Netgear FVS328 참조 매뉴얼
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
6-8
Protecting Your Network
May 2004, 202-10031-01
Examples of Using Services and Rules to Regulate Traffic
Use the examples to see how you combine Services and Rules to regulate how the TCP/IP
protocols are used on your firewall to enable either blocking or allowing specific Internet traffic on
your firewall.
protocols are used on your firewall to enable either blocking or allowing specific Internet traffic on
your firewall.
Inbound Rules (Port Forwarding)
Because the FVS328 uses Network Address Translation (NAT), your network presents only one IP
address to the Internet, and outside users cannot directly address any of your local computers.
However, by defining an inbound rule, also known as port forwarding, you can make a local server
(for example, a Web server or game server) visible and available to the Internet. The rule tells the
router to direct inbound traffic for a particular service to one local server based on the destination
port number. This is also known as port forwarding.
address to the Internet, and outside users cannot directly address any of your local computers.
However, by defining an inbound rule, also known as port forwarding, you can make a local server
(for example, a Web server or game server) visible and available to the Internet. The rule tells the
router to direct inbound traffic for a particular service to one local server based on the destination
port number. This is also known as port forwarding.
Follow these guidelines when setting up port forwarding inbound rules:
•
If your external IP address is assigned dynamically by your ISP, the IP address may change
periodically as the DHCP lease expires. Consider using the Dynamic DNS feature in the
Advanced menus so that external users can always find your network.
periodically as the DHCP lease expires. Consider using the Dynamic DNS feature in the
Advanced menus so that external users can always find your network.
•
If the IP address of the local server computer is assigned by DHCP, it may change when the
computer is rebooted. To avoid this, use the Reserved IP address feature in the LAN IP menu
to keep the computer’s IP address constant.
computer is rebooted. To avoid this, use the Reserved IP address feature in the LAN IP menu
to keep the computer’s IP address constant.
•
Local computers must access the local server using the local LAN address of the computer.
Attempts by local computers to access the server using the external WAN IP address will fail.
Attempts by local computers to access the server using the external WAN IP address will fail.
Remember that allowing inbound services opens holes in your FVS328 Firewall. Only enable
those ports that are necessary for your network. Following are two application examples of
inbound rules:
those ports that are necessary for your network. Following are two application examples of
inbound rules:
Note:
Some home broadband accounts do not allow you to run any server processes
(such as a Web or FTP server). Your ISP may check for servers and suspend your
account if it discovers active servers at your location. If you are unsure, refer to the
Acceptable Use Policy of your ISP.
account if it discovers active servers at your location. If you are unsure, refer to the
Acceptable Use Policy of your ISP.