Inbound Rules Port Forwarding | NETGEAR fvs114 guide

Reference Manual for the ProSafe VPN Firewall FVS114

–Block non-standard packets — Abnormal packets are often used by hackers and in DoS attacks, but may also be generated by other network devices. This setting should normally be enabled.

–Enable DNS proxy — DNS proxy will forward DNS queries to the DNS. If the DNS proxy is disabled, the Router will ignore DNS queries it receives. PCs will then need to contact the DNS directly. This setting should normally be enabled.

Inbound Rules (Port Forwarding)

Because the FVS114 uses Network Address Translation (NAT), your network presents only one IP address to the Internet, and outside users cannot directly address any of your local computers. However, by defining an inbound rule you can make a local server (for example, a Web server or game server) visible and available to the Internet. The rule tells the firewall to direct inbound traffic for a particular service to one local server based on the destination port number. This is also known as port forwarding.

Note: Some residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location. If you are unsure, refer to the Acceptable Use Policy of your ISP.

Remember that allowing inbound services opens holes in your FVS114 VPN Firewall. Only enable those ports that are necessary for your network. Following are two application examples of inbound rules:

Inbound Rule Example: A Local Public Web Server

If you host a public Web server on your local network, you can define a rule to allow inbound Web (HTTP) requests from any outside IP address to the IP address of your Web server at any time of day. This rule is shown in Figure 4-3:

4-6	Firewall Protection and Content Filtering

202-10098-01, April 2005

Image 44

NETGEAR fvs114 manual Inbound Rules Port Forwarding, Inbound Rule Example a Local Public Web Server

Contents

Reference Manual for the ProSafe VPN Firewall FVS114 Trademarks Statement of ConditionsEN 55 022 Declaration of Conformance Certificate of the Manufacturer/Importer Product and Publication Details 202-10098-01, April Contents Chapter Firewall Protection Content Filtering Chapter Advanced Virtual Private Networking Chapter Advanced Configuration Appendix C Virtual Private Networking Appendix D Preparing Your Network Contents Xii Contents Chapter About This Manual Audience, Scope, Conventions, and FormatsTypographical Conventions Manual Scope How to Use This Manual How to Print this Manual Printing a Page in the Html ViewPrinting a Chapter Printing the Full Manual Reference Manual for the ProSafe VPN Firewall FVS114 Key Features of the VPN Firewall Chapter Introduction Powerful, True Firewall with Content Filtering Security Autosensing Ethernet Connections with Auto Uplink Extensive Protocol Support Easy Installation and Management Maintenance and Support Package Contents FVS114 Rear Panel LED Descriptions DC power input ON/OFF switch NETGEAR-Related ProductsNetgear Product Registration, Support, and Documentation NETGEAR-Related Products Reference Manual for the ProSafe VPN Firewall FVS114 First, Connect the FVS114 Connecting the Firewall to the InternetPrepare to Install Your FVS114 ProSafe VPN Firewall VPN Firewall Modem Restart Your Network in the Correct Sequence Now, Configure the FVS114 for Internet Access Status lights Netgear Smart Wizard Configuration Assistant welcome screen Troubleshooting Tips Make sure the network settings of the computer are correctBe sure to restart your network in this sequence Make sure the Ethernet cables are securely plugged Overview of How to Access the FVS114 VPN Firewall Ways to access the firewall Login URL How to Bypass the Configuration Assistant Login result FVS114 home Using the Smart Setup Wizard How to Manually Configure Your Internet Connection ISP Does Not Require Login Reference Manual for the ProSafe VPN Firewall FVS114 10 Basic Settings ISP list Reference Manual for the ProSafe VPN Firewall FVS114 Chapter Firewall Protection Content Filtering Firewall Protection and Content Filtering Overview Block Sites Block Sites menu Using Rules to Block or Allow Specific Kinds of Traffic Rules menu Reference Manual for the ProSafe VPN Firewall FVS114 Inbound Rules Port Forwarding Inbound Rule Example a Local Public Web Server Rule example a local public Web server Outbound Rules Service Blocking Considerations for Inbound Rules Outbound Rule Example Blocking Instant Messenger Rule example blocking Instant Messenger Order of Precedence for Rules Rules table Services Services menu Add Custom Service menu Using a Schedule to Block or Allow Specific Traffic Schedule Time Zone Getting E-Mail Notifications of Event Logs and Alerts 10 E-mail menu Reference Manual for the ProSafe VPN Firewall FVS114 Viewing Logs of Web Access or Attempted Web Access 11 Logs menu Syslog Log entries are described in TableLog action buttons are described in Table Log entry descriptions Chapter Basic Virtual Private Networking VPN Tunnel Single Advanced methods see , Advanced Virtual Private Networking Configuration VPN Tunnel Configuring the Client-to-Gateway VPN Tunnel on the FVS114 VPN Wizard start screen Summary screen below displays Connection Name and Remote IP Type Vpnc Recommended Settings Configuring the Netgear ProSafe VPN Client on the Remote PC Select Secure in the Connection Security check box Security Policy Editor new connection 11 Security Policy Editor Security Policy 12 Security Policy Editor My Identity 13 Security Policy Editor Pre-Shared Key 15 Security Policy Editor Key Exchange 16 Running a Ping test to the LAN from the PC 18 Log Viewer screen Transferring a Security Policy to Another Client Exporting a Security Policy Select Export Security Policy from the File pulldown Importing a Security Policy Select the security policy to import Scenario1 FVS114 VPN Firewall PCs Procedure to Configure a Gateway-to-Gateway VPN Tunnel 23 VPN Wizard start screen 25 Remote IP 27 VPN Wizard Summary 28 VPN Recommended Settings 30 VPN Status/Log screen Start Using a VPN Tunnel to Activate It Using the VPN Status Page to Activate a VPN TunnelVPN Tunnel Control Activating a VPN Tunnel Activate the VPN Tunnel by Pinging the Remote Endpoint 32 VPN Status/Log screen Type ping -t 192.168.3.1 and then click OK Type ping Verifying the Status of a VPN Tunnel 36 Pinging test results Deactivating a VPN Tunnel 38 Current VPN Tunnels SAs screen Using the VPN Status Page to Deactivate a VPN Tunnel 39 VPN Policies Deleting a VPN Tunnel 41 Current VPN Tunnels SAs screen Virtual Private Using Policies to Manage VPN Traffic Using Automatic Key Management IKE Policies’ Automatic Key and Authentication Management IKE Policy Configuration Menu IKE Policy Configuration fields Field Description General VPN Policy Configuration for Auto Key Negotiation Field Description Remote VPN Auto Policy menu VPN Auto Policy Configuration Fields VPN Auto Policy fields are defined in the following table Authenticating Header AH VPN Policy Configuration for Manual Key Exchange Netbios Enable VPN Manual Policy menu VPN Manual Policy Configuration Fields VPN Manual Policy fields are defined in the following table Value in its Authentication Algorithm Key Out field Netbios Enable Walk-Through of Configuration Scenarios on the FVS114 Certificate Revocation List CRL VPN Consortium Scenario From Settings menu Are IPv4 WAN IP addresses FVS114 Internet IP Address menu LAN IP Setup menu Set up the IKE Policy illustrated below on the FVS114 Scenario 1 IKE Policy Set up the FVS114 VPN -Auto Policy illustrated below 10 Scenario 1 VPN Auto Policy How to Check VPN Connections Testing the Gateway a FVS114 LAN and the Gateway B LAN Install the trusted CA certificate for the Trusted Root CA FVS114 Scenario 2 FVS114 to FVS114 with RSA CertificatesObtain a root certificate Create a certificate request for the FVS114 11 Generate Self Certificate Request menu Highlight, copy and paste this data into a text file 12 Self Certificate Request data Click the Upload Certificate button 13 Self Certificate Requests table 14 Self Certificates table Set up Certificate Revocation List CRL checking Reference Manual for the ProSafe VPN Firewall FVS114 Chapter Maintenance Viewing VPN Firewall Status Information This screen shows the following parameters FVS114 Status fields Click Show WAN Status to display the WAN connection status This screen shows the following statisticsConnection Status fields Connection Status action buttons Router Statistics fields Click Show Statistics to display firewall usage statisticsWAN Status action buttons are described in the table below Viewing a List of Attached Devices Upgrading the Firewall Software Configuration File Management Router Upgrade menu Erasing the Configuration Backing Up the ConfigurationRestoring the Configuration Changing the Administrator Password Diagnostics Diagnostics menu Ping or Trace an IP address Reference Manual for the ProSafe VPN Firewall FVS114 Chapter Advanced Configuration WAN Setup Default DMZ Server How to Configure Dynamic DNS To assign a computer or server to be a Default DMZ serverClick Default DMZ Server Respond to Ping on Internet WAN Port Dynamic DNS Using the LAN IP Setup Options Configuring LAN TCP/IP Setup Parameters Reference Manual for the ProSafe VPN Firewall FVS114 Using the Firewall as a Dhcp server Using Address Reservation Configuring Static Routes Click Edit or Delete Static Routes table Enabling Remote Management Access Static Route Example Remote Management menu Https//134.177.0.1238080 UPnP UPnP menu Reference Manual for the ProSafe VPN Firewall FVS114 Basic Functioning Chapter TroubleshootingPower LED Not On LEDs Never Turn Off LAN or Internet Port LEDs Not On Troubleshooting the Web Configuration Interface Troubleshooting the ISP Connection Troubleshooting a TCP/IP Network Using a Ping Utility Testing the LAN Path to Your Firewall Testing the Path from Your PC to a Remote Device If the path is working, you see this messageIf the path is not working, you see this message Ping -n 10 IP address Restoring the Default Configuration and Password Problems with Date and Time Reference Manual for the ProSafe VPN Firewall FVS114 PPP over Ethernet PPPoE Appendix a Technical SpecificationsData and Routing Protocols Electromagnetic Emissions Interface Specifications10BASE-T or 100BASE-Tx, RJ-45 Appendix B Network, Routing, and Firewall Basics Related Publications Basic Router Concepts What is a Router? IP Addresses and the InternetRouting Information Protocol Is normally written as Figure B-1 Three Main Address Classes Equals NetmaskCombined with Subnet Addressing Figure B-2 Example of Subnetting a Class B Address Table B-1 Netmask notation translation table for one octet Table B-2. Netmask formats Private IP Addresses Table B-2 Netmask formats Single IP Address Operation Using NAT Figure B-3 Single IP Address Operation Using NAT Domain Name Server MAC Addresses and Address Resolution ProtocolRelated Documents IP Configuration by Dhcp Internet Security and Firewalls What is a Firewall? Denial of Service AttackEthernet Cabling Stateful Packet Inspection Table B-3 UTP Ethernet cable wiring, straight-through Category 5 Cable Quality Inside Twisted Pair Cables Figure B-4illustrates straight-through twisted pair cable Uplink Switches, Crossover Cables, and MDI/MDIX Switching Reference Manual for the ProSafe VPN Firewall FVS114 Reference Manual for the ProSafe VPN Firewall FVS114 What is a VPN? Appendix C Virtual Private Networking What Is IPSec and How Does It Work? IPSec Security FeaturesIPSec Components IPSec contains the following elements Encapsulating Security Payload ESP Authentication Header AH IKE Security Association Mode Understand the Process Before You Begin Key Management It functions as a VPN Process OverviewAddresses Table C-2 Subnet addressing VPN Tunnel Between GatewaysFirewalls IPSec Security Association IKE VPN Tunnel Negotiation Steps IPSec Security Association SA negotiation Vpnc IKE Phase I Parameters Vpnc IKE Security Parameters Additional Reading Testing and TroubleshootingVpnc IKE Phase II Parameters Relevant RFCs listed numerically Appendix D Preparing Your Network Preparing Your Computers for TCP/IP Networking Configuring Windows 95, 98, and Me for TCP/IP Networking Install or Verify Windows Networking Components Select Microsoft Select TCP/IP, and then click OK Restart your PC for the changes to take effect Enabling Dhcp to Automatically Configure TCP/IP SettingsChoose Settings, and then Control Panel Primary Network Logon is set to Windows logon Click OK to continue Restart the PC Selecting Windows’ Internet Access MethodVerifying TCP/IP Properties Configuring Windows NT4, 2000 or XP for IP Networking Double-click the Network and Dialup Connections icon Locate your Network Neighborhood icon Dhcp Configuration of TCP/IP in Windows XPThen, restart your PC Reference Manual for the ProSafe VPN Firewall FVS114 Dhcp Configuration of TCP/IP in Windows Reference Manual for the ProSafe VPN Firewall FVS114 Obtain an IP address automatically is selected Dhcp Configuration of TCP/IP in Windows NT4 Reference Manual for the ProSafe VPN Firewall FVS114 Verifying TCP/IP Properties for Windows XP, 2000, and NT4 TCP/IP Properties dialog box now displays Configuring the Macintosh for TCP/IP Networking Default gateway is Type exitMacOS 8.6 or MacOS Verifying TCP/IP Properties for Macintosh Computers Verifying the Readiness of Your Internet Account Are Login Protocols Used?What Is Your Configuration Information? Select the IP Address tab Select the Gateway tab Reference Manual for the ProSafe VPN Firewall FVS114 Restarting the Network Reference Manual for the ProSafe VPN Firewall FVS114 List of Glossary Terms Numeric AES Packet sent to all devices on a network DNS See Internet Control Message Protocol Internet service provider Megabits per second Set of rules for communication between devices on a network Radius See Wide Area Network Reference Manual for the ProSafe VPN Firewall FVS114 Reference Manual for the ProSafe VPN Firewall FVS114