Votos - 0, Puntuación media: 0
(
)
)
|
Resumen del manual
Protecting Your Network v1.1, March 2009 3G Broadband Wireless Router MBR624GU User Manual Inbound Rules (Port Forwarding) Because the router uses Network Address Translation (NAT), your network presents only one IP address to the Internet, and outside users cannot directly access any of your local computers. However, by defining an inbound rule you can make a local server (for example, a Web server or game server) visible and available to the Internet. The rule tells the router to direct inbound traffic for a particular service to one local server based on the destination port number. This is also known as port forwarding. Note: Some broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP might periodically check for servers and might suspend your account if it discovers any active services at your location. If you are unsure, see the acceptable use policy of your ISP. Remember that allowing inbound services opens holes in your firewall. Enable only those ports that are necessary for your network. Following are two application examples of inbound rules. Inbound Rule Example: A Local Public Web Server If you host a public Web server on your local network, you can define a rule to allow inbound Web (HTTP) requests from outside IP addresses to the IP address of your Web server at any time of day. This rule is shown in the following figure: Figure 3-4 The settings are: • Service. From this list, select the application or service to be allowed or blocked. The list already displays many common services, but you are not limited to these choices. Use the Services screen to add any additional services or applications that do not already appear. Protecting Your Network v1.1, March 2009 3G Broadband Wireless Router MBR624GU User Manual • Action. Select when you want this type of traffic to be handled. You can block or allow always, or you can choose to block or allow according to the schedule you have defined in the Schedule screen. • Send to LAN Server. Enter the IP address of the computer or server on your LAN which will receive the inbound traffic covered by this rule. • WAN Users. These settings determine which packets are covered by the rule, based on their source (WAN) IP address. Select the option that you want: – Any. All IP addresses are covered by this rule. – Address range. If this option is selected, you must enter the Start and Finish fields. – Single address. Enter the required address in the Start field. • Log. You can select whether the traffic will be logged. The choices are: – Never. No log entries will be made for this service. – Always. Any traffic for this service type will be logged. – Match. Traffic of this type that matches the rule will be logged. – Not match. Traffic of this type that does not match the rule will be logged. Inbound Rule Example: Allowing Videoconferencing You can create an inbound rule to allow incoming videoconferencing to be initiated from a restricted range of outside IP addresses, such as from a branch office. In this example, CU-SeeMe connections are allowed only from a specified range of external IP addresses. This example also specifies logging of any incoming CU-SeeMe requests that do not match the allowed parameters. Figure 3-5 Protecting Your Network v1.1, March 2009 3G Broadband Wireless Router MBR624GU User Manual Considerations for Inbound Rules If your external IP address is assigned dynamically by your ISP, the IP address might change periodically as the DHCP lease expires. Consider using the Dynamic DNS feature so that external users can always find your network. If the IP address of the local server computer is assigned by DHCP, it might change when the computer is rebooted. To avoid this, use the Reserved IP address feature in the LAN IP menu to keep the computer’s IP address constant. Local computers must access the local server using the computer’s local LAN address (192.168.0.11 in the previous example). Attempts by local computers to access the server using the external WAN IP address will fail. Outbound Rules (Service Blocking) The router allows you to block the use of certain Internet services by computers on your network. This is called service blocking or port filtering. You can define an outbound rule to block Internet access from a local computer based on the following: • IP address of the local computer (source address) • IP address of the Internet site being contacted (destination address) • Time of day • Type of service being requested (service port number) Outbound Rule Example: Blocking Instant Messenger If you want to block Instant Messenger usage by employees during working hours, you can create an outbound rule to block that application from any internal IP address to any external address according to the schedule that you have created in the Schedule screen. You can also have the router log any attempt to use Instant Messenger during that blocked period. Protecting You...