User manual BILLION BIPAC 6404VGP

[. . . ] BiPAC 6404VP / 6404VGP VoIP/(802. 11g) Broadband Firewall Router User's Manual Version Release 5. 08a Last Revision Date: 05-07-2007 Table of Contents CHAPTER 1: INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 INTRODUCTION TO YOUR ROUTER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 FEATURES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 CHAPTER 2: INSTALLING THE ROUTER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [. . . ] The "Block WAN Request" is a stand-alone function and not relate to whether security enable or disable. Mostly it is for preventing any scan tools from WAN site by hacker. Any remote user who is attempting to perform this action may result in blocking all the accesses to configure and manage of the device from the Internet. Chapter 4: Configuration 45 VoIP/(802. 11g) Broadband Firewall Router Packet Filter This function is only available when the Firewall is enabled and one of these four security levels is chosen (All blocked, High, Medium and Low). The predefined port filter rules in the Packet Filter must modify accordingly to the level of Firewall, which is selected. See Table1: Predefined Port Filter for more detailed information. Chapter 4: Configuration 46 VoIP/(802. 11g) Broadband Firewall Router Example: Predefined Port Filters Rules The predefined port filter rules for High, Medium and Low security levels are listed. See Table 1. Note: Firewall ­ All Blocked/User-defined, you must define and create the port filter rules yourself. No predefined rule is being preconfigured. Table 1: Predefined Port Filter Application Protocol Port Number Start HTTP(80) DNS (53) DNS (53) FTP(21) Telnet(23) SMTP(25) POP3(110) NEWS(NNTP) (Network News Transfer Protocol) Firewall - Low Firewall - Medium Firewall ­ High End 80 53 53 21 23 25 110 119 Inbound Outbound Inbound Outbound Inbound Outbound NO NO NO NO NO NO NO NO YES NO YES YES NO NO NO NO YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES NO NO NO NO NO NO NO NO YES NO NO NO NO NO NO NO N/A N/A YES YES YES YES YES YES YES YES YES YES YES YES YES YES NO YES N/A N/A NO NO NO NO NO NO NO NO NO NO NO NO NO NO NO N/A N/A N/A YES YES YES NO NO YES YES NO NO YES NO NO NO YES NO N/A N/A N/A TCP(6) UDP(17) TCP(6) TCP(6) TCP(6) TCP(6) TCP(6) TCP(6) 80 53 53 21 23 25 110 119 RealAudio/ RealVideo (7070) PING H. 323(1720) T. 120(1503) SSH(22) NTP/SNTP HTTP/HTTP Proxy (8080) HTTPS(443) ICQ (5190) MSN (1863) UDP(17) 7070 7070 ICMP(1) TCP(6) TCP(6) TCP(6) UDP(17) TCP(6) TCP(6) TCP(6) TCP(6) N/A N/A 1720 1720 1503 1503 22 123 22 123 8080 8080 443 443 5190 5190 1863 1863 Chapter 4: Configuration 47 VoIP/(802. 11g) Broadband Firewall Router MSN (7001) UDP(17) 7001 7001 MSN VEDIO (9000) TCP(6) 9000 9000 YES NO YES YES N/A N/A N/A N/A N/A N/A N/A N/A Inbound: Internet to LAN ; Outbound: LAN to Internet. YES: Allowed ; NO: Blocked ; N/A: Not Applicable Chapter 4: Configuration 48 VoIP/(802. 11g) Broadband Firewall Router Packet Filter ­ Add TCP/UDP Filter Rule Name: Users-define description to identify this entry or click predefined rules. The maximum name length is 32 characters. to select existing Time Schedule: It is self-defined time period. For setup and detail, refer to Time Schedule section Source IP Address(es) / Destination IP Address(es): This is the Address-Filter used to allow or block traffic to/from particular IP address(es). Selecting the Subnet Mask of the IP address range you wish to allow/block the traffic to or form; set IP address and Subnet Mask to 0. 0. 0. 0 to inactive the Address-Filter rule. Tip: To block access, to/from a single IP address, enter that IP address as the Host IP Address and use a Host Subnet Mask of "255. 255. 255. 255". Type: It is the packet protocol type used by the application, select TCP, UDP or both TCP/UDP. Source Port: This Port or Port Ranges defines the port allowed to be used by the Remote/WAN to connect to the application. Destination Port: This is the Port or Port Ranges that defines the application. Select Allow or Block the access to the Internet ("Outbound") or from the Inbound / Outbound: Internet ("Inbound"). Click Apply button to apply your changes. Chapter 4: Configuration 49 VoIP/(802. 11g) Broadband Firewall Router Packet Filter ­ Add Raw IP Filter Rule Name: Users-define description to identify this entry or click predefined rules. to select existing Time Schedule: It is self-defined time period. For setup and detail, refer to Time Schedule section Protocol Number: Insert the port number, i. e. Select Allow or Block the access to the Internet ("Outbound") or from the Click Apply button to apply your changes. Chapter 4: Configuration 50 VoIP/(802. 11g) Broadband Firewall Router Example: Configuring your firewall to allow for a publicly accessible web server on your LAN The predefined port filter rule for HTTP (TCP port 80) is the same no matter whether the firewall is set to a high, medium or low security level. To setup a web server located on the local network when the firewall is enabled, you have to configure the Port Filters setting for HTTP. As you can see from the diagram below, when the firewall is enabled with one of the three presets (Low/Medium/High), inbound HTTP access is not allowed which means remote access through HTTP to your router is not allowed. Note: Inbound indicates accessing from Internet to LAN and Outbound is from LAN to the Internet. Chapter 4: Configuration 51 VoIP/(802. 11g) Broadband Firewall Router Configuring Packet Filter: 1. You will then be presented with the predefined port filter rules screen (in this case for the low security level), shown below: Note: You may click Edit the predefined rule instead of Delete it. This is an example to show to how you add a filter on your own. Click Delete 2. Click Add TCP/UDP Filter. Click Add TCP/UDP Filter 4. Input the Rule Name, Time Schedule, Source/Destination IP, Type, Source/Destination Port, Inbound and Outbound. Example: Application: Cindy_HTTP Time Schedule: Always On Source / Destination IP Address(es): 0. 0. 0. 0 (I do not wish to active the address-filter, instead I use the port-filter) Type: TCP (Please refer to Table1: Predefined Port Filter) Source Port: 0-65535 (I allow all ports to connect with the application)) Redirect Port: 80-80 (This is Port defined for HTTP) Inbound / Outbound: Allow Chapter 4: Configuration 52 VoIP/(802. 11g) Broadband Firewall Router 5. The new port filter rule for HTTP is shown below: 6. Configure your Virtual Server ("port forwarding") settings so that incoming HTTP requests on port 80 will be forwarded to the PC running your web server: Note: For how to configure the HTTP in Virtual Server, go to Add Virtual Server in Virtual Server section for more details. . Chapter 4: Configuration 53 VoIP/(802. 11g) Broadband Firewall Router Intrusion Detection The router's Intrusion Detection System (IDS) is used to detect hacker attacks and intrusion attempts from the Internet. [. . . ] Write Community: Specify a name to be identified as the Write Community, and an IP address. This community string will be checked against the string entered in the configuration file. Once the string name is matched, users from this IP address will be able to view and modify the data. Trap Community: Specify a name to be identified as the Trap Community, and an IP address. [. . . ]