Aug 25

What is the INBOUND FILTER, and how can it be used?

Knowledgebase No Comments »

When you use the Virtual Server, Port Forwarding, or Remote Administration features to open specific ports to traffic from the Internet, you could be increasing the exposure of your LAN to cyberattacks from the Internet.

In these cases, you can use Inbound Filters to limit that exposure by specifying the IP addresses of internet hosts that you trust to access your LAN through the ports that you have opened. You might, for example, only allow access to a game server on your home LAN from the computers of friends whom you have invited to play the games on that server.

Inbound Filters can be used for limiting access to a server on your network to a system or group of systems. Filter rules can be used with Virtual Server, Gaming, or Remote Administration features. Each filter can be used for several functions; for example a “Game Clan” filter might allow all of the members of a particular gaming group to play several different games for which gaming entries have been created. At the same time an “Admin” filter might only allows systems from your office network to access the WAN admin pages and an FTP server you use at home. If you add an IP address to a filter, the change is effected in all of the places where the filter is used.

Add/Edit Inbound Filter Rule

Here you can add entries to the Inbound Filter Rules List below, or edit existing entries.

Name

Enter a name for the rule that is meaningful to you.

Action

The rule can either Allow or Deny messages.

Source IP Range

Define the ranges of Internet addresses this rule applies to. For a single IP address, enter the same address in both the Start and End boxes. Up to eight ranges can be entered. The Enable checkbox allows you to turn on or off specific entries in the list of ranges.

Save
Saves the new or edited Inbound Filter Rule in the following list. When finished updating the Inbound Filter Rules List, you must still click the Save Settings button at the top of the page to make the changes effective and permanent.

Inbound Filter Rules List

The section lists the current Inbound Filter Rules. An Inbound Filter Rule can be changed by clicking the Edit icon, or deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the “Edit Inbound Filter Rule” section is activated for editing.

In addition to the filters listed here, two predefined filters are available wherever inbound filters can be applied:

Allow All

Permit any WAN user to access the related capability.

Deny All

Prevent all WAN users from accessing the related capability. (LAN users are not affected by Inbound Filter Rules.)

Tags: , ,

Mar 21

What is the difference between Virtual Server and Port Forwarding?

Knowledgebase 2 Comments »

Virtual Server – is used to forward a specific external port to an internal port in a one port to one port relationship. This would allow WAN side connections to come to the LAN side of your network. Virtual Server settings are commonly used for Port Redirection, when you use a public port that is different from the private port. This use is common if you are accessing multiple cameras. For for ease of use, you keep the cameras all on port 80 to view the web interface, but because the router will only allow port 80 to be opened to one IP, you would use Virtual server to redirect other ports to the LAN side cameras on port 80.

Example: In Virtual Server you would set your first camera as public port 81, private port of 80 and set it private IP accordingly. Then make the second camera public port 82, private port 80 and set its private IP accordingly. Internally (from LAN) both camera can be accessed at their IP address and port 80. From the outside(from WAN) they are access from the WAN ip address and their respective Public port, camera one at 81 and camera two at 82. http://wan-ip-address:81 typed into your browser will show you the web page of camera one.

Port Forwarding – is used to allow data to come from the WAN (Internet) and pass through the firewall to the destination ip address(s). This is used when a device or application behind the firewall of your router needs access to a range of ports to function properly. (E.g. online games or gaming consoles, FTP servers and network cameras.)
However, no two devices or machines on the LAN side of the router can use the same port number at the same time.

Example: In the case of the camera above, for Virtual Server, you kept the HTTP port as 80 and used Virtual Server to make the public port 81. To cover the streaming ports, Audio, Video, and control (DCS-5300G) you will have to set each port range unique to each camera and put those ranges in Port Forwarding. You can keep 5001-5003 for camera one but need to make camera two unique, may be 5004-5006.

In the end you will have used the Virtual Server for redirection and the Port Forwarding rules to allow a range of ports through the router to a LAN side device.

Tags: ,