Asus Router RX3141 User Manual
Have a look at the manual Asus Router RX3141 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 379 Asus manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
RX3141 User’s Manual Chapter 9. Configuring Firewall/NAT Settings 51 9.2.2.2 Configuring DoS Settings To configure DoS settings, follow the instructions below: 1. Open the Router Security configuration page as shown in Figure 9.1 by double clicking on Router Setup Î Security menu. 2. Check or uncheck individual check box for each type DoS attack. 3. Click to save the settings. Figure 9.1. Router Security Configuration Page
Chapter 9. Configuring Firewall/NAT Settings RX3141 User’s Manual 52 9.3 ACL Rule Configuration Parameters 9.3.1 ACL Rule Configuration Parameters Table 9.3 describes the configuration parameters firewall inbound, outbound and self-access ACL rules. Table 9.3. ACL Rule Configuration Parameters Field Description ID Add New Click on this option to add a new ACL rule. Rule Number Select a rule from the drop-down list, to modify its settings. Mave This option allows you to set a priority for this rule. The RX3141 Firewall acts on packets based on the priority of the rules. Set a priority by specifying a number for its position in the list of rules: 1 (First) This number marks the highest priority. Other numbers Select other numbers to indicate the priority you wish to assign to the rule. Action Allow Select this button to configure the rule as an allow rule. This rule when bound to the Firewall will allow matching packets to pass through. Deny Select this button to configure the rule as a deny rule. This rule when bound to the Firewall will not allow matching packets to pass through. Route to (only for outbound ACL) This field is used for policy routing needed for PPPoE unnumbered or PPPoE multi-session. Available options include AUTO, ppp0 (unnumbered), ppp1 (1st PPPoE session), ppp2 (2nd PPPoE session). These options are selectable from the drop-down list. If AUTO is selected, the router will route the packets based on the information in the routing table. Log Select or deselect the check box to enable or disable logging for this ACL rule. Protocol This option allows you to select protocol type from a drop-down list. Available settings are All, TCP, UDP, ICMP, IGMP, AH and ESP. Source IP This option allows you to set the source network to which this rule should apply. Use the drop-down list to select one of the following options: Any This option allows you to apply this rule to all the computers in the source network, such as those on the Internet for the inbound traffic or all the computers in the local network for outbound traffic. IP Address This option allows you to specify an IP address on which this rule will be applied. IP Address Specify the appropriate network address
RX3141 User’s Manual Chapter 9. Configuring Firewall/NAT Settings 53 Field Description Subnet This option allows you to include all the computers that are connected in an IP subnet. When this option is selected, the following fields become available for entry: Address Enter the appropriate IP address. Mask Enter the corresponding subnet mask. Self (for self access rule only) Indicates the router itself. Destination IP This option allows you to set the destination network to which this rule should apply. Use the drop- down list to select one of the following options: Any This option allows you to apply this rule to all the computers in the local network for inbound traffic or any computer in the Internet for outbound traffic.. IP Address, Subnet Select any of these options and enter details as described in the Source IP section above. Self (for self access rule only) Indicates the router itself. Domain In order for this option to work, user’s PC must use RX3141 as its DNS server. The domain name variable / IP addresses association is cleared after every system restart. Multiple ACL rules can be associated to the same domain name / IP addresses association. f Maximum of 30 domain name variables is supported. f Each domain name variable / IP addresses association is updated only when the LAN client issues the DNS query to RX3141. For example, when entering the address “http://www yahoo.com” on your browser, RX3141 will update the IP address association w/ www.yahoo.com in the internal database referenced by the firewall. f Each domain name variable can be associated up to 256 IP addresses. f Wild card character “*” is allowed in the domain name Its usage is illurstrated in the following examples: 1. www.google.* : match www.google.com and ww.google.net and does not match www.google.com.tw 2. www.google.*.*: match www.google.com.tw, and www.google.com.sg and does not match www.google.com 3. .com.tw : match www.google.com.tw, www.com.tw and does not match com.tw 4. *.com : match google.com and abc.com and does not match www.google.com, com 5. *: match any domain name 6. . (a single dot): match any domain name Source Port This option allows you to set the source port to which this rule should apply. Use the drop-down list to select one of the following options: Any Select this option if you want this rule to apply to all applications with an
Chapter 9. Configuring Firewall/NAT Settings RX3141 User’s Manual 54 Field Description arbitrary source port number. Single This option allows you to apply this rule to an application with a specific source port number. Port Number Enter the source port number Range Select this option if you want this rule to apply to applications with this port range. The following fields become available for entry when this option is selected. Start Port Enter the starting port number of the range End Port Enter the ending port number of the range Destination Port This option allows you to set the destination port to which this rule should apply. Use the drop-down list to select one of the following options: Any Select this option if you want this rule to apply to all applications with an arbitrary destination port number. Single, Range Select any of these and enter details as described in the Source Port section above. ICMP (available only when protocol type is set to ICMP) This option allows you to select the ICMP message type for the ACL rule. The supported ICMP message types are: • Any (default) • 0: Echo reply • 1: Type 1 • 2: Type 2 • 3: Dst unreach: destination unreachable • 4: Src quench: source quench • 5: Redirect • 6: Type 6 • 7: Type 7 • 8: Echo req: • 9: Router advertisement • 10: Router solicitation • 11: Time exceed: time exceeded • 12: Parameter problem • 13: Timestamp request • 14: Timestamp reply • 15: Info request: information request • 16: Info reply: information reply • 17: Addr mask req: address mask request • 18: Addr mask reply: address mask reply
RX3141 User’s Manual Chapter 9. Configuring Firewall/NAT Settings 55 9.4 Configuring Inbound ACL Rules By creating ACL rules in Inbound ACL configuration page as shown in Figure 9.2, you can control (allow or deny) incoming access to computers on your LAN. Options in this configuration page allow you to: f Add a rule, and set parameters for it f Modify an existing rule f Delete an existing rule f View configured inbound ACL rules Figure 9.2. Inbound ACL Configuration Page 9.4.1 Add Inbound ACL Rules To add an inbound ACL rule, follow the instructions below: 1. Open the Inbound ACL Rule configuration page, as shown in Figure 9.2, by double clicking the Router Setup Î Inbound ACL menu. 2. Select “ Add New” from the “ID” drop-down list. 3. Set desired action (Allow or Deny) from the “ Action” drop-down list. 4. Make changes to any or all of the following fields: source/destination IP, source/destination port, protocol, ICMP message type and log. Please see Table 9.3 for explanation of these fields. 5. Assign a priority for this rule by selecting a number from the “ Move to” drop-down list. Note that the number indicates the priority of the rule with 1 being the highest. Higher priority rules will be examined prior to the lower priority rules by the firewall. 6. Click on the button to create the new ACL rule. The new ACL rule will then be displayed in the inbound access control list table at the bottom half of the Inbound ACL Configuration page.
Chapter 9. Configuring Firewall/NAT Settings RX3141 User’s Manual 56 Figure 9.3 illustrates how to create a rule to allow inbound HTTP (i.e. web server) service. This rule allows inbound HTTP traffic to be directed to the host w/ IP address 192.168.1.28. Note that the newly added inbound ACL rule is displayed in the Existing Inbound ACL table shown in Figure 9.4. Figure 9.3. Inbound ACL Configuration Example 9.4.2 Figure 9.4. Sample Inbound ACL List TableModify Inbound ACL Rules To modify an inbound ACL rule, follow the instructions below: 1. Open the Inbound ACL Rule configuration page, as shown in Figure 9.2, by double clicking the Router Setup Î Inbound ACL menu. 2. Click on the icon of the rule to be modified in the inbound ACL table or select the rule number from the “ ID” drop-down list. 3. Make desired changes to any or all of the following fields: action, source/destination IP, source/destination port, protocol, ICMP message type and log. Please see Table 9.3 for explanation of these fields. 4. Click on the button to modify this ACL rule. The new settings for this ACL rule will then be displayed in the inbound access control list table at the bottom half of the Inbound ACL Configuration page. 9.4.3 Delete Inbound ACL Rules To delete an inbound ACL rule, open the Inbound ACL Rule configuration page by double clicking the Router Setup Î Inbound ACL menu and then click on the in front of the rule to be deleted.
RX3141 User’s Manual Chapter 9. Configuring Firewall/NAT Settings 57 9.4.4 Display Inbound ACL Rules To see existing inbound ACL rules, just open the Inbound ACL Rule configuration page by double clicking the Router Setup Î Inbound ACL menu. The existing inbound ACL rules are displayed at the bottom of the configuration page. 9.5 Configuring Outbound ACL Rules By creating ACL rules in outbound ACL configuration page as shown in Figure 9.5, you can control (allow or deny) Internet or external network access for computers on your LAN. Options in this configuration page allow you to: f Add a rule, and set parameters for it f Modify an existing rule f Delete an existing rule f View configured outbound ACL rules Figure 9.5. Outbound ACL Configuration Page 9.5.1 Add an Outbound ACL Rule To add an outbound ACL rule, follow the instructions below: 1. Open the Outbound ACL Rule configuration page, as shown in Figure 9.5, by double clicking the Router Setup Î Outbound ACL menu. 2. Select “ Add New” from the “ID” drop-down list. 3. Set desired action (Allow or Deny) from the “ Action” drop-down list.
Chapter 9. Configuring Firewall/NAT Settings RX3141 User’s Manual 58 4. Assign a priority for this rule by selecting a number from the “Move to” drop-down list. Note that the number indicates the priority of the rule with 1 being the highest. Higher priority rules will be examined prior to the lower priority rules by the firewall. 5. Select an interface through which to send the packets. Options available are “AUTO”, “ppp0 (unnumbered)”, “ppp1 (PPPoE 0)” and “ppp2 (PPPoE 1)”. Normally select AUTO for router to determine where to send the traffic for packets matched this ACL rule. 6. Make changes to any or all of the following fields: source/destination IP, source/destination port, protocol, ICMP message type and log. Please see Table 9.3 for explanation of these fields. 7. Click on the button to create the new ACL rule. The new ACL rule will then be displayed in the outbound access control list table at the bottom half of the Outbound ACL Configuration page. Figure 9.6 illustrates how to create a rule to allow outbound HTTP traffic. This rule allows outbound HTTP traffic (destination port 80) to be forwarded to any host on the external network for a host in your LAN w/ IP address 192.168.1.15. Note that the newly added outbound ACL rule is displayed in the Existing Outbound ACL table shown in Figure 9.7. Figure 9.6. Outbound ACL Configuration Example Figure 9.7. Sample Outbound ACL List Table 9.5.2 Modify Outbound ACL Rules To modify an outbound ACL rule, follow the instructions below: 1. Open the Outbound ACL Rule configuration page, as shown in Figure 9.5, by double clicking the Router Setup Î Outbound ACL menu.
RX3141 User’s Manual Chapter 9. Configuring Firewall/NAT Settings 59 2. Click on the icon of the rule to be modified in the outbound ACL table or select the rule number from the “ ID” drop-down list. 3. Make desired changes to any or all of the following fields: action, source/destination IP, source/destination port, protocol, ICMP message type and log. Please see Table 9.3 for explanation of these fields. 4. Click on the button to modify this ACL rule. The new settings for this ACL rule will then be displayed in the outbound access control list table at the bottom half of the Outbound ACL Configuration page. 9.5.3 Delete Outbound ACL Rules To delete an outbound ACL rule, just open the Outbound ACL Rule configuration page by double clicking the Router Setup Î Outbound ACL menu and then click on the in front of the rule to be deleted: 9.5.4 Display Outbound ACL Rules Open the Outbound ACL Rule configuration page by double clicking the Router Setup Î Outbound ACL menu. 9.6 Configuring Self-Access ACL Rules – (Router Setup Î Self-Access ACL) Self-Access rules control access to/from the RX3141 itself. You may use Self-Access Rule Configuration page, as illustrated in Figure 9.8, to: f Add a Self-Access rule f Modify an existing Self-Access rule f Delete an existing Self-Access rule f View existing Self-Access rules
Chapter 9. Configuring Firewall/NAT Settings RX3141 User’s Manual 60 Figure 9.8. Self-Access ACL Configuration Page 9.6.1 Add a Self-Access Rule To add a Self-Access rule, follow the instructions below: 1. Open the Self-Access Rule configuration page, as shown in Figure 9.8, by double clicking the Router Setup Î Self Access ACL menu. 2. Select “ Add New” from the “ID” drop-down list. 3. Set desired action (Allow or Deny) from the “ Action” drop-down list. 4. Assign a priority for this rule by selecting a number from the “ Move to” drop-down list. Note that the number indicates the priority of the rule with 1 being the highest. Higher priority rules will be examined prior to the lower priority rules by the firewall. 5. Make desired changes to any or all of the following fields: source/destination IP, source/destination port, protocol, ICMP message type and log. Please see Table 9.3 for explanation of these fields. 6. Click on the button to create the new Self-Access rule. The new rule will then be displayed in the Existing Self-Access ACL list table at the bottom half of the Self-Access ACL configuration page. Example Figure 9.9 shows a sample self-access ACL configuration to allow TCP port 80 traffic (i.e. HTTP traffic) from any one to RX3141. Figure 9.9. Self-Access ACL Configuration Example 9.6.2 Modify a Self-Access Rule To modify a Self-Access rule, follow the instructions below: 1. Open the Self-Access Rule configuration page, as shown in Figure 9.8, by double clicking the Router Setup Î Self Access ACL menu. 2. Click on the icon of the Self-Access rule to be modified in the Existing Self-Access ACL table or select the Self-Access ACL from the ID drop-down list.