Chances are you’re probably already using your Broadband Home Router (BHR) to take advantage of the speed boost with Verizon FiOS or to transfer recorded episodes of The Office from your DVR to laptop. But did you know this same device can be used to activate parental controls on your home network or connect your Xbox to the wireless network? Here are 10 ways to use your BHR to enhance your home networking.
• Connect an Xbox to the BHR
• Set up advanced filtering
• Set up multiple static IP addresses
• Set up a static NAT
• Set up port forwarding
• Activate parental controls
• Use network objects
• Use IP address distribution
• Use a DMZ host
• Block specific computers from accessing certain services on the Internet
Connect an Xbox to the BHR
It’s easy to connect your Xbox to the BHR to enjoy wireless networking and online gaming.
1. Open the management console of your BHR by entering "http://192.168.1.1" in the Address bar of a web browser.
2. Enter the BHR's username and password (default login: username – "admin"; password – "password" or "password1").
3. Select Wireless Settings from the BHR's graphical user interface (GUI). Write down the SSID and WEP key (they'll be needed later). Note: Before a computer can connect to the BHR through a wireless signal, it must be configured with the appropriate SSID and WEP key.
4. From the Xbox Dashboard, select Settings then select Network Settings.
5. Click Advanced, and then click Wireless.
6. From the "Wireless Status" screen, select Settings.
• The BHR can be configured to either broadcast or not broadcast its SSID. If configured to broadcast its SSID, from the list of SSIDs in the "Select Network" screen, select the SSID written down in step 3. If the BHR is not configured to broadcast its SSID, select OTHER from the list in the Select Network screen. Then use the Xbox Dashboard virtual keyboard to enter the SSID written down in step 3.
• Select Network Mode as "Infrastructure." Then select Security Type and configure the Xbox Compatible wireless bridge with the same security settings ("NONE," "64-bit WEP," or "128-bit WEP") as the BHR.
• Press A to save the new settings, and then press B to go back.
7. From the "Wireless Status" screen, check that the Xbox is connected to the network name (SSID) specified in step 3. Press B twice to go back.
8. From the "Network Settings" screen, select "Connect." When the "Connect Status" screen appears, verify the Xbox is connected.
Set up Advanced Filtering
With the BHR’s advanced filtering options, you can prevent a particular computer on the BHR network from accessing a protocol, such as a game, website, or application.
1. Open a Web browser and enter "http://192.168.1.1" in the Address bar. Then, press the "Enter" key on the keyboard.
2. In the "Login" screen, enter the BHR's username and password (default login: username – "admin"; password – "password" or "password1"), then click OK.
3. In the next screen, click Security.
4. Select Advanced Filtering from the left side the "Security" screen.
5. Advanced filtering can be used on any connection controlled by the BHR, including Network (Home/Office), Broadband Connection (Ethernet and Coax), Ethernet, etc. In this procedure, we will implement advanced filtering for Network (Home/Office). Under the heading ‚"Network (Home/Office) Rules," click Add.
6. Select the computer to filter in both the "Source Address‚" and "Destination Address" sections of the screen from the appropriate drop-down lists.
7. Select the protocol to be filtered from the "Rule Name" section drop-down list. Activate "Drop" in the "Operation" section by clicking the appropriate radio button. Finally, click Apply at the bottom of the screen.
8. When the previous screen (Security) reappears, note that the rule has been added under the heading "Network (Home/Office) Rules." Click OK at the bottom of the screen to apply the changes made. The selected computer will be blocked from accessing the selected protocol.
Set up multiple static IP addresses
For most users, a dynamic IP address is just fine. For others looking to add their own e-mail server, access their computer remotely with a custom Virtual Private Network (VPN), host their own server or many other uses where you need to know your computers location, using multiple static IP addresses can be valuable. To set up multiple static IPs on the BHR, do the following:
1. Open a Web browser and enter "http://192.168.1.1" in the Address bar, then press the "Enter" key on the keyboard. Click OK.
2. The "Login Setup" screen appears. Enter a new User Name and Password in the appropriate fields. Click OK. Make sure and write down this information, as it will be needed in the future.
3. Click on the Security icon.
4. Select Static NAT from the left column.
5. Click Add from the "Static IP Mapping Table."
6. An IP address (example: 192.168.1.2) can be entered, or the name of the computer can be selected from the "Networked Computer/Device" list.
7. Enter one of the public addresses from the public IP address block assigned to the customer in "Public IP Address" text field.
8. From the "WAN Connection Type" list, select All Broadband Devices.
9. Make sure the check box next to "Enable Port Forwarding for Static NAT" is active (has a check mark).
10. Select the service/protocol that needs to be accessible from the public IP address, then click OK. (selecting "ANY" will allow all services to be accessible).
11. From the "Static NAT" screen, click Apply, then OK.
Set up Static Network Address Translation
A static NAT allows devices behind a firewall and configured with private IP addresses appear to have public IP addresses on the Internet. This allows an internal host, such as a web server, to have an unregistered (private) IP address and still be reachable over the Internet. To set up Static NAT:
1. Open a Web browser and enter "http://192.168.1.1" in the Address bar, then press the "Enter" key on the keyboard. Click OK.
2. Select Static NAT from any "Security" screen. The "Static NAT" screen appears.
3. Click Add. The "Add NAT/NAPT Rule" screen appears.
4. Select a source address from the drop-down list. Usually, this is the public IP address assigned by the ISP.
5. Select a "Destination Address from the appropriate drop-down list.
6. Select the protocol that needs to be accessible from the public IP address from the "Protocol" drop-down list.
7. From the "Operation" drop-down list, select ‚"Static NAT" or "NAPT" (Network Address Port Translation), depending on the type of rule.
8. Define when this new rule will occur from the "When should this rule occur?" drop-down list.
9. Repeat these steps to add more static IP addresses from the network.
Set up Port Forwarding
In its default state, the BHR blocks all external users from connecting to or communicating with the network, making it safe from hackers who may try to intrude on the network and damage it. However, the network can be exposed to the Internet in certain limited and controlled ways to enable some applications to work from the local network (game, voice, and chat applications, for example) and to enable Internet access to servers in the network. Port forwarding (sometimes referred to as local servers) supports both of these functions.
To grant Internet users access to servers inside the local network, each service provided, as well as the computer providing it, must be identified. To do this:
1. Open a Web browser and enter "http://192.168.1.1" in the Address bar, then press the "Enter" key on the keyboard. Click OK.
2. Select Port Forwarding from the left side of any Security screen. The "Port Forwarding" screen appears.
3. Click Add. The "Add Port Forwarding Rule" screen appears.
4. Enter the local IP address or the host name of the computer providing the service in the "Networked Computer/Device" text box. Note that only one local network computer can be assigned to provide a specific service or application.
5. Select the Internet protocol to be provided from the "Protocol" drop-down list. To see all options, select All Services.
6. To select a port to forward communications to (this is optional), select Specify from the "Forward to Port" drop-down list, then, in the text box that appears, enter the port number. If no port is identified, select Same as Incoming Port.
7. If this port will be active all the time, select Always from the "When should this rule occur?" drop-down list. If the rule will only be active at certain times, select Specify Schedule and click Add. Then, add a schedule rule.
8. Click Apply to save the changes.
Activate Parental Controls
With the BHR’s "Parental Controls" screen, you can create a basic access policy for any computer on the BHR's network by creating a set of rules (for example, block access to certain websites). To do this:
1. Open a Web browser and enter "http://192.168.1.1" in the Address bar, then press the "Enter" key on the keyboard. Click OK.
2. Click Parental Control from the top of the Home screen.
3. The "Parental Control" screen appears. From the "Networked Computer/Device" list box, select a computer/device, then click Add. The computer/device appears in the "Selected Devices" list box.
4. In the "Limit Access by" section of the screen, select one of the following options:
1. Block the following Websites and Embedded Keywords within a Website - blocks all websites or keywords entered in step 4 from being accessed on the computers/devices selected in step 2.
2. Allow the following Websites and Embedded Keywords within a Website - allows access only to the websites or keywords entered in step 4 on the computers/devices selected in step 2.
3. Blocking ALL Internet Access - blocks all Internet access on the computers/devices selected in step 2.
5. Enter the URL address of a website and, if applicable, the embedded keyword within the website. Click Add. The websites and/or keywords selected will appear in the textbox to the right. If you make a mistake, or wish to delete a previously entered website/keyword, select it, then click Remove.
6. If needed, you can create a schedule for when you want the rule to be active, or inactive. In the "Create Schedule" section, select the affected days.
7. Select whether the rule will be active or inactive during the schedule you created by clicking the radio button next to the appropriate option.
8. If you want more precise control over the schedule, set up an hourly schedule by entering the start and end times in the appropriate text boxes. Don't forget to specify AM or PM. Note: The hourly schedule only affects the days selected in step 5. For example, if you select Saturday and Sunday, a start time of 10 a.m., and an end time of 3 p.m., the scheduled time will be Saturday/Sunday, 10 a.m. to 3 p.m.
9. In the "Create Rule Name" section, enter a rule name and description in the appropriate text boxes.
10. Click Apply to save and apply the new rule.
Use Network Objects
Network objects are used to define a part of the BHR's network (for example, a group of computers) by MAC addresses, IP addresses, and/or host names. The defined part becomes a "network object," and settings, such as configuring system rules, can be applied to all the devices defined as part of the network object at once.
For example, instead of manually setting the same website filtering configuration to five computers one at a time, the computers can be defined as a network object, and website filtering configuration can then be applied to all the computers simultaneously.
Network objects can also be used to apply security rules based on host names instead of IP addresses. This may be useful, since IP addresses change from time to time. Moreover, it is possible to define network objects according to MAC addresses, making rule application more persistent against network configuration settings. To define a network object:
1. Open a Web browser and enter "http://192.168.1.1" in the Address bar, then press the "Enter" key on the keyboard. Click OK.
2. Click Advanced, then click Network Objects in the "Advanced" screen. The "Network Objects" screen appears.
3. Click Add. The "Edit Network Object" screen appears.
4. Specify a name for the network object in the "Description" text box.
5. Click Add. The "Edit Item" screen appears.
6. Select the type of network object type from the "Network Object Type" list box. Options include "IP address," "IP Subnet," "IP Range," "MAC Address," and "Host Name."
7. Repeat to create other network objects, if needed. When finished, click Apply to save all created network objects.
Use IP Address Distribution
The BHR's DHCP server makes it possible to easily add computers configured as DHCP clients to the network. It provides a mechanism for allocating IP addresses to these hosts and for delivering network configuration parameters to them. For example, a client (host) sends out a broadcast message on the network requesting an IP address for itself. The DHCP server then checks its list of available addresses and leases a local IP address to the host for a specific period of time and simultaneously designates this IP address as "taken." At this point, the host is configured with an IP address for the duration of the lease.
The host can choose to renew an expiring lease or let it expire. If it chooses to renew a lease, it will also receive current information about network services, as it did with the original lease, allowing it to update its network configurations to reflect any changes that occurred since it first connected to the network. If the host wishes to terminate a lease before its expiration, it can send a release message to the DHCP server, which will then make the IP address available for use by others.
The BHR's DHCP server:
• Displays a list of all DHCP hosts devices connected to the Router.
• Defines the range of IP addresses that can be allocated in the network.
• Defines the length of time for which dynamic IP addresses are allocated.
• Provides the above configurations for each network device and can be configured and enabled/disabled separately for each network device.
• Can assign a static lease to a network computer so that it receives the same IP address each time it connects to the network, even if this IP address is within the range of addresses that the DHCP server may assign to other computers.
• Provides the DNS server with the host name and IP address of each computer connected to the network.
To view a summary of the services currently being provided by the DHCP server, click IP Address Distribution in the "Advanced" screen. The "IP Address Distribution" screen appears.
Editing DHCP Server Settings
To edit the DHCP server settings for a device:
1. Click the appropriate icon in the "Action" column. The "DHCP Settings" screen for the device appears.
2. Select the "IP Address Distribution" from the drop-down list. Options include DHCP Server, DHCP Relay, or Disable.
3. Complete the following fields:
• Start IP Address Range, End IP Address Range - determines the number of hosts connected to the network in this subnet. "Start" specifies the first IP address assigned in this subnet and "End" specifies the last IP address in the range.
• Subnet Mask - used to determine to which subnet an IP address belongs. An example of a subnet mask value is 255.255.0.0.
• WINS Server - The WINS (Windows Internet Naming Service) server determines the IP address associated with a network device.
• Lease Time - each device will be assigned an IP address by the DHCP server for a limited time ("Lease Time") when it connects to the network. When the lease expires, the server will determine if the computer has disconnected from the network. If it has, the server may reassign this IP address to a newly-connected computer. This feature ensures that IP addresses not in use will become available for other computers on the network.
• Provide host name if not specified by client - when activated, the Router assigns the client a default name if the DHCP client does not have a host name.
4. Click Apply to save the changes.
To view a list of computers currently recognized by the DHCP server, click Connection List at the bottom of the IP Address Distribution screen. The "DHCP Connections" screen appears.
To define a new connection with a fixed IP address:
1. Click New Static Connection in the DHCP Connections screen. The "DHCP Connection Settings" screen appears.
2. Enter a host name for this connection.
3. Enter the fixed IP address to assign to the computer.
4. Enter the MAC address of the computer's network card.
5. Click Apply to save changes.
Note: A device's fixed IP address is actually assigned to the specific network card's MAC address installed on the network computer. If this network card is replaced, the device's entry in the DHCP Connections list must be updated with the new network card's MAC address.
To remove a host from the table, click the appropriate "Delete" icon in the Action column.
Use a DMZ (Demilitarized Zone) Host
The DMZ host feature allows one device on the network to operate outside of the protection of the firewall. This can be used:
• To use an Internet service, such as an online game or video-conferencing program, that is not present in the Port Forwarding list and for which no port range information is available.
• To expose one computer to all services without restriction or security.
Warning: A DMZ host is not protected by the firewall and may be vulnerable to attack. Designating a DMZ host may also put other computers in the local network at risk. When designating a DMZ host, consider the security implications and protect it if necessary.
To designate a local computer as a DMZ host:
1. Open a Web browser and enter "http://192.168.1.1" in the Address bar, then press the "Enter" key on the keyboard. Click OK.
2. Click Security, then select DMZ Host from the left side of the screen. The "DMZ Host" screen appears.
3. Click in the "DMZ Host IP Address" check box, then enter the IP address of the computer to be designated as a DMZ host. Note that only one network computer can be a DMZ host at any time.
4. Click Apply. Click in the "DMZ Host IP Address" check box again to disable the DMZ host.
Access Control
Use access control to block specific computers within the local network (or even the whole network) from accessing certain services on the Internet. For example, one computer can be prohibited from surfing the Internet, another computer from transferring files via FTP, and the whole network from receiving incoming e-mail. Access control defines restrictions on the types of requests that can pass from the local network out to the Internet, and thus may block traffic flowing in both directions. In the e-mail example, computers in the local network can be prevented from receiving e-mail by blocking their outgoing requests to POP3 servers on the Internet.
Access control also incorporates a list of preset services in the form of applications and common port settings. To view and allow/restrict these services:
1. Open a Web browser and enter "http://192.168.1.1" in the Address bar, then press the "Enter" key on the keyboard. Click OK.
2. Click Security, then Access Control from the left side of the screen. The "Access Control" screen appears. Note: The "Allowed" section is only visible when the firewall is set to "Maximum."
3. Click Add. The "Add Access Control Rule" screen appears. Note: To block a service, click Add in the "Blocked" section of the Access Control screen. To allow outgoing traffic, click Add in the "Allowed" section of the screen.
4. If this access control rule applies to all networked devices, select Any from the "Networked Computer/Device" list box. If this rule applies to certain devices only, select Specify Address and click Add. Then, create and add a network object (for more details about adding network objects, see the "Advanced Settings" chapter of this manual).
5. Select the Internet protocol to be allowed or blocked from the "Protocol" drop-down list.
6. If the rule will be active all the time, select Always from the "When should this rule occur?" drop-down list. If the rule will only be active at certain times, select Specify Schedule and click Add. Then, add a schedule rule (for more details about schedule rules, see the "Advanced Settings" chapter of this manual).
7. Click Apply to save the changes. The Access Control screen will display a summary of the new access control rule. Note: To block a service not included in the list, select Specify Protocol from the Protocol drop-down menu. The "Edit Service" screen appears. Define the service, then click OK. The service will then be automatically added to the top section of the "Add Access Control Rule" screen, and will be selectable.
An access control can be disabled and the service made available without having to remove the service from the Access Control table. This may be useful to make the service available temporarily, with the expectation that the restriction will be reinstated later.
• To temporarily disable an access control, clear the check box next to the service name.
• To reinstate the restriction at a later time, select the check box next to the service name.
• To remove an access restriction from the Access Control table, click Remove for the service. The service will be removed from the Access Control table.
By: Lesley Kirchman
About the author Director of Corporate Marketing for Actiontec Electronics since 1999, Lesley Kirchman is responsible for all aspects of marketing, corporate brand, and end user experience. Her leadership helped drive sales at Actiontec from $35 million in 1999 to over $180 million in 2007, secure coverage in hundreds of leading publications and news outlets, as well as expand brand visibility through co-branding campaigns with Verizon, Qwest, and AOL.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment