Most Linksys routers/firewalls rely on simple NAT routing and basic port filtering to control the flow of traffic through the router. | How the Linksys Router Firewall Works Most Linksys routers firewalls rely on simple NAT routing and basic port filtering to control the flow of traffic through the router. Depending on the direction of the traffic flow a different filtering methodology is applied. Filtering Traffic from External Sources Linksys adheres to the minimalist approach to filtering when it comes to filtering traffic from external sources. By default all traffic that originates from an external host is blocked by the router firewall unless it is specifically permitted. This policy ensures that only the traffic you explicitly permit is allowed to access protected resources. Linksys provides three methods of explicitly permitting traffic Port-range forwarding Port triggering DMZ forwarding Port-Range Forwarding Port-range forwarding is the classic port-forwarding configuration that most firewalls and routers implement. With port-range forwarding you enter the starting and ending port that should be permitted select the appropriate transport protocol TCP UDP or both and specify the IP address of the internal host that is providing the specified service. Doing so causes the router to take all traffic received on the external interface that is destined to the specified ports and forward the traffic to the internal host. Unfortunately there is no way to specify which external hosts should be allowed to access the internal resources so you are forced to allow all external resources access or allow none at all. In many cases for example a Simple Message Transfer Protocol SMTP server you want all external hosts to be able to access the server so this is not a problem. If you have an FTP server that you only want certain external hosts to access however you really need to implement a firewall other than the Linksys router. Figure 5-2 illustrates how portrange forwarding works with an internal host running a web server. Figure 5-2. Port-Range Forwarding View full size image In Figure 5-2 the router .