46

D-Link DSL-500B User Manual

Web Configuration

NAT

Note:

You must enable the NAT service when you configure the WAN connection at first. The NAT item will then

appear in the

Advanced Setup

directory. In the pure bridging mode, there is no NAT service.

Overview - Setting up the NAT Function

The DSL router is equipped with the Network Address Translation (NAT) function. With address mapping, several

users in the local network can access the Internet via one or more public IP addresses. All the local IP addresses

are assigned to the public IP address of the router by default.

One of the characteristics of NAT is that data from the Internet is not allowed into the local network unless it is

explicitly requested by one of the PCs in the network. Most Internet applications can run behind the NAT firewall

without any problems. For example, if you request Internet pages or send and receive e-mails, the request for data

from the Internet comes from a PC in the local network, and so the router allows the data to pass through. The

router opens one specific port for the application. A port in this context is an internal PC address, via which the data

is exchanged between the Internet and a client on a PC in the local network. Communicating via a port is subject to

the rules of a particular protocol (TCP or UDP).

If an external application tries to send a call to a PC in the local network, the router blocks it. There is no open port

via which the data could enter the local network. Some applications, such as games on the Internet, require several

links (that is, several ports), so that players can communicate with each other. In addition, these applications must

also be permitted to send requests from other users on the Internet to users in the local network. These applications

cannot run if NAT is activated.

47

D-Link DSL-500B User Manual

Web Configuration

Using port forwarding (the forwarding of requests to particular ports), the router is forced to send requests from

the Internet for a certain service, for example, a game, to the appropriate port(s) on the PC on which the game is

running. Port triggering is a special variant of port forwarding. Unlike port forwarding, the DSL router forwards the

data from the port block to the PC which has previously sent data to the Internet via a certain port (trigger port). This

means that approval for the data transfer is not tied to one specific PC in the network, but rather to the port numbers

of the required Internet service.

Where configuration is concerned, you must define a so-called trigger port for the application and also the protocol

(TCP or UDP) that this port uses. You then assign the public ports that are to be opened for the application to this

trigger port. The router checks all outgoing data for the port number and protocol. If it identifies a match of port and

protocol for a defined trigger port, then it opens the assigned public ports and notes the IP address of the PC that

sent the data. If data comes back from the Internet via one of these public ports, the router allows it to pass through

and directs it to the appropriate PC. A trigger event always comes from a PC within the local network. If a trigger

port is addressed from outside, the router simply ignores it.

Note:

An application that is configured for port triggering can only be run by one user in the local network at a time.

±

After public ports are opened, they can be used by unauthorized persons to gain access to a PC in the local

±

network.

When the DSL router is supplied, the NAT function is activated. For example, all IP addresses of PCs in the

±

local network are converted to the public IP address of the router when accessing the Internet. You can use

NAT settings to configure the DSL router to carry out the following tasks.

For functions described as follows, IP addresses of the PCs must remain unchanged. If the IP addresses of the

±

PCs are assigned via the DHCP server of the DSL router, you must disable DHCP server as the settings in the

local network menu entry for the lease time or assign static IP addresses for the PCs.

You can enable or disable the NAT function. By default, the NAT function is enabled.

±

48

D-Link DSL-500B User Manual

Web Configuration

NAT - Virtual Server Setup

By default, DSL router blocks all external users from connecting or communicating with your network. Therefore, the

system is safe from hackers who may try to intrude into the network and damage it.

However, you may want to expose your network to the Internet in limited and controlled ways in order to enable

some applications to work from the LAN (for example, game, voice, and chat applications) and to enable Internet

access to servers in the home network. The port forwarding feature supports both functions. This topic is also

referred as Local Servers.

The port forwarding page is used to define applications that require special handling by DSL router. All you need to

do is to select the application protocol and the local IP address of the computer that is using or providing the service.

If required, you may add new protocols in addition to the most common ones provided by DSL router.

For example, if you wanted to use a file transfer protocol (FTP) application on one of your PCs, you would simply

select FTP from the list and enter the local IP address or host name of the designated computer. All FTP-related

data arriving at DSL router from the Internet henceforth is forwarded to the specific computer.

Similarly, you can grant Internet users access to servers inside your home network, by identifying each service and

the PC that provide it. This is useful, for example, if you want to host a Web server inside your home network.

When an Internet user points his/her browser to DSL router external IP address, the gateway forwards the incoming

HTTP request to your Web server. With one external IP address (DSL router main IP address), different applications

can be assigned to your LAN computers, however each type of application is limited to use one computer.

For example, you can define that FTP uses address X to reach computer A and Telnet also uses address X to

reach computer A. But attempting to define FTP to use address X to reach both computer A and B fails. DSL router,

therefore, provides the ability to add additional public IP addresses to port forwarding rules, which you must obtain

from your ISP, and enter into the IP addresses pool. Then, you can define FTP to use address X to reach computer

A and address Y to reach computer B.

49

D-Link DSL-500B User Manual

Web Configuration

Additionally, port forwarding enables you to redirect traffic to a different port instead of the one to which it was desig

-

nated. For example, if you have a Web server running on your PC on port 8080 and you want to grant access to this

server to any one who accesses DSL router via HTTP.

To accomplish this, do as follows:

Step 1

Define a port forwarding rule for the HTTP service, with the PC IP or host name.

Step 2

Specify 8080 in the Forward to Port field.

All incoming HTTP traffic is forwarded to the PC running the Web server on port 8080. When setting a port

forwarding service, ensure that the port is not used by another application, which may stop functioning. A common

example is when using SIP signaling in Voice over IP, the port used by the gateway VoIP application (5060) is the

same port, on which port forwarding is set for LAN SIP agents.

Note:

Some applications, such as FTP, TFTP, PPTP and H323, require the support of special specific application

level gateway (ALG) modules in order to work inside the home network. Data packets associated with these appli-

cations contain information that allows them to be routed correctly. An ALG is needed to handle these packets and

ensure that they reach their intended destinations. DSL router is equipped with a robust list of ALG modules in order

to enable maximum functionality in the home network. The ALG is automatically assigned based on the destination

port.

Virtual servers are configured for this purpose.

50

D-Link DSL-500B User Manual

Web Configuration

Adding Port Forwarding

Step 1

To set up virtual servers for a service, go to

Advanced Setup >

NAT > Virtual Servers

, and then click

Add

.

Step 2

Select a service or enter a custom server.

Step 3

Set the

Server IP Address

.

Step 4

Enter the server IP address of the computer that provides the

service (the server in the local host field). Note that unless an

additional external IP address is added, only one LAN computer

can be assigned to provide a specific service or application.

Step 5

Set

External Port Start

and

External Port End

.

Step 6

Select a

Protocol

from the drop-down box.

Step 7

Set

Internal Port Start

and

Internal Port End

.

Step 8

Enter

Remote IP

.