fulton.net.au

QT021 - Port forwarding on the FVS318
 
 
 

 

Fulton Network Technologies Pty Ltd

ABN: 68 087 124 481

29 Westleigh Drive Westleigh  NSW  2120

Ph:  +61 2 9875 3676

Fax: +61 2 9481 8079

sales@fulton.net.au

 support@fulton.net.au 

 www.fulton.net.au

 

  

 

Introduction

In its most common configuration, the FVS318 is used as a NAT router to share a broadband connection amongst several computers.  In this configuration, all unsolicited incoming connection attempts are blocked by the FVS318, unless the FVS318 has been configured to forward them to a specific local computer.

For example, if you wish to host a web server behind your FVS318, on a computer with local IP address 192.168.0.100, you will need to forward port 80 (HTTP) to that computer's IP address before users on the internet will be able to connect to it.

Detail

Port forwarding on the FVS318 is a two step process:

  • Create an entry in the router's Service Table for the ports(s) that you wish to forward.  This entry consists of a Service Name (anything convenient), Type (TCP, UDP or both), and a range of Port Numbers.

  • Create the Port Mapping Entry.  This consists of the Service Name (defined above), a Schedule Action (Allow Always, Allow by schedule, or Block by schedule), the Local LAN IP that the port is to be forwarded to, an optional range of WAN IP's that are to be allowed to access the service, and whether or not to log access via this rule.

It is also possible to create a Default or DMZ Port Mapping.  When this is enabled, all unsolicited incoming connection attempts are forwarded to the nominated local IP.  As this can create a significant security risk, its use is not recommended.

 

To create the Service Table entry, first select Add Service from the router's Security menu.

 

Click to enlarge

 

Click the Add Custom Service button.  Enter the appropriate values for the service you are adding.  The example shows the settings that would enable you to host an IMAP email server behind the router.  Then click the Apply button.

 

Click to enlarge

 

The new entry will then be displayed in the Service Table.

 

Click to enlarge

 

To create the Port Mapping entry, select Ports from the router's Advanced menu.  Enter the appropriate values for the port mapping you are adding.  The example shows an IMAP server being forwarded to local IP address 192.168.1.100, access only being allowed from a single external IP address 144.132.8.67, no SChedule Action, and logging enabled.

Then click the Apply button.

 

Click to enlarge

 

The updated Port Mapping table will then be displayed.

 

Click to enlarge

 

Security Considerations

Each additional port mapping adds some additional security risk.  Incoming traffic for that port is directed to the nominated computer..  If the application has security weaknesses, that computer and other devices may be at risk.

We suggest you observe the following guidelines:

  • Don't create any unnecessary port mappings

  • Remove any unused port mappings

  • Don't use a default or DMZ port mapping unless absolutely necessary

  • If creating a port mapping for a range of ports, keep the range as small as possible

Feedback

Did you find this Quick Tip useful?  Do you have any suggestions for improvement or notice any errors?  Are there any other topics you would like to see covered by a Quick Tip.  Please take a moment to send us some feedback.

Quick Tip 021 - Port forwarding on the FVS318

Version 1.0, 18-AUG-2002

Copyright © 2002 Fulton Network Technologies Pty Ltd.  All rights reserved. Not to be reproduced or distributed in any form without prior permission.

All information contain herein is provided to the reader on the understanding that the reader is responsible for ensuring the correctness and suitability of the information for his particular needs.

VERSION HISTORY

1.0   18-AUG-2002   Initial Release