78

NAT

NAT (Network Address Translation) feature translates a private IP to a public IP, allowing multiple

users to access the Internet through a single IP account, sharing the single IP address. It is a natural

firewall for the private network.

Virtual Servers

In TCP/IP and UDP networks a port is a 16-bit number used to identify which application program

(usually a server) incoming connections should be delivered to. Some ports have numbers that are

pre-assigned to them by the IANA (the Internet Assigned Numbers Authority), and these are referred

to as “well-known ports”. Servers follow the well-known port assignments so clients can locate them.

If you wish to run a server on your network that can be accessed from the WAN (i.e. from other

machines on the Internet that are outside your local network), or any application that can accept

incoming connections (e.g. Peer-to-peer/P2P software such as instant messaging applications and

P2P file-sharing applications) and are using NAT (Network Address Translation), then you will

usually need to configure your router to forward these incoming connection attempts using specific

ports to the PC on your network running the application. You will also need to use port forwarding if

you want to host an online game server.

The reason for this is that when using NAT, your publicly accessible IP address will be used by and

point to your router, which then needs to deliver all traffic to the private IP addresses used by your

PCs. Please see the

WAN

configuration section of this manual for more information on NAT.

The device can be configured as a virtual server so that remote users accessing services such as

Web or FTP services via the public (WAN) IP address can be automatically redirected to local

servers in the LAN network. Depending on the requested service (TCP/UDP port number), the

device redirects the external service request to the appropriate server within the LAN network.

This part is only available when NAT is enabled.

It is virtual server listing table as you see, Click Add to configure.

79

The following configuration page will appear to let you configure.

Interface:

select from the drop-down menu the interface you want the virtual server(s) applies to.

Server Name:

select the server name from the drop-down menu.

Custom Service:

it is a kind of service to let users customize the service they want. Enter the user-

defined service name here. It is a parameter only available when users select

Custom Service

in

the above parameter.

Server IP Address:

Enter your server IP Address here.

External Port

L

Start:

Enter a port number as the external starting number for the range you want to give

access to internal network.

L

End:

Enter a port number as the external ending number for the range you want to give

access to internal network.

Internal Port

L

Start:

Enter a port number as the internal staring number.

L

End:

Here it will generate automatically according to the End port number of External port

and can’t be modified.

Protocol:

select the protocol this service used: TCP/UDP, TCP, UDP.

80

Set up

1.

Select a Server Name from the drop-down menu, then the port will automatically appear, modify

some as you like, or you can just leave it as default. Remember to enter your server IP Address.

2.

Press

Apply

to conform, and the items will be list in the

Virtual Servers Setup

table.

81

Remove

If you don’t need a specified Server, you can remove it. Check the check box beside the item you

want to remove, then press

Remove

, it will be OK.

ALG

The ALG Controls enable or disable protocols over application layer.

82

DMZ Host

The DMZ Host is a local computer exposed to the Internet. When setting a particular internal IP

address as the DMZ Host, all incoming packets will be checked by the Firewall and NAT algorithms

then passed to the DMZ host, when a packet received does not use a port number used by any

other Virtual Server entries.

DMZ Host IP Address:

Enter the IP Address of a host you want it to be a DMZ host.

Using port mapping does have security implications, since outside users are

able to connect to PCs on your network. For this reason you are advised to use

specific Virtual Server entries just for the ports your application requires instead

of simply using DMZ or creating a Virtual Server entry for “All” protocols, as

doing so results in all connection attempts to your public IP address accessing

the specified PC.

If you have disabled the NAT option in the WAN-ISP section, the Virtual Server

function will hence be invalid.

If the DHCP server option is enabled, you have to be very careful in assigning

the IP addresses of the virtual servers in order to avoid conflicts. The easiest way

of configuring Virtual Servers is to manually assign static IP address to each

virtual server PC, with an address that does not fall into the range of IP

addresses that are to be issued by the DHCP server. You can configure the

virtual server IP address manually, but it must still be in the same subnet as the

router.

Attention