The GS' firewall features are pretty much in line with other Linksys routers, with one exception I'll cover shortly. You can forward up to ten port ranges (Figure 3), with TCP, UDP or both protocols, but triggered port forwarding isn't supported.
Figure 3: Port Forwarding
Port Forwarding entries are both editable and able to be disabled and left programmed and loopback is supported for servers on forwarded ports.
Tip: See this page of our Hardware Router NTK - Terminology Guide for an explanation of "loopback".
UPnP is supported (on the Administration tab) and enabled by default. But ports opened by UPnP NAT Traversal aren't reflected in the GS' admin interface. The router also supports putting one computer in DMZ via a setting on the Security tab of the interface.
Internet access control is provided via the Access Restrictions features shown in Figure 4, which I still find confusing and is one of the product's weakest features.
Figure 4: Access Restrictions
The Access Policy is schedulable by day and time, and up to 10 different policies can be created. Each policy has its own schedule and group(s) of LAN computers that it applies to, but is an all-or-nothing proposition. The Access Policy either grants all or denies all Internet access, and can't be limited to specific ports.
Specific port filtering is controlled by the Blocked Services settings, but these settings can't be scheduled, apply to all LAN machines, and you only get two. You can add service definitions that aren't included in Linksys' default list, though.
Website blocking is provided for four URLs and six keywords, but there's no ability to block Web Proxies, ActiveX, Java, and Cookies. You also can't define a "trusted users" who can bypass all these Internet access controls.
If these controls don't suit your needs, you can enable the new Parental Control feature. This is a charge-for rebranded service created by Netopia that's intended to provide controls similar to those you get on AOL and MSN. You can establish profiles for each user that include the Internet services (AIM, email, web, etc.) they can use and the categories of websites they can view. You also get detailed Internet usage reports for each registered user.
I didn't check out the service, but if you can visit Netopia's site, or Linksys' info page to learn more. You get a free 30 day trial with the WRT54GS, and Linksys sweetens the deal by cutting the service price by 20% if you sign up within the first 15 days of the trial. (Since Linksys also throws in an extra month of service for early takers, the discount is actually closer to 25%.)
I've complained to consumer networking companies for some time that they needed to improve their parental control and reporting features, so I'm glad to see Linksys finally take up the challenge. Although it's a charge-for service, I think $40 a year ($50 non-discounted) is reasonable when you consider that - unlike virus-protection deals - it covers all users beind the router. It's also is a lot cheaper than what you'd pay to AOL or MSN for similar capability. However, I'd like to see Linksys (or Netopia) fix the application so that it works with current versions of Mozilla. When I tried to even view the sign up info with Mozilla 1.6b, I got the following:
To view these pages, please use either Netscape 7.0 or above for Windows, Internet Explorer 5.5 or above for Windows, or Internet Explorer 5.1 or above for Macintosh.