NETGEAR ProSafe DGFV338 Reference Manual page 80

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
However, by defining an inbound rule you can make a local server (for example, a Web server or
game server) visible and available to the Internet. The rule tells the firewall to direct inbound
traffic for a particular service to one local server. If you enable Translate to a Port Number, the
traffic will be forwarded to a specific port based on the destination port number. This is also
known as port forwarding.
This following lists all the existing rules for incoming traffic. Remember that allowing inbound
services opens holes in your firewall. Only enable those ports that are necessary for your network.
A rule is defined by the following fields:
• ! (Status): A rule can be disabled if not in use and enabled as needed. A rule is disabled if the
status light is grey and it is enabled if the status light is green. Disabling a rule does not delete
the configuration, but merely de-activates the rule.
• Service Name: This is a unique name assigned to the service. The name usually indicates the
type of traffic the rule covers such as ftp, ssh, telnet, ping, etc. Services not already in the list
can be are added on the Services page.
• Filter: Defines an action to be taken on the enabled rule. It can be:
– Block Always: Block selected service at all times.
– Enable Always: Allow selected service to pass through at all times.
– Block by schedule, otherwise allow: Works in conjunction with a schedule defined in the
Schedule 1/2/3 pages. Selected service will be blocked during the scheduled interval and
will be allowed to pass through at other times.
– Allow by schedule, otherwise block: Works in conjunction with a schedule defined in the
Schedule 1/2/3 pages. Selected service will be allowed to pass through during the
scheduled interval and will be blocked at other times.
• LAN Server IP Address: An IP address and port number of a machine on the LAN which is
hosting the server. It is displayed in the form: <IP address:port number>.
For example, if a machine with an IP address of 192.168.1.100 on the LAN side is running a
telnet server on port 2000, then the table will display 192.168.10.100:2000. If the telnet server
is running on the default port (port 23), then the table will display only the IP address.
• Destination LAN Users: Specifies whether one or more IP addresses on the LAN will be
affected by the rule. This field is only enabled when in routing mode since the LAN is
accessible only in this mode.
– Any: All computers on the LAN will be affected by the rule.
– Single Address: A single IP address on the LAN will be affected by the rule.
4-8
v1.0, April 2007
Security and Firewall Protection