NETGEAR FVS318 Router User Manual

Reference Manual for the Model FVS318 Cable/DSL ProSafe VPN Firewall
Advanced Configuration 8-3
When a remote computer on the Internet wants to access a service at your IP address, the requested
service is identified by a port number in the incoming IP packets. For example, a packet that is sent
to the external IP address of your firewall and destined for port number 80 is an HTTP (Web
server) request. Many service port numbers are already defined in a Services/Games list in the
Ports menu, although you are not limited to these choices. See IETF RFC1700, “Assigned
Numbers,” for port numbers for common protocols. Use the Ports menu to configure the firewall
to forward incoming traffic to IP addresses on your local network based on the port number..
Remember that port forwarding opens holes in your firewall. Only enable those ports that are
necessary for your network.
Default DMZ Server
Incoming traffic from the Internet is normally discarded by the firewall unless the traffic is a
response to one of your local computers or a service that you have configured in the Ports menu.
Instead of discarding this traffic, you can have it forwarded to one computer on your network. This
computer is called the Default DMZ Server.
The Default DMZ Server feature is helpful when using some online games and videoconferencing
applications that are incompatible with NAT. The firewall is programmed to recognize some of
these applications and to work properly with them, but there are other applications that may not
function well. In some cases, one local PC can run the application properly if that PC’s IP address
is entered as the Default DMZ Server..
To assign a computer or server to be a Default DMZ server:
1. Click Default DMZ Server.
2. Type the IP address for that server.
3. Click Apply.
Note: Some residential broadband ISP accounts do not allow you to run any server
processes (such as a Web or FTP server) from your location. Your ISP may periodically
check for servers and may suspend your account if it discovers any active services at
your location. If you are unsure, refer to the Acceptable Use Policy of your ISP.
Note: For security, you should avoid using the Default DMZ Server feature. When a
computer is designated as the Default DMZ Server, it loses much of the protection of the
firewall, and is exposed to many exploits from the Internet. If compromised, the
computer can be used to attack your network.