Firewall
Buffalo says that the G54 has a NAT-based firewall, but given its "Intrusion Detection" function, I think there’s at least a little Stateful Packet Inspection (SPI) mixed in. The firewall features are found under the "Network Setting" link, and I’ll start with the Address Translation page shown in Figure 4.
Figure 4: Address Translation settings
(click on the image for a full-sized view)
The screenshot actually shows the lower half of the page and doesn’t include the DMZ and Address Translation Enable settings. Yup, that’s right, you can shut off the NAT function and use the G54 as a normal LAN-LAN router, including the ability to handle RIP1 and 2 dynamic routing protocols and set static routes via the Routing setting screen.
If you’re like me, you’ll have to stare at this screen for awhile and do some experimenting to figure out how to map ports, due to the many options not normally found in port forwarding interfaces. You’ll also bump into some not-so-helpful error messages if you do something wrong, which again, could use some translation help.
I eventually figured things out, though, and once programmed, the port forwarding seemed to work fine. Note that you can’t edit or temporarily disable port mappings, and "loopback" is not supported for forwarded ports.
Tip: If you’re forwarding port ranges, don’t enter any port numbers in the Protocol LAN box, and just enter the IP address of the computer that you want the ports to be forwarded to. Otherwise you’ll get an error.
The main part of the Packet Filter (access control) screen is shown in Figure 5. Also on the page, but not shown in the screenshot is a checkbox that controls whether packet filtering actions are logged and an area at the bottom of the page that displays and allows deleting (but not editing or disabling) of programmed filters.
Figure 5: Packet filter screen
(click on the image for a full-sized view)
Filters that prevent IDENT requests and Microsoft Networking broadcast packets come programmed by default. Note that you can reject all Internet access for LAN machines by entering each one’s MAC address in the Source MAC address box.
Two things that are missing from the G54′s firewall features are scheduled port mappings and packet filtering and content filtering of any sort. So if you need to open ports or control access during specific times, or want to be able to control which websites your LAN users visit, the router won’t help you.
No comments:
Post a Comment