This Chapter explains when and how to use the Broadband VPN Gateway's "Internet" Features.
The following advanced features are provided.
This screen allows configuration of all advanced features relating to Internet access.
Most applications are supported transparently by the Broadband VPN Gateway. But sometimes it is not clear which PC should receive an incoming connection. This problem could arise with the Communication Applications listed on this screen.
If this problem arises, you can use this screen to set which PC should receive an incoming connection, as described below.
Communication Applications |
|
Select an Application
|
This lists applications which may generate incoming connections, where the
destination PC (on your local LAN) is unknown.
|
Send incoming calls to
|
This lists the PCs on your LAN.
|
If you use Internet applications which use non-standard connections or port numbers, you may find that they do not function correctly because they are blocked by the Broadband VPN Gateway's firewall. In this case, you can define the application as a "Special Application".
Special Applications Screen
This screen can be reached by clicking the Special Applications button on the Advanced Internet screen.
You can then define your Special Applications. You will need detailed information about the application; this is normally available from the supplier of the application.
Also, note that the terms "Incoming" and "Outgoing" on this screen refer to traffic from the client (PC) viewpoint
Figure 28: Special Applications Screen
Use this to Enable or Disable this Special Application as required.
|
|
Name
|
Enter a descriptive name to identify this Special Application.
|
Incoming
Ports |
|
Outgoing
Ports |
|
Using a Special Application
![]() |
If an application still cannot function correctly, try using the "DMZ" feature. |
This feature, if enabled, allows one (1) computer on your LAN to be exposed to all users on the Internet, allowing unrestricted 2-way communication between the "DMZ PC" and other Internet users or Servers.
![]() |
The "DMZ PC" is effectively outside the Firewall, making it more vulnerable to attacks. For this reason, you should only enable the DMZ feature when required. |
The URL Filter allows you to block access to undesirable Web site
Click the "Configure URL Filter" button on the Advanced Internet screen to access the URL Filter screen. An example screen is shown below.
Filter Strings |
|
Current Entries
|
This lists any existing entries. If you have not entered any values, this
list will be empty.
|
Add Filter String
|
To add an entry to the list, enter it here, and click the "Add"
button.
An entry may be a Domain name (e.g. www.trash.com) or simply a string. (e.g. ads/ ) Any URL which contains ANY entry ANYWHERE in the URL will be blocked. |
Buttons |
|
Delete/Delete All
|
Use these buttons to delete the selected entry or all entries, as required.
Multiple entries can be selected by holding down the CTRL key while
selecting.(On the Macintosh, hold the SHIFT key while selecting.)
|
Add
|
Use this to add the current Filter String to the site list.
|
This free service is very useful when combined with the Virtual Server feature. It allows Internet users to connect to your Virtual Servers using a URL, rather than an IP Address.
This also solves the problem of having a dynamic IP address. With a dynamic IP address, your IP address may change whenever you connect, which makes it difficult to connect to you.
The Service works as follows:
Select Internet on the main menu, then Dynamic DNS, to see a screen like the following:
DDNS Service |
|
DDNS Service
|
|
DDNS Data |
|
User Name
|
Enter the "User name" specified at the www.dyndns.org Web site when you
registered.
|
Password
|
Enter your current password for www.dyndns.org
|
Domain Name
|
|
DDNS Status
|
This message is returned by the DDNS Server at www.dyndns.org
|
This feature allows you to make Servers on your LAN accessible to Internet users. Normally, Internet users would not be able to access a server on your LAN because:
The "Virtual Server" feature solves these problems and allows Internet users to connect to your servers, as illustrated below.
Note that, in this illustration, both Internet users are connecting to the same IP Address, but using different protocols.
To Internet users, all virtual Servers on your LAN have the same IP Address. This IP Address is allocated by your ISP.
This address should be static, rather than dynamic, to make it easier for Internet users to connect to your Servers.
However, you can use the DDNS (Dynamic DNS) feature to allow users to connect to your Virtual Servers using a URL, instead of an IP Address.
You should connect your Virtual Servers to the DMZ port, for the following reasons:
Note that the DMZ port is a normal port, not an "uplink" port. If connecting to a hub, connect to a standard port on the hub.
The Virtual Servers screen is reached by the Virtual Servers link on the Internet menu. An example screen is shown below.
Figure 32: Virtual Servers Screen
This screen lists a number of pre-defined Servers,. providing a quick and convenient method to set up the common server types.
Servers |
|
Servers
|
This lists a number of pre-defined Servers, plus any Servers you have
defined. Details of the selected Server are shown in the "Properties"
area.
|
Properties |
|
Enable
|
Use this to Enable or Disable support for this Server, as required.
|
PC (Server)
|
Select the PC for this Server. The PC must be running the appropriate
Server software.
|
If the type of Server you wish to use is not listed on the Virtual Servers screen, you can use the Firewall Rules to allow particular incoming traffic and forward it to a specified PC (Server).
Once configured, anyone on the Internet can connect to your Virtual Servers.
They must use the Internet IP Address (the IP Address allocated to you by your
ISP).
e.g.
http://203.70.212.52
ftp://203.70.212.52
It is more convenient if you are using a Fixed IP Address from your ISP,
rather than Dynamic. However, you can use the Dynamic DNS feature,
described in the following section, to allow users to connect to your Virtual
Servers using a URL, rather than an IP Address.
This screen allows advanced users to enter or change a number of settings. For normal operation, there is no need to use this screen or change any settings.
Backup DNS |
|
IP Address
|
Enter the IP Address of the DNS (Domain Name Servers) here. These DNS will
be used only if the primary DNS is unavailable.
|
MTU |
|
MTU size
|
MTU (Maximum Transmission Unit) value should only be changed if advised to
do so by Technical Support.
|