IPv4 Firewall Protection
112
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Inbound Rules (Port Forwarding)
If you have enabled Network Address Translation (NAT), your network presents only one IP
address to the Internet, and outside users cannot directly access any of your local computers
(LAN users). (For information about configuring NAT, see Network Address Translation on
page 31.) However, by defining an inbound rule you can make a local server (for example, a
web server or game server) visible and available to the Internet. The rule informs the firewall
to direct inbound traffic for a particular service to one local server based on the destination
port number. This process is also known as port forwarding.
Whether or not DHCP is enabled, how the PC accesses the server’s LAN address impacts
the inbound rules. For example:
• If
your external IP address is assigned dynamically by your ISP (DHCP enabled), the IP
address might change periodically as the DHCP lease expires. Consider using Dyamic
DNS so that external users can always find your network (see Configure Dynamic DNS
on page 40).
• If
the IP address of the local server PC is assigned by DHCP, it might change when the
PC is rebooted. To avoid this, use the Reserved (DHCP Client) feature in the LAN Groups
screen to keep the PC’s IP address constant (see Set Up Address Reservation on
page 64).
• Lo
cal PCs need to access the local server using the PCs’ local LAN address. Attempts by
local PCs to access the server using the external WAN IP address will fail.
Note: See Configure Port Triggering on page 151 for yet another way to
allow certain types of inbound traffic that would otherwise be blocked
by the firewall.
Note: The wireless VPN firewall always blocks denial of service (DoS)
attacks. A DoS attack does not attempt to steal data or damage your
PCs, but overloads your Internet connection so you cannot use it
(that is, the service becomes unavailable).
Note: When the Block TCP Flood and Block UDP Flood check boxes are
selected on the Attack Checks screen (see
Attack Checks on
page 132), multiple concurrent connections of the same application
from one host or IP address (such as multiple
DNS queries from one
PC) trigger the wireless VPN firewall’s DoS protection.
To Next Page
Loading...
