Edimax Router BF-6214K User Manual

							 
30 
 
 
 
Parameters Description 
 Enable  You can select to enable “Application Layer Gateway”, then the router will let that application 
correctly pass though the NAT gateway. 
  Click  at the bottom of the screen to save the above configurations. You can now configure other advance 
sections or start using the router (with the advance settings in place) 
 
 
2.5.4 UPnP Settings 
With UPnP, all PCs in you Intranet will discover this router automatically. So you do not have to do any configuration for 
your PC and can access the Internet through this router easily. 
 
 
 
Parameters      Description 
 UPnP Feature  You can Enable or Disable UPnP feature here. After you enable the UPnP feature, all 
client systems that support UPnP, like Windows XP, can discover this router 
automatically and access the Internet through this router without any configuration. 
The NAT Traversal function provided by UPnP can let applications that support UPnP 
smoothly connect to Internet sites without any incompatibility problem due to the 
NAPT port translation. 
  Click  at the bottom of the screen to save the above configurations. You can now configure other advance 
sections or start using the router (with the advance settings in place) 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
						

							 
31 
 
 
2.5.5 Static Routing 
This router provides Static Routing function when NAT is disabled. With Static Routing, the router can forward packets 
according to your routing rules. The IP sharing function will not work anymore in Static Routing mode. 
 Note: The DMZ function of firewall will not work if static routing is enabled. 
 
 
Parameter    Description 
 Route  The network address of destination LAN. 
 
Route Mask  The subnet mask of destination LAN. 
 
Next Hop IP  The next stop gateway of the path toward the destination LAN. This is the IP of the 
neighbor router that this router should communicate with on the path to the destination 
LAN. 
 
Interface  The interface that go to the next hop (router). 
 
 
Click  at the bottom of the screen to save the above configurations. You can now configure other advance 
sections or start using the router (with the advance settings in place) 
 
2.6 Firewall 
The Broadband router provides extensive firewall protection by restricting connection parameters, thus limiting the risk of 
hacker attack, and defending against a wide array of common Internet attacks. However, for applications that require 
unrestricted access to the Internet, you can configure a specific client/server as a Demilitarized Zone (DMZ).  
 
Note: To enable the Firewall settings select Enable and click Apply 
 
 
 
 
 
 
 
 
 
  
						

							 
32 
 
 
Parameters     Description 
 2.6.1 Access Control List  Access  Control List allows you to specify which hosts users can or cannot have 
access to certain Internet applications   
 
2.6.2 URL Filter  URL Filter allows you to specify which URLs can’t be accessed by users. 
 
2.6.3 Anti-DoS  The Broadband routers firewall can block common hacker attacks and can log 
the attack activities. 
 
2.6.4 DMZ Host  The DMZ Host function allows you to re-direct all packets going to your WAN port 
IP address to a particular IP address in your LAN. 
 
 
Click on one of the firewall selections and proceed to the manual’s relevant sub-section 
 
2.6.1 Access Control List 
If you want to restrict users from accessing certain Internet applications/services (e.g. Internet websites, email, FTP etc.), 
this is the place to set that configuration. Access Control allows users to define the traffic type permitted in your LAN. You 
can control which PC client can have access to these services.  
 
 
 
 
Parameters     Description 
 
Policy  User can choose to log or not to log packets which match any configured ACL. 
 
Direction/IP  Ingress means packets from LAN to Gateway and Egress means packets from Gateway to 
WAN. Pay special attention to the “egress, source ip/port” direction group. The source ip 
address of an lan-to-wan packet will be already changed to gateway’s public ip address. 
That means if you created a system-wise egress rule, please specifying the Gateway WAN 
ip address as the source IP. 
 
Type  Specify the traffic type here. You can pick TCP for TCP traffic, UDP for UDP traffic, or IP for 
all kind of IP traffic. 
 
Port  Specify the TCP/UDP port number for filtered traffic.  
						

							 
33 
 
   
Day/Time  You can select a range of day and time that the specified PCs will not able to access the 
Internet on these time period. 
 
Enable  You can Enable/Disable some policies by check their enable checkbox. 
 
You can now configure other advance sections or start using the router (with the advance settings in place) 
Example: Access Control List 
In the example below, LAN client A can only access websites that use Port 80. However, LAN client B is able to access 
websites and any other service that uses ports between 80 and 999. 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2.6.2 URL Filter 
You can block access to some Web sites from particular PCs by entering a full URL address or just keyword of the Web 
site. 
  
Parameters   Description 
 URL String Pattern  You can enter the full URL address or the keyword of the web site you want to block. 
 
Source IP Range  You can specify a range of LAN PCs that apply to the URL filter feature. 
 
Enable URL Blocking  Check the check box to Enable URL Blocking 
 
 
You can now configure other advance sections or start using the router (with the advance settings in place)  
						

							 
34 
 
 
 
2.6.3 Anti-DoS (Denial of Service) 
The Broadband routers firewall can block common hacker attacks, including Denial of Service, Ping of Death, Port Scan 
and Sync Flood, .etc. If Internet attacks occur the router can log the events. 
 
 
 
 
 
Parameters Description 
 
DoS Prevention Enable  Enables selected Anti-DoS features. 
 
Ignore LAN-Side Check  Skip DoS checks for all LANWAN packets.  
						

							 
35 
 
   
Whole system flood  System-wide DoS threshold for SYN/FIN/UDP/ICMP flooding. 
 
Per-source IP flood  SYN/FIN/UDP/ICMP  flooding  threshold per host. Offending host would be blocked for 
120 seconds (default) if Source IP Blocking is enabled. 
 
Whole system FlowCnt Control  System-wide Flow Count Control for TCP/UDP or Both protocol. 
 
Per-source IP FlowCnt Control  SYN/FIN/UDP/ICMP Flow Count Control per host. Offending host would be blocked for 
120 seconds (default) if Source IP Blocking is enabled. 
 
TcpUdpPortScan  Port scan detection. Sensitivity could be Low or High. 
 
All DoS items  System-wide Dos detection. 
 
 
Click  at the bottom of the screen to save the above configurations. You can now configure other advance 
sections or start using the router (with the advance settings in place) 
 
2.6.4 DMZ Host 
If you have a local client PC that cannot run an Internet application (e.g. Games) properly from behind the NAT firewall, 
then you can open the client up to unrestricted two-way Internet access by defining a DMZ Host. The DMZ function 
allows you to re-direct all packets going to your WAN port IP address to a particular IP address in your LAN. The 
difference between the virtual server and the DMZ function is that the virtual server re-directs a particular service/Internet 
application to a particular LAN client/server, whereas DMZ re-directs all packets (regardless of services) going to your 
WAN IP address to a particular LAN client/server. 
 
 
 
Parameters Description 
 
Enable DMZ  Enable/disable DMZ 
 
Note: If there is a conflict between the Virtual Server and the DMZ setting, then Virtual 
Server function will have priority over the DMZ function. 
    
DMZ Host  Input the IP address of a particular host in your LAN that will receive all the packets 
originally going to the WAN port/Public IP address above  
  
Note: You need to give your LAN PC clients a fixed/static IP address for DMZ to work 
properly. 
 
General L4 protocol forward  Check this to enable the general layer 4 protocol forwarding function. 
 
ICMP forward  Check this to allow the ICMP packets forward to the DMZ host. 
 
 
 
 
 
  
						

							 
36 
 
 
Chapter 3  
Status 
The Status section allows you to monitor the current status of your router. You can use the Status page to monitor: the 
connection status of the Broadband routers WAN/LAN interfaces, the current firmware and hardware version numbers, 
any illegal attempts to access your network, and information on all DHCP client PCs currently connected to your network. 
 
 
 
 
 
Parameters Description 
 
3.1 Status and Information  Shows the router’s system information  
 
3.2 Logs  This router supports five types of Log messages: System Log, ACL Log, URL filter, DoS 
Log and New connection Log. 
  Select one of the above Status selections and proceed to the manual’s relevant sub-section  
 
 
 
 
 
 
 
 
 
 
 
 
 
  
						

							 
37 
 
 
3.1 Status and Information  The Status and Information section allows you to view the router’s system information  
 
 
Parameters    Description 
 
Information  You can see the router’s system information such as the router’s: System Information, LAN 
Information, WAN Information, and Wireless Information. 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
						

							 
38 
 
 
3.2 Logs 
This router supports five types of Log messages: System Log, ACL Log, URL filter, DoS Log and New connection Log. 
You can Enable or Disable each of these Logs. 
 
3.2.1 System Log 
 
 
3.2.2 ACL Log 
 
 
3.2.3 URL Filter Log 
 
 
3.2.4 DoS Log 
 
  
						

							 
39 
 
 
3.2.5 New Connection Log