BBIagent.Net

Home

Features

Hardware

Download

Documents

Demo

Support

Contact

The default configuration of BBIagent router allows all the computers on the internal network to access the external network if they are in the same network segment of the router. You can add rules in Access Control to restrict external access based on IP address, NIC MAC address, protocol, service port, connection status, destination host, time of day and day of week.

The rules should be arranged properly, or they will not be effective. If a rule in the list is matched, other rules afterward (below in the list) will not be checked.

Click Access Control button again to refresh the rules in the list.

Rules in Access Control restrict access to external network

To add a rule, enter values in the fields and click Insert button. The rule will be inserted before the rule selected in the list. If there is no rule selected, it will be appended at the end. If the rule is enabled and the data are valid, it will be applied to the router immediately.

Following are the fields in a rule.

Field	Description
Source Host on LAN	Computer on the internal network which you want to restrict its access to the external network. It may be IP address, MAC address of network adapter, or network segment. The format of MAC address is XX:XX:XX:XX:XX:XX. Network segment can be entered as IP address/mask length. For example, 192.168.2.0/30 means IP addresses from 192.168.2.0 to 192.168.2.3. A range of IP address can be entered as xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx. e.g. 192.168.2.7-192.168.2.25. IP address and MAC address can entered in the same field as xxx.xxx.xxx.xxx/XX:XX:XX:XX:XX:XX. e.g. 192.168.2.8/11:22:33:44:55:66.
Connection	The connection from specific computer will be accepted, rejected or dropped. If the connection is dropped, no packet is sent back so that the computer has to wait for connection time-out.
Protocol	Connection protocol to be restricted.
Service Port	A single port or a range of ports to be restricted if protocol is TCP or UDP. The valid port number ranges from 0 to 65535. If it is a range of ports, its format is first port - last port. For example, 2000-3000.
State	If protocol is TCP, you can select the state of the connection to be restricted.
Destination Host on WAN	IP address of the external host or network segment to be restricted. Network segment can be entered as IP address/mask length. For example, 172.16.111.0/24 means IP addresses from 172.16.111.0 to 172.16.111.255. A range of IP address can be entered as xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx. e.g. 192.168.2.7-192.168.2.25.
Time	Day time for access control. The format is HH:MM-HH:MM (starting-ending). e.g. 09:30-17:10. The starting time should be less than ending time.
Days	Days of week for access control. 1 to 6 stands for Monday to Saturday, and 0 or 7 for Sunday. They can be separated with comma (,) or hyphen (-). For example, weekday can be entered as 1-5, and weekend as 6,7. 1-4,7 stands for Monday to Thursday and Sunday.
Period	Period for access control. The format is YY/MM/DD HH:mm:SS-YY/MM/DD HH:mm:SS. e.g. 05/04/01 09:30:00-05/04/30 18:00:00.

Following are the description of sample rules in the list.

Rule	Description
1	Drop all UDP packets sending to port 137,138 and 139, which are the broadcast packets of SMB for file sharing.
2	Computers with IP addresses from 192.168.2.0 to 192.168.2.15 are not allowed to use FTP service for file transfer during 8:00 to 17:30 from Monday to Friday.
3	Computer with IP address 192.168.2.4 is allowed to send and receive e-mail at host 172.168.111.222 outside.
4	Since the default settings allow all the computers to access outside. We want to restrict 192.168.2.4 only for e-mail access defined in rule 3. This rule has to be added for rejecting all others connections from this computer.
5	This rule prevents computer with MAC address 12:34:56:78:90:AB from connecting to any other hosts outside with TCP and port 1234 on Monday, Tuesday, Wednesday and Saturday.
6	Reject the connections from all computers in network segment 192.168.2.0/255.255.255.0 on the weekend.