Netgear FVL328 参照マニュアル
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
Protecting Your Network
5-7
May 2004, 202-10030-02
Examples of Using Services and Rules to Regulate Traffic
Use the examples to see how you combine Services and Rules to regulate how the TCP/IP
protocols are used on your firewall to enable either blocking or allowing specific Internet traffic on
your firewall.
protocols are used on your firewall to enable either blocking or allowing specific Internet traffic on
your firewall.
Inbound Rules (Port Forwarding)
Because the FVL328 uses Network Address Translation (NAT), your network presents only one IP
address to the Internet, and outside users cannot directly address any of your local computers.
However, by defining an inbound rule, also known as port forwarding, you can make a local server
(for example, a Web server or game server) visible and available to the Internet. The rule tells the
router to direct inbound traffic for a particular service to one local server based on the destination
port number. This is also known as port forwarding.
address to the Internet, and outside users cannot directly address any of your local computers.
However, by defining an inbound rule, also known as port forwarding, you can make a local server
(for example, a Web server or game server) visible and available to the Internet. The rule tells the
router to direct inbound traffic for a particular service to one local server based on the destination
port number. This is also known as port forwarding.
Follow these guidelines when setting up port forwarding inbound rules:
•
If your external IP address is assigned dynamically by your ISP, the IP address may change
periodically as the DHCP lease expires. Consider using the Dynamic DNS feature in the
Advanced menus so that external users can always find your network.
periodically as the DHCP lease expires. Consider using the Dynamic DNS feature in the
Advanced menus so that external users can always find your network.
•
If the IP address of the local server computer is assigned by DHCP, it may change when the
computer is rebooted. To avoid this, use the Reserved IP address feature in the LAN IP menu
to keep the computer’s IP address constant.
computer is rebooted. To avoid this, use the Reserved IP address feature in the LAN IP menu
to keep the computer’s IP address constant.
•
Local computers must access the local server using the local LAN address of the computer.
Attempts by local computers to access the server using the external WAN IP address will fail.
Attempts by local computers to access the server using the external WAN IP address will fail.
Remember that allowing inbound services opens holes in your FVL328 Firewall. Only enable
those ports that are necessary for your network. Following are two application examples of
inbound rules:
those ports that are necessary for your network. Following are two application examples of
inbound rules:
Note:
Some home broadband accounts do not allow you to run any server processes
(such as a Web or FTP server). Your ISP may check for servers and suspend your
account if it discovers active servers at your location. If you are unsure, refer to the
Acceptable Use Policy of your ISP.
account if it discovers active servers at your location. If you are unsure, refer to the
Acceptable Use Policy of your ISP.