Configuring the Firewall - Port Access Control

The FriendlyNET FR3000 series routers have a built-in firewall that is automatically activated when you connect your computers. It cannot be deactivated, but it features a high level of customization. If you are not familiar with TCP/IP, NAT, and UDP ports, you may wish to view the following FAQ items before you configure your firewall: "What is an IP Address?", "What is the difference between a hub, switch and router?", and "What is a firewall and how does it work?".

1. Accessing the Port Access Control menu:

  1. Start your web browser. Type http://192.168.123.254 Into your browser's address or location field and press Enter.
  2. In a few moments you'll see the Login screen for the router. Enter admin (the default password) and click Log in.
  3. Click the Security button from the top of the page.
  4. Scroll down until you see Port Access Controls. It should look similar to this:
Port Access Control*
Port Access Control Enable
Default Group Ports:
  (all hosts except those listed on other groups)
Group 2 Ports:
  Hosts:
Group 3 Ports:
  Hosts:
Group 4 Ports:
  Hosts:

 

2. Setting Port Access Controls:

Port Access Controls let you assign different access rights (allow or block) for each group of users. This is done by preventing or allowing certain UDP ports to comunicate with the members of each group. Users are identified by the last octet of their IP addresses. For example, if you enter the number 20 into the Hosts menu, it would mean that any settings in that group would be applied to the computer at 192.168.123.20. Users not listed in Groups 2, 3, and 4 are automatically added to the Default group.

When you are done setting up your port access controls, click the Save button to apply the settings. Be sure to check the Enable checkbox.

The following syntax conventions can be used for entering port and host numbers:

  • Individual: 1, 2, 3 (Ports, 1, 2, and 3)
  • Spanned: 1-8 (Ports 1, 2, 3, 4, 5, 6, 7, and 8)
  • Mixed 1, 5, 6-9 (Ports 1, 5, 6, 7, 8, and 9)

Sample Configurations:

Group Members Access Rights Comments
Group 2 100-199 Allow (25, 53,80, 110) (Port 53 required for DNS) Can browse (80), recieve (110) and send (25) emails only.
Group 3 50-99 Block (21, 119) Cannot browse newsgroups (119) and FTP (21) only
Group 4 1-9, 20 Block ( ) Full Access (block nothing)
Default All others Allow ( ) No access rights (allow nothing)
   

Common UDP/TCP Ports:

Port No. Service
20 FTP-DATA
21 FTP
23 Telnet, Internet BBS
25 SMTP, Send Mail
53 DNS
67 BOOTP bootstrap protocol
79 Finger
80 HTTP, World Wide Web
110 POP3, recieve mail
113 AUTH, authentication
119 NNTP, net news
161 SNMP, network managment
162 SNMP-TRAP, network managment
443 HTTPS, secure worldwide web
517 TALK
518 NTALK
1723 PPTP, Microsoft VPN (virtual private network)
2049 NFS, Sun Network File System

Click here for a listing of TCP/UDP ports 0-100

Click here for a list of ports for popular applications

© 2006 Asante Networks, Inc. All rights reserved.