NETGEAR FVS318N Modem User Manual


 
Firewall Protection
133
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Inbound Rules (Port Forwarding)
If you have enabled Network Address Translation (NAT), your network presents one IP
address only to the Internet, and outside users cannot directly access any of your local
computers (LAN users). (For information about configuring NAT, see Network Address
Translation on page 27.) However, by defining an inbound rule you can make a local server
(for example, a web server or game server) visible and available to the Internet. The rule
informs the firewall to direct inbound traffic for a particular service to one local server based
on the destination port number. This process is also known as port forwarding.
WARNING:
Allowing inbound services opens security holes in your network.
Enable only those ports that are necessary for your network.
Whether or not DHCP is enabled, how the computer accesses the server’s LAN address
impacts the inbound rules. For example:
I
f your external IP address is assigned dynamically by your ISP (DHCP enabled), the IP
address might change periodically as the DHCP lease expires. Consider using Dynamic
DNS so that external users can always find your network (see Configure Dynamic DNS on
page 35).
I
f the IP address of the local server computer is assigned by DHCP, it might change when
the computer is rebooted. To avoid this, use the Reserved (DHCP Client) feature in the
Log The setting that determines whether packets covered by this rule
are logged. The options are:
Always. Alwa
ys log traffic that matches this rule. This is useful
when you are debugging your rules.
Neve
r. Never log traffic that matches this rule.
All rules
NA
T IP The setting that specifies whether the source address of the
outgoing packets on the WAN should be assigned the address of
the WAN interface or the address of a different interface. You can
specify these settings only for outbound traffic of the WAN
interface. The options are:
W
AN Interface Address. All the outgoing packets on the WAN
are assigned to the address of the specified WAN interface.
S
ingle Address. All the outgoing packets on the WAN are
assigned to the specified IP address, for example, a secondary
WAN address that you have configured.
Note: The NAT IP drop-down list is available only when the WAN
mo
de is NAT. If you select Single Address, the IP address
specified should fall under the WAN subnet.
IPv4 LAN WAN rules
IPv4 DMZ WAN rules
Table 33. Outbound rules overview (continued)
Setting Description Outbound Rules