Asus Router RX3042H User Manual
Have a look at the manual Asus Router RX3042H User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 379 Asus manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
RX3042H User's Manual Configuring Firewall 79 Figure 9.8. Self-Access ACL Configuration Example 9.6.2 Modify a Self-Access Rule To modify a Self-Access rule, follow the instructions below: 1. Open the Self-Access ACL configuration page by clicking Firewall/NAT ->Self-Access ACL menu. 2. Click on the icon of the Self-Access rule to be modified in the Existing Self-Access ACL table or select the Self-Access ACL from the ID drop-down list. 3. Make desired changes to any or all of the following fields: action, source/destination IP, service, time and log. Please see Table 9.3 for explanation of these fields. 4. Click on the " Modifiy" button to save the changes. The new settings for this Self-Access rule will then be displayed in the Existing Self-Access ACL table located at the bottom half of the Self-Access ACL configuration page. 9.6.3 Delete a Self-Access Rule To delete a Self-Access rule, click on the icon of the rule to be deleted. Example Figure 9.8 shows a sample self-access ACL configuration to allow HTTP traffic from any one to RX3042H.
Configuring Firewall RX3042H User's Manual 80 9.7 Configure Virtual Server Virtual server allows you to configure up to ten public servers, such as a Web, E-mail, FTP server and etc. accessible by external users of the Internet. Each service is provided by a dedicated server configured with a fixed IP Address. Although the internal service addresses are not directly accessible to the external users the router is able to identify the service requested by the service port number and redirects the request to the appropriate internal server. Note: RX3042H supports only one server of any particular type at a time. 9.6.4 View Configured Self-Access Rules To see existing Self-Access Rules, just open the Self-Access ACL configuration page by clicking Firewall/NAT ->Self-Access ACL menu. Figure 9.9. Virtual Server Configuration Page 9.7.1 Virtual Server Configuration Parameters Table 9.5 describes the configuration parameters available for
RX3042H User's Manual Configuring Firewall 81 virtual server configuration. Table 9.5. Virtual Server Configuration Parameters SettingDescription ID Add NewClick on this option to add a new virtual server. NumberSelect the ID of a virtual server from the drop-down list to modify its settings. Move to This option allows you to set a priority for virtual server rule check. NAT does the IP and/or port mapping based on the priority of the rules. Set a priority by specifying a number for its position in the list of rules 1 (First)This number marks the highest priority. Other numbers Select other numbers to indicate the priority you wish to assign to the rule. Destination IP This option allows you to set the destination network to which this rule should apply. Use the drop-down list to select one of the following options: Any IP Address Enter the IP address of the virtual server if the virtual server has a known public IP address. InterfaceUse the IP address of the selected interface as the destination IP address. Available options are: eth1 (WAN1) eth2 (WAN2) ppp1 (WAN1 – unnumbered) ppp2 (WAN2 – unnumbered) ppp3 (WAN1 – PPPoE 1) ppp4 (WAN1 – PPPoE 2) ppp5 (WAN2 – PPPoE 1) ppp6 (WAN2 – PPPoE 2) ServiceSelect a service, from the drop-down list, to which this rule should apply. If the desired service is not listed, click on the Edit button to create a new service. Redirect IPEnter the IP address of the computer (usually a server in your LAN) that you want the incoming traffic to be directed. For example, if IP address of the web server on your LAN is 192.168.1.28, please enter 192.168.1.28 here.
Configuring Firewall RX3042H User's Manual 82 SettingDescription Redirect Service Select a service, from the drop-down list, to which this rule should apply. If the desired service is not listed, click on the "Edit" button to create a new service. Bypass ACLCheck this option if you do not want firewall to perform access control on this virtual server. This means that the virtual server allows anyone to access the service provided. If you want to control who has access to this virtual server, un-check this option and create a proper ACL rule to control access to the virtual server. Table 9.6. Port Numbers for Popular Applications ApplicationService Port Numbers AOE II (Server)2300-2400 AUTH 113 Baldurs Gate II2300-2400 Battle Isle3004-3004 Counter Strike27005-27015 Cu See Me7648-7648, 56800, 24032 Diablo II4000-4000 DNSUDP 53-53 FTPTCP 21-21 FTPTCP 20(ALG)-21 GOPHERTCP 70-70 HTTPTCP 80-80 THHP8080TCP 8080-80880 HTTPSTCP 443-443 I-phone 5.0TCP/UDP 22555-22555 ISAKMPUDP 500-500 mirc66011-700 MSN Messenger1863 ALG Need for Speed 59400-9400 Netmeeting Audio TCPP 1731-1731 Netmeeting CallTCP 1720-1720 Netmeeting ConferenceUDP 495000-49700 Netmeeting File Transfer TCP 1503--1503
RX3042H User's Manual Configuring Firewall 83 ApplicationService Port Numbers Netmeeting or VoIP 1503-1503, 1720(ALG) NEWS TCP 119-119 PC Anywhere TCP 5631 PC Anywhere TCP 5631, UDP 5632 POP3TCP 110-110 Powwow Chat13233-13233 Red Alert II 1234-1237 SMTP TCP 25-25 Sudden Strike2300-2400 TELNETTCP 23-23 Win VNCUDP 5800-5800 9.7.2 Virtual Server Example 1 – Web Server Figure 9.10 illustrates the network topology for the web server deployment. This web server provides HTTP service using TCP port 8080. Figure 9.10. Virtual Server Deployment Topology Following describes the procedure to setup the web server as illustrated in Figure 9.10. 1. Open the Virtual Server configuration page, as shown in Figure 9.9, by clicking the Firewall/NAT ->Virtual Server menu. 2. Select destination IP type and service type as shown in Figure 9.11.
Configuring Firewall RX3042H User's Manual 84 Figure 9.11. Virtual Server Example 1 – Web Server 3. Enter the IP address of the web server, which is 192.168.1.28, in Redirect IP field. 4. Since the web server is not using the standard TCP port, which is 80, for providing the http service, a new service type must be created for http service using TCP port 80. Click on the Edit button on the redirect service field to create a new service type. In the popped up Service configuration page, enter the service name, protocol and port number as shown in Figure 9.12 and then click on the Add to list to create the new service type, HTTP_8080. Finally, click the Save & Exit button to save the new service. Figure 9.12. Adding a New Service
RX3042H User's Manual Configuring Firewall 85 5. Select the service, HTTP_8080, from the Redirect Service drop- down list. 6. Click Add to save the virtual server settings. 9.7.3 Virtual Server Example 2 – FTP Server Figure 9.10 illustrates the network topology for the FTP server deployment. This FTP server provides FTP service using standard FTP port. Following describes the procedure to setup the FTP server as illustrated in Figure 9.10. 1. Open the Virtual Server configuration page, as shown in Figure 9.9, by clicking the Firewall/NAT ->Virtual Server menu. 2. Enter the needed information as shown in Figure 9.13. 3. Click Add to save the virtual server settings. Figure 9.13. Virtual Server Example 2 – FTP Server 9.8 Configure Special Application Some applications use multiple TCP/UDP ports to transmit data. Due to NAT, these applications cannot work with the router. Special Application setting allows some of these applications to work properly.
Configuring Firewall RX3042H User's Manual 86 Note: Only one PC can use one particular special application at a time.. 9.8.1 Special Application Configuration Parameters Table 9.7 describes the configuration parameters available for virtual server configuration. Table 9.7. Special Application Configuration Parameters SettingDescription EnabledCheck this box to activate the policy. Trigger ProtocolSelect the protocol type from the drop-down list. The available options are TCP, UDP and TCP/UDP. Outgoing (Trigger) PortThe port range this application uses when it sends outbound packets. The outgoing port numbers act as the trigger. When the router detects the outgoing packets with these port numbers, it will allow the corresponding inbound packets with the incoming port numbers specified in the Incoming Port Range field to pass through the router. For a list of port numbers used by some popular applications, please refer to Table 9.8 Incoming Protocol The protocol that the corresponding inbound packet used. The available options are TCP, UDP and TCP/ UDP. Incoming PortThe port range that the corresponding inbound packet used. For a list of port numbers used by some popular applications, please refer to Table 9.8. Note that port range is indicated by a pair of numbers w/ a dash separating the numbers, e.g. 100-200. Multiple port ranges is separated by a comma, e.g. 100-200, 700-800. CommentYou may enter a description for the application here, e.g. a name identifying the application. Table 9.8. Port Numbers for Popular Applications ApplicationOutgoing Port Number Incoming Port Range Battle.net 61126112 DialPad717551200, 51201, 51210
RX3042H User's Manual Configuring Firewall 87 ApplicationOutgoing Port Number Incoming Port Range ICU II20192000-2038, 2050-2051, 2069, 2085, 3010-3030 MSN Gaming Zone476242300-2400, 28800-29000 PC to Phone1205312120, 12122, 150-24220 Quick Time 4 5546970-6999 wowcall80004000-4020 Yahoo Messenger 50505000-5101 9.8.2 Special Application Example Figure 9.14. Special Application Configuration Page Following describes the procedure to setup a special application for MSN Gaming Zone. 1. Open the Special Application configuration page, as shown in Figure 9.14, by clicking the Firewall/NAT ->Special Application menu. 2. Check Enabled checkbox. 3. Select TCP/UDP from the trigger protocol drop-down list. If you are not sure whether the application uses TCP or UDP protocol, you may select TCP/UDP in this field. 4. Enter outgoing port range, in this case: 47624 ~ 47624.
Configuring Firewall RX3042H User's Manual 88 5. Select TCP/UDP from the incoming protocol drop-down list. If you are not sure whether the application uses TCP or UDP protocol, you may select TCP/UDP in this field. 6 . E n t e r i n c o m i n g p o r t r a n g e , i n t h i s c a s e : 2 3 0 0 - 2 4 0 0 a n d 28800-29000 7. In the Comment field, enter the name identifying this application, which is MSN Gaming Zone in this instance. 8. Click Apply to save the settings.