RX3141 User’s Manual Chapter 11. System Management
67
5. For security concerns, the RX3141 denies all the access requests from the external users unless
a proper inbound ACL rule is setup for each virtual server to allow external users to access the
internal servers set up in the Virtual Server configuration page. For example, if you want to allow
any one in the external network to access the FTP server, define an inbound ACL rule as
configured in Figure 10.4. Note that the destination IP address is the IP address entered in the
“
To IP Address
” and the destination port is the port numbers entered in the “
Redirect Port
Range
” in the Virtual Server configuration page. If you want to restrict access to the FTP server
from particular IP addresses, change the settings for the source IP in the inbound ACL rule. For
example, if source IP in the inbound ACL rule is configured as 198.175.2.10, the RX3141 will
deny all the external access to the FTP server except those from this particular IP address. For
detail information about configuring an inbound ACL rule, please refer to the section
9.4
Configuring Inbound ACL Rules
.
Figure 10.4. Virtual Server Example – Inbound ACL RuleConfigure Special Application
Some applications use multiple TCP/UDP ports to transmit data. Due to the NAT operation, these applications
cannot work with the router. Special Application setting allows some of these applications to work properly.
Note
Only one PC can use one particular special application at any time.
10.2.3 Special Application Configuration Parameters
Table 10.1 describes the configuration parameters available for Special Application configuration.
Table 10.3. Special Application Configuration Parameters
Setting Description
Enable
Select an application from the list of pre-configured applications. The
corresponding protocol and the redirect port range will be automatically
selected. Select “Manual Setting” if you want to configure the settings
yourself. To activate the policy, make sure the check box is checked.
Same as “Redirect
Port Range”
Same as “To
IP Address”