User's Manual

ManualsBrandsWuxi MitraStar Technology ManualsElectronics802.11n 2x2 Wireless ADSL2+ 4-port Gateway

151

152

153

154

155

156

157

158

159

160

Table Of Contents

DSL-100HNU-T1 v3 User’s Guide
Contents
Introduction
- 1.1 Overview
- 1.2 Ways to Manage the Device
- 1.3 Good Habits for Managing the Device
- 1.4 Applications for the Device
  - 1.4.1 Internet Access
- 1.5 Wireless Access
  - 1.5.1 Using the WLAN/WPS Button
- 1.6 The RESET Button
  - 1.6.1 Using the Reset Button
- 1.7 LEDs (Lights)
Introducing the Web Configurator
- 2.1 Overview
  - 2.1.1 Accessing the Web Configurator
- 2.2 The Web Configurator Layout
  - 2.2.1 Title Bar
  - 2.2.2 Main Window
Quick Start
- 3.1 Overview
- 3.2 Quick Start Setup
Connection Status and System Info
- 4.1 Overview
- 4.2 The Connection Status Screen
- 4.3 The System Info Screen
WAN Setup
- 5.1 Overview
- 5.2 The Internet Connection Screen
  - 5.2.1 Advanced Internet Connection
- 5.3 The More Connections Screen
  - 5.3.1 More Connections Edit
  - 5.3.2 Configuring More Connections Advanced Setup
- 5.4 The 3G Backup Screen
- 5.5 WAN Technical Reference
Wireless
- 6.1 Overview
- 6.2 Wireless General Screen
- 6.3 More AP Screen
  - 6.3.1 Edit More AP
- 6.4 MAC Authentication Screen
- 6.5 The WPS Screen
- 6.6 The WDS Screen
- 6.7 The WMM Screen
- 6.8 Scheduling Screen
  - 6.8.1 Add or Edit Schedule
- 6.9 Advanced Screen
- 6.10 Technical Reference
Home Networking
- 7.1 Overview
  - 7.1.1 What You Can Do in this Chapter
  - 7.1.2 What You Need To Know
- 7.2 The LAN Setup Screen
- 7.3 The Static DHCP Screen
  - 7.3.1 Before You Begin
- 7.4 The IP Alias Screen
- 7.5 The UPnP Screen
- 7.6 The IPv6 LAN Setup Screen
- 7.7 The File Sharing Screen
  - 7.7.1 Before You Begin
  - 7.7.2 Edit File Sharing User
- 7.8 The Printer Server Screen
  - 7.8.1 Before You Begin
- 7.9 Technical Reference
- 7.10 Installing UPnP in Windows Example
- 7.11 Using UPnP in Windows XP Example
Static Route
- 8.1 Overview
  - 8.1.1 What You Can Do in this Chapter
- 8.2 Configuring Static Route
  - 8.2.1 Add/Edit Static Route
- 8.3 IPv6 Static Route
  - 8.3.1 IPv6 Static Route Edit
Quality of Service (QoS)
- 9.1 Overview
  - 9.1.1 What You Can Do in this Chapter
  - 9.1.2 What You Need to Know
- 9.2 The QoS General Screen
- 9.3 The Queue Setup Screen
  - 9.3.1 Edit a QoS Queue
- 9.4 The Class Setup Screen
  - 9.4.1 Add/Edit QoS Class
- 9.5 The QoS Policer Setup Screen
  - 9.5.1 Add/Edit a QoS Policer
- 9.6 The QoS Game List Screen
- 9.7 QoS Technical Reference
  - 9.7.1 DiffServ
Network Address Translation (NAT)
- 10.1 Overview
  - 10.1.1 What You Can Do in this Chapter
  - 10.1.2 What You Need To Know
- 10.2 The General Screen
- 10.3 The Port Forwarding Screen
  - 10.3.1 The Port Forwarding Screen
  - 10.3.2 The Port Forwarding Add/Edit Screen
- 10.4 The DMZ Screen
- 10.5 The ALG Screen
- 10.6 Technical Reference
Port Binding
- 11.1 Overview
- 11.2 The Port Binding Screen
  - 11.2.1 Port Binding Summary Screen
  - 11.2.2 The Any Port Any Service Edit Screen
Dynamic DNS
- 12.1 Overview
  - 12.1.1 What You Need To Know
- 12.2 The Dynamic DNS Screen
Filter
- 13.1 Overview
  - 13.1.1 What You Can Do in the Filter Screens
- 13.2 The IP/MAC Filter Screen
- 13.3 The IPv6/MAC Filter Screen
Firewall
- 14.1 Overview
  - 14.1.1 What You Can Do in the Firewall Screens
  - 14.1.2 What You Need to Know About Firewall
- 14.2 Firewall General Screen
- 14.3 Default Action Screen
- 14.4 Rules Screen
- 14.5 DoS Screen
  - 14.5.1 The DoS Advanced Screen
  - 14.5.2 Configuring Firewall Thresholds
- 14.6 Firewall Technical Reference
Parental Control
- 15.1 Overview
- 15.2 The Parental Control Screen
  - 15.2.1 Add/Edit a Parental Control Rule
Certificates
- 16.1 Overview
- 16.2 Local Certificates
- 16.3 Trusted CA
- 16.4 Trusted CA Import
- 16.5 View Certificate
System Monitor
- 17.1 Overview
  - 17.1.1 What You Can Do in this Chapter
  - 17.1.2 What You Need To Know
- 17.2 The Log Screen
- 17.3 The WAN Traffic Status Screen
- 17.4 The LAN Traffic Status Screen
- 17.5 The NAT Traffic Status Screen
User Account
- 18.1 Overview
- 18.2 The User Account Screen
TR-069 Client
- 19.1 Overview
- 19.2 The TR-069 Client Screen
System
- 20.1 Overview
- 20.2 The System Screen
Time Setting
- 21.1 Overview
- 21.2 The Time Setting Screen
Log Setting
- 22.1 Overview
- 22.2 The Log Setting Screen
Firmware Upgrade
- 23.1 Overview
- 23.2 The Firmware Upgrade Screen
Backup/Restore
- 24.1 Overview
- 24.2 The Backup/Restore Screen
- 24.3 The Reboot Screen
Remote Management
- 25.1 Overview
  - 25.1.1 What You Can Do in the Remote Management Screens
  - 25.1.2 What You Need to Know About Remote Management
- 25.2 The WWW Screen
  - 25.2.1 Configuring the WWW Screen
- 25.3 Telnet Screen
- 25.4 FTP Screen
- 25.5 SNMP Screen
  - 25.5.1 Configuring SNMP
- 25.6 DNS Screen
- 25.7 ICMP Screen
- 25.8 SSH Screen
  - 25.8.1 SSH Example
Diagnostic
- 26.1 Overview
  - 26.1.1 What You Can Do in the Diagnostic Screens
- 26.2 The Ping Screen
- 26.3 The DSL Line Screen
Troubleshooting
- 27.1 Overview
- 27.2 Power, Hardware Connections, and LEDs
- 27.3 Device Access and Login
- 27.4 Internet Access
- 27.5 Wireless Internet Access
- 27.6 USB Device Connection
- 27.7 UPnP
Legal Information

Chapter 14 Firewall 153

RFC 4890 SPEC Traffic

RFC 4890 specifies the filtering policies for ICMPv6 messages. This is important for protecting

against s

ecurity threats including DoS, probing, redirection attacks and renumbering attacks that

can be carried out through ICMPv6. Since ICMPv6 error messages are critical for establishing and

maintaining communications, filtering policy focuses on ICMPv6 informational messages.

Anti-Probing

If an outside user attempts to probe an unsupported port on yo

ur Device, an ICMP response packet

is automatically returned. This allows the outside user to know the Device exists. The Device

supports anti-probing, which prevents the ICMP response packet from being sent. This keeps

outsiders from discovering your Device when unsupported ports are probed.

ICMP

Internet Control Message Protocol (ICMP) is a message contr

ol and error-reporting protocol

between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams,

but the messages are processed by the TCP/IP software and directly apparent to the application

user.

DoS Thresholds

For DoS attacks, the Device uses thresholds to determine when to drop sessions that do not

ecome fully established. These thresholds apply globally to all sessions. You can use the default

threshold values, or you can change them to values more suitable to your security requirements.

14.2 Firewall General Screen

Use this screen to select the firewall protection level on the Device. Click Security > Firewall >

General to display the following screen.

Figure 99 Secu

rity > Firewall > General