The Virtual Server option gives Internet users access to services
on your LAN. This feature is useful for hosting online services such
as FTP, Web, or game servers. For each Virtual Server, you define a
public port on your router for redirection to an internal LAN IP
Address and LAN port.
Note: You might have trouble accessing a virtual server
using its public identity (WAN-side IP-address of the gateway or its
dynamic DNS name) from a machine on the LAN. Your requests may not
be looped back or you may be redirected to the "Forbidden" page.
This will happen if you have an Access Control Rule configured
for this LAN machine.
The requests from the LAN machine will not be looped back if
Internet access is blocked at the time of access. To work around
this problem, access the LAN machine using its LAN-side identity.
Requests may be redirected to the "Forbidden" page if web access
for the LAN machine is restricted by an Access Control Rule. Add the
WAN-side identity (WAN-side IP-address of the router or its dynamic
DNS name) on the Advanced -> Web Filter
screen to work around this problem.
Please check with the system adminstrator of your corporate
network whether your VPN client supports NAT traversal.
The Special Application section is used to open single or
multiple ports on your router when the router senses data sent to
the Internet on a "trigger" port or port range. Special
Applications rules apply to all computers on your internal
With this Special Application Rule enabled, the router will
open up a range of ports from 6000-6200 for incoming traffic from
the Internet, whenever any computer on the internal network opens
up an application that sends data to the Internet using a port in
the range of 6500-6700.
Multiple connections are required by some applications, such as
internet games, video conferencing, Internet telephony, and others.
These applications have difficulties working through NAT (Network
Address Translation). The Gaming section is used to open multiple
ports or a range of ports in your router and redirect data through
those ports to a single PC on your network. This feature allows you
to enter ports in various formats:
Range (50-100)Individual (80, 68, 888)Mixed (1020-5000,
With this Gaming Rule enabled, all TCP and UDP traffic on ports
6159 through 6180 and port 99 is passed through the router and
redirected to the Internal Private IP Address of your Game Server
The Traffic Shaping feature helps improve your network gaming
performance by prioritizing applications. By default, the Traffic
Shaping settings are disabled.
Enable: Specifies whether the entry
will be enabled or disabled.
Destination IP: The IP address of
packets that will take this route.
Netmask: One bits in the mask specify
which bits of the IP address must match.
Gateway: Specifies the next hop to be
taken if this route is used. A gateway of 0.0.0.0 implies there is
no next hop, and the IP address matched is directly connected to
the router on the interface specified: LAN or WAN.
Interface: Specifies the interface --
LAN or WAN -- that the IP packet must use to transit out of the
router, when this route is used.
Metric: The relative cost of using
Save: Saves the new or edited route
in the following list. When finished updating the routing table,
you must still click the Save
Settings button at the top of the page to make the changes
effective and permanent.
The Access Control section allows you to control access in and
out of devices on your network. Use this feature as Parental
Controls to only grant access to approved sites, limit web access
based on time or dates, and/or block access from applications such
as peer-to-peer utilities or games.
Note: When Access Control is disabled, every device on
the LAN has unrestricted access to the Internet. However, if you
enable Access Control, Internet access is restricted for those
devices that have an Access Control Rule configured for them. All
other devices will have unrestricted access to the Internet.
IP Address: Enter the IP Address of
the machine that you want the access control rule to apply to.
Make sure that the device on the LAN either has a static IP
address (that is, one that is not in the DHCP range) or is in
the Static DHCP Client List (see Basic -> DHCP).
Machine Address: Enter the MAC
Address of the machine that you want the access control rule to
apply to. If you want to enter the MAC Address of the computer
you are using, click the Copy Your PC's
MAC Address button.
Others: If you want to restrict
access for all devices that do not have an explicit rule
configured for them, then select "Others" for the Address Type.
The Web Filter section is where you add the Web sites to be used
for Access Control.
Note: Many web sites construct pages with images and
content from other web sites. Access will be forbidden if you do
not enable all the web sites used to construct a page. For
example, to access my.yahoo.com, you need to enable
access to yahoo.com, yimg.com, and
The MAC address filter section can be used to filter network
access by machines based on the unique MAC addresses of their
network adapter(s). It is most
useful to prevent unauthorized wireless devices from connecting to
your network. A MAC address is a unique ID
assigned by the manufacturer of the network adapter.
Note: Misconfiguration of this feature can prevent any
machine from accessing the network. In such a situation, you can
regain access by activating the factory defaults button on the
Note: Putting a computer in the DMZ may expose that
computer to a variety of security risks. Use of this option is
only recommended as a last resort.
The Inbound Filter option is an advanced method of controlling
data received from the Internet. With this feature you can configure
inbound data filtering rules that control data based on IP Address.
Inbound Filters can be used for limiting access to a server on
your network to a system or group of systems. Filter rules can be
used with Virtual Server, Gaming, or Remote Administration features.
Each filter can be used for several functions; for example a "Game
Clan" filter might allow all of the members of a particular gaming
group to play several different games for which gaming entries have
been created. At the same time an "Admin" filter might only allows
systems from your office network to access the WAN admin pages and
an FTP server you use at home. If you add an IP address to a filter,
the change is effected in all of the places where the filter is
In addition to the filters listed here, two predefined filters
are available wherever inbound filters can be applied:
Schedules can be created for use with enforcing rules. For
example, if you want to restrict web access to Mon-Fri from 3pm to
8pm, you could create a schedule selecting Mon, Tue, Wed, Thu, and
Fri and enter a Start Time of 3pm and End Time of 8pm.