. Choose the radio button you want to delete the existing HTTP rule. Click Edit/Delete button to delete the existing HTTP rule.
3. Input the Rule Name, Time Schedule, Source/Destination IP, Type, Source/Destination Port,
Inbound and Outbound.
71
Example:
Application: Cindy_HTTP
Time Schedule: Always On
Source / Destination IP Address(es): 0.0.0.0 (I do not wish to active the address-filter, instead I use the port-filter)
Type: TCP (Please refer to Table1: Predefined Port Filter)
Source Port: 0-65535 (I allow all ports to connect with the application))
Redirect Port: 80-80 (This is Port defined for HTTP)
Inbound / Outbound: Allow
1. The new port filter rule for HTTP is shown below:
2. Configure your Virtual Server (“port forwarding”) settings so that incoming HTTP requests on port 80 will be forwarded to the PC running your web server:
Note: For how to configure the HTTP in Virtual Server, go to Add Virtual Server in Virtual
Server section for more details.
72
73
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement
Table of contents
- 5 Features
- 9 The Front LEDs
- 10 The Rear Ports
- 11 Cabling
- 24 ADSL Status
- 24 ARP Table
- 25 DHCP Table
- 26 Routing Table
- 28 NAT Sessions
- 28 UPnP Portmap
- 29 VoIP Status
- 29 VoIP Call Log
- 30 Event Log
- 30 Error Log
- 31 Diagnostic
- 38 LAN - Local Area Network
- 51 WAN - Wide Area Network
- 60 Time Zone
- 61 Remote Access
- 61 Firmware Upgrade
- 62 Backup / Restore
- 63 Restart Router
- 64 User Management
- 67 General Settings
- 69 Packet Filter
- 78 Intrusion Detection
- 81 URL Filter
- 84 IM / P2P Blocking
- 85 Firewall Log
- 87 SIP Device Parameters
- 90 SIP Accounts
- 91 Phone Port
- 93 PSTN Dial Plan (Router with LINE port only)
- 97 VoIP Dial Plan
- 102 Call Feature
- 102 Speed Dial
- 102 Ring & Tone
- 105 Prioritization
- 106 Outbound IP Throttling (LAN to WAN)
- 108 Inbound IP Throttling (WAN to LAN)
- 115 Add Virtual Server
- 117 Edit DMZ Host
- 123 Configuration of Time Schedule
- 128 Device Management
- 132 VLAN Bridge