GemTek Technology P980430N Users Manual

7Firewall Setup

Overview

Purpose

This chapter explains how to configure the firewall for the CellPipe 7130 RG.

Click the Firewall drop-down menu to open the Firewall Setup menu.

Contents

This chapter covers the following topics:

Port Range Forwarding 7-1

Virtual Server Basic 7-3

Virtual Server Advance 7-4

Demilitarized Zone 7-6

UPnP 7-7

Filter 7-8

NAT Passthrough 7-10

URL Filter 7-11

Port Range Forwarding

The Port Range Forwarding window enables you to control the traffic passing through the
ports.

Note: It is recommended that port range forwarding be configured with the

assistance of your ISP.

Select Port Range Forwarding in the Firewall Setup menu to access the Port Range
Forwarding window; see Figure 7-1.

.................................... ...................................... ...................................... ...................................... ...................................... ...................................... ..........................

3FE-63398-AAAA-TCZZA
Edition 01 April 2009

7-1

Port Range ForwardingFirewall Setup

...................................... ..................................... ...................................... ................................ ...................................... ...................................... ...............................

Figure 7-1 Port Range Forwarding window

Tabl e 7-1 describes the fields of the Port Range Forwarding window.

Table 7-1 Field descriptions

Field Description

Application Enter the name of an application you are hosting on

your LAN PC; for example, Real Audio.

Start Port Enter the starting number of the port range used for

the application.

End Port Enter the ending number of the port range used for

the application.

Protocol Select one of:

• TCP

• UDP

• Both

The type of application determines what protocol is
required.

IP Address Enter the IP address of the LAN PC that is running

the application.

Enable Select Enable to allow port forwarding for the

application. Select Disable to stop port forwarding
for the application.

...................................... ..................................... ...................................... ................................ ...................................... ...................................... ...............................

7-2

3FE-63398-AAAA-TCZZA

Edition 01 April 2009

Virtual Server BasicFirewall Setup

.................................... ...................................... ...................................... ...................................... ...................................... ...................................... ..........................

Field Description

Apply Changes Click to save your changes.

Virtual Server Basic

The virtual server acts as a gateway to pass your service request from the Internet client to
your LAN servers.

Select Virtual Server Basic in the Firewall Setup menu to access the Virtual Server Basic
window; see Figure 7-2.

Figure 7-2 Virtual Server Basic window

Tabl e 7-2 describes the fields of the Virtual Server Basic window.

Table 7-2 Field descriptions

Field Description

Application Select the application to be served by the virtual

server.

IP Address Select the radio button in the left column to select a

pre-configured LAN host or select the radio button in
the right column and enter an IP address manually.

Enable Select Enable to connect the virtual server. Select

Disable to end the connection.

................................... ...................................... ...................................... ...................................... ...................................... ...................................... ...........................

3FE-63398-AAAA-TCZZA
Edition 01 April 2009

7-3

Virtual Server AdvanceFirewall Setup

...................................... ..................................... ...................................... ................................ ...................................... ...................................... ...............................

Field Description

Apply Changes Click to save your changes.

Add Application

Application Enter the name of an application you are hosting on

your LAN PC.

Port Enter the desired port in the Port field and then

select the required protocol.

Add Click to add the application to the virtual server.

Your added application is now available in the
application list for configuration.

Delete Application Click the drop-down menu and select the application

to delete.

Delete Click to remove the application from the application

list.

Virtual Server Advance

Advanced settings enable you to use a different port other than the standard port for your
service/server. The router conducts the port-level translation.

Select Virtual Server Advance in the Firewall Setup menu to access the Virtual Server
Advance window; see Figure 7-3.

...................................... ..................................... ...................................... ................................ ...................................... ...................................... ...............................

7-4

3FE-63398-AAAA-TCZZA

Edition 01 April 2009

Virtual Server AdvanceFirewall Setup

.................................... ...................................... ...................................... ...................................... ...................................... ...................................... ..........................

Figure 7-3 Virtual Server Advance window

Tabl e 7-3 describes the fields of the Virtual Server Advance window.

Table 7-3 Field descriptions

Field Description

Application Enter the name of an application to be hosted on the

virtual server.

Ext.Port Enter the external port that will be forwarded for the

WAN traffic.

Protocol Select one of the following:

• TCP

• UDP

• Both

The type of application determines what protocol is
required.

Int.Port Enter the number of the internal port for the

application. The internal port is the port used by
your LAN server.

................................... ...................................... ...................................... ...................................... ...................................... ...................................... ...........................

3FE-63398-AAAA-TCZZA
Edition 01 April 2009

7-5

Demilitarized ZoneFirewall Setup

...................................... ..................................... ...................................... ................................ ...................................... ...................................... ...............................

Field Description

IP Address Enable the radio button in the left column to select a

pre-configured LAN host or enable the radio button
in the right column and enter an IP address
manually.

Enable Select Enable to apply this virtual server

configuration rule or Disable to turn off this virtual
server configuration rule.

Apply Changes Click to save your changes.

Demilitarized Zone

The Demilitarized Zone window enables you to configure a single computer to be exposed
to an unrestricted two-way communication from outside of your network; see Tab le 7-4 .

Note: Use the demilitarized zone setting only if the virtual server or port range

forwarding options do not provide the level of access required for certain applications.
It is recommended that you contact your ISP for assistance.

Select Demilitarized Zone in the Firewall Setup menu to access the demilitarized zone
window; see Figure 7-4.

Figure 7-4 Demilitarized Zone window

Tabl e 7-4 describes the fields of the Demilitarized Zone window.

...................................... ..................................... ...................................... ................................ ...................................... ...................................... ...............................

7-6

3FE-63398-AAAA-TCZZA

Edition 01 April 2009

UPnPFirewall Setup

.................................... ...................................... ...................................... ...................................... ...................................... ...................................... ..........................

Table 7-4 Field descriptions

Field Description

Demilitarized Zone (DMZ) Select Enable to turn on the demilitarized zone

function. Select Disable to turn it off.

DMZ Host IP Address Select the first radio button and choose a pre-

existing (or preset) LAN host or select the second
radio button and enter an IP address manually.

DMZ Timer To improve security, specify the length of time (in

seconds) during which the DMZ is active.

Apply Changes Click to save your changes.

UPnP

UPnP is an open networking standard that allows peer-to-peer network connectivity
between devices. It enables software or devices, such as video game consoles, to function
properly using NAT. See Ta bl e 7-5 below.

Note: It is recommended that you contact your ISP for assistance.

Select UPnP in the Firewall Setup menu to access the UPnP window; see Figure 7-5.

Figure 7-5 UPnP window

Tabl e 7-5 describes the fields of the UPnP window.

................................... ...................................... ...................................... ...................................... ...................................... ...................................... ...........................

3FE-63398-AAAA-TCZZA
Edition 01 April 2009

7-7

FilterFirewall Setup

...................................... ..................................... ...................................... ................................ ...................................... ...................................... ...............................

Table 7-5 Field descriptions

Field Description

UPnP Select Enable to connect the UPnP function. Select

Disable to disconnect the UPnP function.

UPnP Log Select Enable to enable the logging activities.

Select Disable to disable the logging activities.

ReadOnly Mode Select Enable to turn on the read-only mode. Select

Disable to turn off the read-only mode.

Note: In read-only mode, users are unable to

change port forwarding settings or any other UPnP
enabled application settings.

Apply Changes Click to save your changes.

Filter

The filter enables you to disable applications and their associated service ports for specific
clients.

Note: It is recommended that you contact your ISP for assistance configuring the

filter.

Select Filter in the Firewall Setup menu to access the Filter window; see Figure 7-6.

...................................... ..................................... ...................................... ................................ ...................................... ...................................... ...............................

7-8

3FE-63398-AAAA-TCZZA

Edition 01 April 2009

FilterFirewall Setup

.................................... ...................................... ...................................... ...................................... ...................................... ...................................... ..........................

Figure 7-6 Filter window

Tabl e 7-6 describes the fields of the Filter window.

Table 7-6 Field descriptions

Field Description

Application Enter the name of the application to be filtered.

IP Type Select Dest (destination) or Source depending on

the how the rule has been defined.

IP Enter the IP address of the host you are blocking

from the application.

Netmask Select the Netmask of the host you are blocking

from the application.

Protocol Select one of the following:

• TCP

• UDP

• Both

The type of application determines what protocol is
required.

Port Type Select Dest (destination) or Source depending on

the type of application.

Starting Port Enter the starting port number of the application.

Ending Port Enter the ending port number of the application.

................................... ...................................... ...................................... ...................................... ...................................... ...................................... ...........................

3FE-63398-AAAA-TCZZA
Edition 01 April 2009

7-9

NAT PassthroughFirewall Setup

...................................... ..................................... ...................................... ................................ ...................................... ...................................... ...............................

Field Description

Enable Select Enable to apply this filter configuration rule

or Disable to turn off this filter configuration rule.

DSCP Policy Select Disable to disable the DSCP policy. Select

Deny to deny packets with the specified IP header
DSCP value to access the internet or select Allow to
allow packets with the specified IP header DSCP
value to access the internet.

DSCP Value Enter your DSCP value between 0 to 63.

Apply Changes Click to save your changes.

NAT Passthrough

The NAT Passthrough window allows you to enable and disable specific protocols from
passing through the gateway.

Select NAT Passthrough in the Firewall Setup menu to access the NAT Passthrough
window; see Figure 7-7.

Figure 7-7 NAT Passthrough window

Tabl e 7-7 describes the fields of the NAT Passthrough window.

...................................... ..................................... ...................................... ................................ ...................................... ...................................... ...............................

7-10

3FE-63398-AAAA-TCZZA

Edition 01 April 2009

URL FilterFirewall Setup

.................................... ...................................... ...................................... ...................................... ...................................... ...................................... ..........................

Table 7-7 Field descriptions

Field Description

IPSec Passthrough Select the Enable radio button to allow IPSec

passthrough. Select Disable to not allow the IPSec
passthrough.

L2TP Passthrough Select the Enable radio button to allow L2TP

passthrough. Select Disable to not allow L2TP
passthrough.

PPTP Passthrough Select the Enable radio button to allow PPTP

passthrough. Select Disable to not allow PPTP
passthrough.

Apply Changes Click to save your changes.

URL Filter

The URL Filter window enables you to block access to specific websites.

Select URL Filter in the Firewall Setup menu to access the URL Filter window; see

Figure 7-8.

Figure 7-8 URL Filter window

Tabl e 7-8 describes the fields for the URL Filter window.

................................... ...................................... ...................................... ...................................... ...................................... ...................................... ...........................

3FE-63398-AAAA-TCZZA
Edition 01 April 2009

7-11

URL FilterFirewall Setup

...................................... ..................................... ...................................... ................................ ...................................... ...................................... ...............................

Table 7-8 Field descriptions

Field Description

Application Enter a name for the URL filter.

URL Enter a URL or keyword of the URL you are

blocking. If the keyword is too general, you might
inadvertently block other websites. You can enter
multiple URLs and keywords.

Enable Select Enable to apply the URL filter. Select

Disable to turn off the URL filter.

Apply Changes Click to save your changes.

...................................... ..................................... ...................................... ................................ ...................................... ...................................... ...............................

7-12

3FE-63398-AAAA-TCZZA

Edition 01 April 2009

8 Advanced Setup

Overview

This chapter explains how to configure the advanced settings of the CellPipe 7130 RG
such as the route setting, bridge MAC filter, dynamic DNS, and system log.

Click the

Contents

This chapter covers the following topics:

Route Setting 8-1

Bridge MAC Filter 8-3

Dynamic DNS 8-4

System Log 8-5

Route Setting

The Route Setting window enables you to configure static and dynamic routes for routing
packets from one network to another network.

Select Route Setting in the Advanced Setup menu to access the Route Setting window;
see Figure 8-1.

Advanced Setup drop-down menu to open the Advanced Setup menu.

.................................... ...................................... ...................................... ...................................... ...................................... ...................................... ..........................

3FE-63398-AAAA-TCZZA
Edition 01 April 2009

8-1

Route SettingAdvanced Setup

...................................... ..................................... ...................................... ................................ ...................................... ...................................... ...............................

Figure 8-1 Route Setting window

Tabl e 8-1 describes the fields of the Route Setting window.

Table 8-1 Field descriptions

Field Description

Static Route (WAN) Static routing enables you to choose a fixed

path to another network.

IP Address Enter the IP address of the destination network.

Netmask Select and the subnet mask of the destination

network.

Gateway Enter the IP address of the gateway for the

destination network.

Metric In order to determine the best route, a value is

used to specify the cost of the route (the metric
value). Enter the metric value in the metric
field. IP routing uses hop count as measurement
of the metric.

Interface Select the LAN or WAN interface. The packets

sent to the addresses of the destination IP
address are reached through the interface,
however, for the WAN interface it depends on
the WAN configuration.

...................................... ..................................... ...................................... ................................ ...................................... ...................................... ...............................

8-2

3FE-63398-AAAA-TCZZA

Edition 01 April 2009

Bridge MAC FilterAdvanced Setup

.................................... ...................................... ...................................... ...................................... ...................................... ...................................... ..........................

Field Description

Dynamic Route (WAN) Select Enable to use dynamic routing instead

of static. Dynamic routing enables the router to
adapt to changes in the path to the other
network. Select Disable to turn off dynamic
routing.

Apply Changes Click to save your changes.

Bridge MAC Filter

The Bridge MAC Filter enables you to control access to and from specific MAC
addresses.

Select

Bridge MAC filter in the Advanced Setup menu to access the bridge MAC filter

window; see Figure 8-2.

Figure 8-2 Bridge MAC Filter window

Tabl e 8-2 describes the fields of the Bridge MAC Filter window.

................................... ...................................... ...................................... ...................................... ...................................... ...................................... ...........................

3FE-63398-AAAA-TCZZA
Edition 01 April 2009

8-3

Dynamic DNSAdvanced Setup

...................................... ..................................... ...................................... ................................ ...................................... ...................................... ...............................

Table 8-2 Field descriptions

Field Description

ALG Select the filtering algorithm:

• Source MAC

• Destination MAC

• DHCP Option 60

• Ethernet Type

Filter Policy Select the filter:

• Allow

• Deny

• Disable

Ethernet Type If you selected Ethernet Type as the filtering

algorithm, enter the applicable Ethernet Type code.

DHCP Option 60 If you selected DHCP Option 60 as the filtering

algorithm, enter the alphanumeric identification.

Source MAC (MAC 1 to 10) Enter the source MAC address of the filter.

Destination MAC (MAC 1 to 10) Enter the destination MAC address of the filter.

Apply Changes Click to save your changes.

Dynamic DNS

The Dynamic DNS (DDNS) window enables you to configure your registered domain
name with a dynamic IP address.

Note: Before you can use this feature, you need to sign up for DDNS service at one

of two DDNS service providers; see DynDNS.org or ChangeIP.com.

Click on Dynamic DNS in the Advanced Setup menu to access the dynamic DNS window;
see Figure 8-3.

...................................... ..................................... ...................................... ................................ ...................................... ...................................... ...............................

8-4

3FE-63398-AAAA-TCZZA

Edition 01 April 2009

System LogAdvanced Setup

.................................... ...................................... ...................................... ...................................... ...................................... ...................................... ..........................

Figure 8-3 Dynamic DNS window

Tabl e 8-3 describes the fields of the Dynamic DNS window.

Table 8-3 Field descriptions

Field Description

DDNS Service If you have enabled your DDNS, select your DDNS

User Name Enter the username for your DDNS account.

Password Enter the password for your DDNS account.

Host Name Enter the host name.

Apply Changes Click to save your changes.

System Log

The System Log window enables you to view the system logs and to send them to a
remote system log server.

service.

Click on System Log in the Advanced Setup menu to access the system log window; see

Figure 8-4.

................................... ...................................... ...................................... ...................................... ...................................... ...................................... ...........................

3FE-63398-AAAA-TCZZA
Edition 01 April 2009

8-5

System LogAdvanced Setup

...................................... ..................................... ...................................... ................................ ...................................... ...................................... ...............................

Figure 8-4 System Log window

Tabl e 8-4 describes the fields of the System Log window.

Table 8-4 Field descriptions

Field Description

Log Size (Lines) Select the number of lines to display in your log.

Remote Logging Select LAN or WAN for the remote logging server.

Select Disable to turn off remote logging.

Remote Server Enter the IP address of the remote logging server.

Apply Changes Click to save your changes and to view the log.

Note: You can click Apply Changes to see your

report in the section of the window below the system
log fields (this is optional).

If you are configuring remote logging, click Apply
Changes after configuring the remote logging and
remote server fields.

Time The time that the action was performed.

Module The type of module the action involved.

Level Select the level of logging activity:

• Info

• Error

• Debug

...................................... ..................................... ...................................... ................................ ...................................... ...................................... ...............................

8-6

3FE-63398-AAAA-TCZZA

Edition 01 April 2009