How to limit the communication between internal and external network (IP Filter)?
Product line: ADSL Question category: function configuratio
Q: Why do we need to configure the IP Filter?
A: Sometimes we may need to management PCs in LAN to access the Internet. IP filter function can block LAN PCs from communicating with Internet PCs by preventing specific IP addresses from accessing external network through router via specific a port number or range.
Meanwhile, it can also enable the traffic from the external network to access your local network.
The connection topology is as below:
I. Physical connection:
II. Login to the management page of the router:
1. Open a web browser (IE, Firefox, Safari, etc.) and find the address bar, leaving it blank before typing in 192.168.1.1, and then press enter.
(Care: The address bar is in the most top of the web page after opening web browser).
2. Click on Advanced Settings in the following page.
3. You will see the following page.
4. Click Advanced Setup → Security → IP Filtering. Then you can choose outgoing or incoming to do the settings.
5. Descriptions for the parameters.
l Filter Name: Enter the defined filtering name.
l IP Version: Only Ipv4 is provided.
l Protocol: TCP/UDP; TCP; UDP; ICMP available for your option.
l Source IP address [/prefix length]: Enter the LAN IP address to be filtered.
l Source Port (port or port: port): Fill in the port number or range used by LAN PCs in accessing Internet.
l Destination IP address [/prefix length]: Fill in the external network IP address to be accessed by LAN PC.
l Destination Port: Fill in the port number or range used by LAN PCs in accessing external network.
Example 1: Configuring the Outgoing filter:
If you want to filter the PC at the IP address of 192.168.66.64/24 and make it unable to access 113.108.109.35/8. Then follow the instructions below:
1. Click Advanced Setup→ Security
→ IP Filtering → Outgoing, then click Add to do the settings in the following page.
Then click the Apply/Save to save your setting.
After the settings, computers in the IP segment 192.168.66.64/24 could not access the corresponding 113.108.109.35/8 network.
Example 2: Configuring the Incoming filter:
When the firewall is enabled on a WAN or LAN interface, all incoming IP traffic is BLOCKED. However, some IP traffic can be ACCEPTED by setting up filters.
If you want to enable the traffic from the external network 113.108.109.35/24 to visit your local network (192.168.66.64/24), you can configure as below:
After the settings, all the traffic from the IP Segment 113.108.109.35/24 can be accepted to 192.168.66.64/24.