TP-link router firewall settings

Source: Internet
Author: User
Tags in domain

Router Firewall Application Example-1)

IP address filtering is used to set the Intranet host's access permissions to the Internet through IP addresses. This applies to the requirement that an intranet IP segment is prohibited/allowed in a certain period of time) communication between all or some ports and all or some ports of the Internet IP address.

When you enable the IP address filtering function, you must enable the firewall's general switch and specify whether the default Filtering Rule for IP address filtering is ambiguous, click "help" on the current page to view help information ):

The following two examples are used to describe how to use IP address filtering.

Example 1:

Intended purpose: do not allow the IP address 192.168.1.100-192.168.1.102 of the Intranet to access all IP addresses of the Internet; allow all IP addresses of the Internet to access 192.168.1.103 completely without restriction. The setting method is as follows:

1. Select the default Filtering Rule: Any data packet that does not comply with the configured IP address filtering rule is prohibited from passing through this router:

2. Add an IP address to filter new entries:

Allow access to all IP addresses of the Internet from the Intranet 192.168.1.103

Because the default rule is "prohibit data packets that do not comply with the IP filtering rules from going through the router", you do not need to add the IP address segment of the Intranet COMPUTER: 192.168.1.100-192.168.1.102.

3. Save and generate the following entries to achieve the expected purpose:

Example 2:

Intended purpose: the IP address of 192.168.1.100-192.168.1.102 on the Intranet can only browse the Internet webpage at any time. From eight o'clock A.M. to six o'clock P.M., 192.168.1.103 only allows sending and receiving emails on the server 219.134.132.62 on the Internet, and cannot communicate with the internet for the rest of the time.

To browse the Web page, you must use port 80 HTTP protocol), send and receive emails using 25 SMTP) and 110POP), and at the same time, the domain name server port number 53DNS)

The setting method is as follows:

1. Select the default Filtering Rule: Any data packet that does not comply with the configured IP address filtering rule is prohibited from passing through this router:

2. Set to generate the following entries to achieve the expected purpose:

Vro Firewall Application Example-2) MAC address filtering uses MAC address filtering to set Intranet host access to the Internet through MAC address. This applies to the following requirements: prohibit/allow communication between a MAC address on the Intranet and the Internet.

When you enable the MAC address filtering function, you must enable the firewall's general switch and specify whether the default Filtering Rule for MAC address filtering is ambiguous, click "help" on the current page to view help information ):

The following example shows how to use MAC address filtering.

For example, only computers with the MAC address "00-19-66-80-53-52" can access the Internet and other computers are prohibited from accessing the internet. The settings are as follows:

1Select the default filter rule: only allow enabled MAC addresses in the configured MAC address list to access the Internet

2Add a new entry for MAC address filtering:

Add the MAC address: 00-19-66-80-53-52, and select "effective"

3And generate the following entries after saving:

After the configuration is complete, only computers with the MAC address "00-19-66-80-53-52" in the LAN can access the Internet.

Router Firewall Application Example-3) domain name filtering uses domain name filtering to restrict the access of computers in the LAN to certain websites. This applies to the following requirements: in a certain period of time, restrict access to some websites on the Internet or use of certain applications that require domain name resolution to communicate with the Internet.

When you enable the domain name filtering function, you must enable the firewall's general switch settings. If there is any ambiguity, click "help" on the current page to view help information ):

The following example shows how to use domain name filtering.

Intended purpose: to prohibit access to the website www.caraphbl.com at any time. Access to the website with the ". cn" character string in the domain name is only prohibited from eight o'clock A.M. to four o'clock P.M., and access is allowed for the rest of the time. The setting method is as follows:

Add a new IP address filter entry:

Access to www.caraphbl.com is prohibited at any time

Router Firewall Application Example-1) ip address filtering uses IP address filtering to set Intranet host access to the Internet through IP addresses. This applies to the following requirements: in a certain period of time, prohibit/allow communication between all or part of the port and all or part of the Internet IP address.

When you enable the IP address filtering function, you must enable the firewall's general switch and specify whether the default Filtering Rule for IP address filtering is ambiguous, click "help" on the current page to view help information ):

The following two examples describe how to use IP address filtering.

Example 1:

Intended purpose: do not allow the IP address 192.168.1.100-192.168.1.102 of the Intranet to access all IP addresses of the Internet; allow all IP addresses of the Internet to access 192.168.1.103 completely without restriction. The setting method is as follows:

1. Select the default Filtering Rule: Any data packet that does not comply with the configured IP address filtering rule is prohibited from passing through this router:

2. Add a new IP address filter entry:

Allow access to all IP addresses of the Internet from the Intranet 192.168.1.103

Because the default rule is "prohibit data packets that do not comply with the IP filtering rules from going through the router", you do not need to add the IP address segment of the Intranet COMPUTER: 192.168.1.100-192.168.1.102.

3.Save and generate the following entries to achieve the expected purpose:

Example 2:

Intended purpose: the IP address of 192.168.1.100-192.168.1.102 on the Intranet can only browse the Internet webpage at any time. From eight o'clock A.M. to six o'clock P.M., 192.168.1.103 only allows sending and receiving emails on the server 219.134.132.62 on the Internet, and cannot communicate with the internet for the rest of the time.

To browse the Web page, you must use port 80 HTTP protocol), send and receive emails using 25 SMTP) and 110POP), and at the same time, the domain name server port number 53DNS)

The setting method is as follows:

1. Select the default Filtering Rule: Any data packet that does not comply with the configured IP address filtering rule is prohibited from passing through this router:

2. Set to generate the following entries to achieve the expected purpose:

Router Firewall Application Example-2)MAC address filtering uses MAC address filtering to set the Intranet host's access permissions to the Internet through MAC addresses. This applies to the requirement that a MAC address on the Intranet cannot communicate with the Internet.

When you enable the MAC address filtering function, you must enable the firewall's general switch and specify whether the default Filtering Rule for MAC address filtering is ambiguous, click "help" on the current page to view help information ):

The following example shows how to use MAC address filtering.

For example, only computers with the MAC address "00-19-66-80-53-52" can access the Internet and other computers are prohibited from accessing the internet. The settings are as follows:

1. Select the default filter rule: allow only enabled MAC addresses in the configured MAC address list to access the Internet.

2. Add a new entry for MAC address filtering:

Add the MAC address: 00-19-66-80-53-52, and select "effective"

3. Save and generate the following entries:

After the configuration is complete, only computers with the MAC address "00-19-66-80-53-52" in the LAN can access the Internet.

Router Firewall Application Example-3) domain name filtering uses domain name filtering to restrict the access of computers in the LAN to certain websites. This applies to the following requirements: in a certain period of time, restrict access to some websites on the Internet or use of certain applications that require domain name resolution to communicate with the Internet.

When you enable the domain name filtering function, you must enable the firewall's general switch settings. If there is any ambiguity, click "help" on the current page to view help information ):

The following example shows how to use domain name filtering.

Intended purpose: to prohibit access to the website www.caraphbl.com at any time. Access to the website with the ". cn" character string in the domain name is only prohibited from eight o'clock A.M. to four o'clock P.M., and access is allowed for the rest of the time. The setting method is as follows:

1. Add an IP address to filter new entries:

Access to www.caraphbl.com is prohibited at any time

The website with the ". cn" character string in the domain name is forbidden from eight o'clock A.M. to four o'clock P.M..

2. Save and generate the following entries to achieve the expected purpose:

Note:

1. The domain name filtering status bar displays "invalid" and "effective". The corresponding filtering entries take effect only when the status item is "effective ".

2. after filtering rules are configured on the vro, You need to delete the temporary files of the browser on the computer: open IE browser-> click "options"-> select "Internet Options"-> click "delete file" on the "General" tab ".

Possible reasons for invalid domain name Filtering:

1. Check whether the router firewall's general switch and domain name filtering are enabled, and whether the entries set in domain name filtering take effect

2. whether the domain name to be filtered is a subset of the accessed domain name. For example, if "163.com" is set for domain name filtering, "news.163.com" and "mail.163.com" cannot be accessed, however, if "www.163.com" is set to filter out, only "www.163.com" and "www.163.com/www.163.com/com" cannot be controlled. In other words, news.163.com##mail.163.com#is normal.

3. Use the URL to access the network for the reason of local DNS Cache:

1) after entering a domain name in the browser, the system submits the domain name to the DNS server for resolution, and then uses the resolved IP address to access the target site.

2) If the IP address resolved by this domain name already exists in the local DNS cache, you do not need to submit it to the DNS server again. The local machine uses the resolved IP address in the cache to access the destination site.

Therefore, even if the above steps 1 and 2 are correctly set, the filtered site can still be accessed due to local DNS Cache. In this case, you can clear the local DNS cache.

Method: fix the local connection or run the "ipconfig/flushdns" command in the command prompt to clear it.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.