Complete PDF manual
PDF of this chapter

Inbound Rules Examples

LAN WAN Inbound Rule: Hosting A Local Public Web Server

If you host a public Web server on your local network, you can define a rule to allow inbound Web (HTTP) requests from any outside IP address to the IP address of your Web server at any time of day.

In the example shown in Figure 4-5, unrestricted access is provided from the Internet to the local Web server at LAN IP address 192.168.0.99.

Figure 4-5

LAN WAN Inbound Rule: Allowing Videoconference from Restricted Addresses

If you want to allow incoming videoconferencing to be initiated from a restricted range of outside IP addresses, such as from a branch office, you can create an inbound rule.

In the example shown in Figure 4-6, CU-SeeMe connections are allowed to a local host only from a specified range of external IP addresses. Connections are blocked during the period specified by Schedule 1.

Figure 4-6

LAN WAN Inbound Rule: Setting Up One-to-One NAT Mapping

If you arrange with your ISP to have more than one public IP address for your use, you can use the additional public IP addresses to map to servers on your LAN. One of these public IP addresses will be used as the primary IP address of the VPN firewall. This address will be used to provide Internet access to your LAN PCs through NAT. The other addresses are available to map to your servers.

In the example shown in Figure 4-7, we have configured multi-NAT to support multiple public IP addresses on one WAN interface. The inbound rule instructs the VPN firewall to host an additional public IP address (10.1.0.5) and to associate this address with the Web server on the LAN (at 192.168.0.2). We also instruct the VPN firewall to translate the incoming HTTP port number (port 80) to a different port number (port 8080).

The following addressing scheme is used in this example:

VPN firewall FVS336G
WAN1 primary public IP address: 10.1.0.1
WAN1 additional public IP address: 10.1.0.5
LAN IP address 192.168.1.1
Web server PC on the VPN firewall's LAN
LAN IP address: 192.168.1.11
Port number for Web service: 8080

Figure 4-7

To test the connection from a PC on the WAN side, type http://10.1.0.5. The home page of the Web server should appear.

LAN WAN Inbound Rule: Specifying an Exposed Host

Specifying an exposed host allows you to set up a computer or server that is available to anyone on the Internet for services that you have not yet defined.

To expose one of the PCs on your LAN as this host:

Create an inbound rule that allows all protocols.
Place the new rule below all other inbound rules.

Note: For security, NETGEAR strongly recommends that you avoid creating an exposed host. When a computer on your LAN is designated as the exposed host, it loses much of the protection of the firewall and is exposed to many exploits from the Internet. If compromised, the computer can be used to attack your network.