This Chapter explains when and how to use the Broadband Router's "Advanced" Features.
The following advanced features are provided.
This screen provides access to the advanced features. An example screen is shown below.
This screen allows configuration of all advanced features relating to Internet access.
An example screen is shown below.
Most applications are supported transparently by the Broadband Router. But sometimes it is not clear which PC should receive an incoming connection. This problem could arise with the Communication Applications listed on this screen.
If this problem arises, you can use this screen to set which PC should receive an incoming connection, as described below.
Communication Applications |
|
Select an Application
|
This lists applications which may generate incoming connections, where the
destination PC (on your local LAN) is unknown.
|
Send incoming calls to
|
This lists the PCs on your LAN.
|
If you use Internet applications which use non-standard connections or port numbers, you may find that they do not function correctly because they are blocked by the Broadband Router's firewall. In this case, you can define the application as a "Special Application".
This screen can be reached by clicking the Special Applications button on the Internet screen.
You can then define your Special Applications. You will need detailed information about the application; this is normally available from the supplier of the application.
Also, note that the terms "Incoming" and "Outgoing" on this screen refer to traffic from the client (PC) viewpoint
Use this to Enable or Disable this Special Application as required.
|
|
Name
|
Enter a descriptive name to identify this Special Application.
|
Incoming
Ports |
|
Outgoing
Ports |
|
If an application still cannot function correctly, try using the "DMZ" feature. |
This feature, if enabled, allows one (1) computer on your LAN to be exposed to all users on the Internet, allowing unrestricted 2-way communication between the "DMZ PC" and other Internet users or Servers.
The "DMZ PC" is effectively outside the Firewall, making it more vulnerable to attacks. For this reason, you should only enable the DMZ feature when required. |
The URL Filter allows you to block access to undesirable Web site
Click the "Configure URL Filter" button on the Internet screen to access the URL Filter screen. An example screen is shown below.
Filter Strings |
|
Current Entries
|
This lists any existing entries. If you have not entered any values, this
list will be empty.
|
Add Filter String
|
To add an entry to the list, enter it here, and click the "Add"
button.
An entry may be a Domain name (e.g. www.trash.com) or simply a string. (e.g. ads/ ) Any URL which contains ANY entry ANYWHERE in the URL will be blocked. |
Buttons |
|
Delete/Delete All
|
Use these buttons to delete the selected entry or all entries, as required.
Multiple entries can be selected by holding down the CTRL key while
selecting.(On the Macintosh, hold the SHIFT key while selecting.)
|
Add
|
Use this to add the current Filter String to the site list.
|
This feature is accessed by the Access Control link on the Advanced menu.
The Access Control feature allows administrators to restrict the level of Internet Access available to PCs on your LAN. With the default settings, everyone has unrestricted Internet access.
To use this feature:
Restrictions are imposed by blocking "Services", or types of connections. All common Services are pre-defined. |
To view this screen, select the Access Control link on the Advanced menu.
Group |
|
Group
|
Select the desired Group. The screen will update to display the settings
for the selected Group. Groups are named "Default", "Group 1", "Group 2", "Group
3" and "Group 4", and cannot be re-named.
|
"Members" Button
|
Click this button to add or remove members from the current Group.
See the following section for details of the Group Members
screen.
|
Internet Access |
|
Restrictions
|
Select the desired options for the current group:
|
Block by Schedule
|
If Internet access is being blocked, you can choose to apply the blocking
only during scheduled times. (If access is not blocked, no Scheduling is
possible, and this setting has no effect.)
|
Define Schedule Button
|
Clicking this will open a sub-window where you can define or modify the
Schedule.
|
Services
|
This lists all defined Services. Select the Services you wish to block. To
select multiple services, hold the CTRL key while selecting. (On the Macintosh,
hold the SHIFT key rather than CTRL.)
|
Edit Service List Button
|
If you wish to define additional Services, or manage the Service list,
click this button to open the "Services" screen.
|
Buttons |
|
Members
|
Click this button to add or remove members from the current Group.
If the current group is "Default", then members can not be added or
deleted. This group contains PCs not allocated to any other group.
See the following section for details of the Group Members
screen.
|
Define Schedule
|
Click this to open a sub-window where you can define or modify the
Schedule.
|
Edit Service List
|
If you wish to define additional Services, or manage the Service list,
click this button to open the "Services" screen.
|
Save
|
Save the data on screen.
|
Cancel
|
Reverse any changes made since the last "Save".
|
View Log
|
Click this to open a sub-window where you can view the "Access Control"
log. This log shows attempted Internet accesses which have been blocked by the
Access Control feature.
|
Clear Log
|
Click this to clear and restart the "Access Control" log, making new
entries easier to read.
|
This screen is displayed when the Members button on the Access Control screen is clicked.
Use this screen to add or remove members (PCs) from the current group.
PCs not assigned to any group will be in the "Default" group. |
This screen is displayed when the Define Schedule button on the Access Control screen is clicked.
Day
|
Each day of the week can scheduled independently.
|
Session 1
Session 2 |
Two (2) separate sessions or periods can be defined. Session 2 can be left
blank if not required.
|
Start Time
|
Enter the start using a 24 hr clock.
|
Finish Time
|
Enter the finish time using a 24 hr clock.
|
This screen is displayed when the Edit Service List button on the Access Control screen is clicked.
Available Services |
|
Available Services
|
This lists all the available services.
|
"Delete" button
|
Use this to delete any Service you have added. Pre-defined Services can not
be deleted.
|
Add New Service |
|
Name
|
Enter a descriptive name to identify this service.
|
Type
|
Select the protocol (TCP, UDP, ICMP) used to the remote system or
service.
|
Start Port
|
For TCP and UDP Services, enter the beginning of the range of port numbers
used by the service. If the service uses a single port number, enter it in both
the "Start" and "Finish" fields.
|
Finish Port
|
For TCP and UDP Services, enter the end of the range of port numbers used
by the service. If the service uses a single port number, enter it in both the
"Start" and "Finish" fields.
|
ICMP Type
|
For ICMP Services, enter the type number of the required service.
|
Buttons |
|
Delete
|
Delete the selected service from the list.
|
Save
|
Add a new entry to the Service list, using the data shown in the "Add New
Service" area on screen.
|
Cancel
|
Clear the " Add New Service " area, ready for entering data for a new
Service.
|
To check the operation of the Access Control feature, an Access Control Log is provided. Click the View Log button on the Access Control screen to view this log.
This log shows attempted Internet accesses which have been blocked by the Access Control function.
Data shown in this log is as follows:
Date/Time
|
Date and Time of the attempted access.
|
Name
|
If known, the name of the PC whose access was blocked. This name is taken
from the Network Clients database
|
Source IP address
|
The IP Address of the PC or device whose access request was blocked
|
MAC address
|
The hardware or physical address of the PC or device whose access request
was blocked
|
Destination
|
The destination URL or IP address
|
This feature allows you to manage the Broadband Router via the Internet.
Remote Management |
|
Enable Remote Management
|
Enable to allow management via the Internet. If Disabled, this device will
ignore management connection attempts from the Internet.
|
Port Number
|
Enter a port number between 1024 and 65535 (8080 is recommended). This port
number must be specified when you connect (see below).
Note: The default port number for HTTP (Web) connections is port 80,
but using port 80 here will prevent the use of a Web "Virtual Server" on your
LAN. (See Advanced Internet - Virtual Servers)
|
Current IP Address
|
You must use this IP Address to connect (see below).
This IP Address is allocated by your ISP. But if using a Dynamic IP
Address, this value can change each time you connect to your ISP. So it is
better if your ISP allocates you a Fixed IP Address.
|
To connect from a remote PC via the Internet
HTTP://123.123.123.123:8080
This example assumes the WAN IP Address is 123.123.123.123, and the port number is 8080.
This feature allows you to make Servers on your LAN accessible to Internet users. Normally, Internet users would not be able to access a server on your LAN because:
The "Virtual Server" feature solves these problems and allows Internet users to connect to your servers, as illustrated below.
Note that, in this illustration, both Internet users are connecting to the same IP Address, but using different protocols.
To Internet users, all virtual Servers on your LAN have the same IP Address. This IP Address is allocated by your ISP.
This address should be static, rather than dynamic, to make it easier for Internet users to connect to your Servers.
However, you can use the DDNS (Dynamic DNS) feature to allow users to connect to your Virtual Servers using a URL, instead of an IP Address.
The Virtual Servers screen is reached by the Virtual Servers link on the Advanced screen. An example screen is shown below.
This screen lists a number of pre-defined Servers, and allows you to define your own Servers. Details of the selected Server are shown in the "Properties" area.
Servers |
|
Servers
|
This lists a number of pre-defined Servers, plus any Servers you have
defined. Details of the selected Server are shown in the "Properties"
area.
|
Properties |
|
Enable
|
Use this to Enable or Disable support for this Server, as required.
|
PC (Server)
|
Select the PC for this Server. The PC must be running the appropriate
Server software.
|
Protocol
|
Select the protocol (TCP or UDP) used by the Server.
|
Internal Port No.
|
Enter the port number which the Server software is configured to use.
|
External Port No.
|
The port number used by Internet users when connecting to the Server. This
is normally the same as the Internal Port Number. If it is different, this
device will perform a "mapping" or "translation" function, allowing the server
to use one port address, while clients use a different port address.
|
Buttons |
|
Defaults
|
This will delete any Servers you have defined, and set the pre-defined
Servers to use their default port numbers.
|
Disable All
|
This will cause the "Enable" setting of all Virtual Servers to be set
OFF.
|
Add as New Server
|
Add a new entry to the Virtual Server list, using the data shown in the
"Properties" area on screen. The entry selected in the list is ignored, and has
no effect.
|
Update Selected Server
|
Update the current Virtual Server entry, using the data shown in the
"Properties" area on screen.
|
Delete
|
Delete the current Virtual Server entry. Note that the pre-defined Servers
can not be deleted. Only Servers you have defined yourself can be deleted.
|
Clear Form
|
Clear all data from the "Properties" area, ready for input of a new Virtual
Server entry.
|
For each entry, the PC must be running the appropriate Server software. |
If the type of Server you wish to use is not listed on the Virtual Servers screen, you can define and manage your own Servers:
Create a new Server:
|
|
Modify (Edit) a Server:
|
|
Delete a Server:
|
Note: You can only delete Servers you have defined. Pre-defined
Server cannot be deleted.
|
From the Internet, ALL Virtual Servers have the IP Address allocated by your ISP. |
Once configured, anyone on the Internet can connect to your Virtual Servers.
They must use the Internet IP Address (the IP Address allocated to you by your
ISP).
e.g.
http://203.70.212.52
ftp://203.70.212.52
It is more convenient if you are using a Fixed IP Address from your ISP,
rather than Dynamic. However, you can use the Dynamic DNS feature,
described in the following section, to allow users to connect to your Virtual
Servers using a URL, rather than an IP Address.
This free service is very useful when combined with the Virtual Server feature. It allows Internet users to connect to your Virtual Servers using a URL, rather than an IP Address.
This also solves the problem of having a dynamic IP address. With a dynamic IP address, your IP address may change whenever you connect, which makes it difficult to connect to you.
The Service works as follows:
Select Advanced on the main menu, then Dynamic DNS, to see a screen like the following:
DDNS Service |
|
DDNS Service
|
|
DDNS Data |
|
User Name
|
Enter the "User name" specified at the www.dyndns.org Web site when you
registered.
|
Password
|
Enter your current password for www.dyndns.org
|
Domain Name
|
|
DDNS Status
|
This message is returned by the DDNS Server at www.dyndns.org
|
The firmware (software) in the Broadband Router can be upgraded using your Web Browser.
You must first download the upgrade file, then select Upgrade on the Advanced menu. You will see a screen like the following.
To perform the Firmware Upgrade:
The Broadband Router is unavailable during the upgrade process, and must restart when the upgrade is completed. Any connections to or through the Broadband Router will be lost. |