Vigor2920 Series User’s Guide

41

2nd Subnet -

Select the router to change the RIP information of the

2nd subnet with neighboring routers.

DHCP Server

Configuration

DHCP stands for Dynamic Host Configuration Protocol. The router

by factory default acts a DHCP server for your network so it

automatically dispatch related IP settings to any local user

configured as a DHCP client. It is highly recommended that you

leave the router enabled as a DHCP server if you do not have a

DHCP server for your network.

If you want to use another DHCP server in the network other than

the Vigor Router’s, you can let Relay Agent help you to redirect the

DHCP request to the specified location.

Enable Server -

Let the router assign IP address to every host in the

LAN.

Disable Server –

Let you manually assign IP address to every host

in the LAN.

Relay Agent – (1

st

subnet/2

nd

subnet)

Specify which subnet that

DHCP server is located the relay agent should redirect the DHCP

request to.

Start IP Address -

Enter a value of the IP address pool for the

DHCP server to start with when issuing IP addresses. If the 1st IP

address of your router is 192.168.1.1, the starting IP address must be

192.168.1.2 or greater, but smaller than 192.168.1.254.

IP Pool Counts -

Enter the maximum number of PCs that you want

the DHCP server to assign IP addresses to. The default is 50 and the

maximum is 253.

Gateway IP Address -

Enter a value of the gateway IP address for

the DHCP server. The value is usually as same as the 1st IP address

of the router, which means the router is the default gateway.

DHCP Server IP Address for Relay Agent -

Set the IP address of

the DHCP server you are going to use so the Relay Agent can help to

forward the DHCP request to the DHCP server.

DNS Server

Configuration

DNS stands for Domain Name System. Every Internet host must

have a unique IP address, also they may have a human-friendly,

easy to remember name such as www.yahoo.com. The DNS server

converts the user-friendly name into its equivalent IP address

.

Force DNS manual setting -

Force Vigor router to use DNS servers

in this page instead of DNS servers given by the Internet Access

server (PPPoE, PPTP, L2TP or DHCP server).

Primary IP Address -

You must specify a DNS server IP address

here because your ISP should provide you with usually more than

one DNS Server. If your ISP does not provide it, the router will

automatically apply default DNS Server IP address: 194.109.6.66 to

this field.

Secondary IP Address -

You can specify secondary DNS server IP

address here because your ISP often provides you more than one

DNS Server. If your ISP does not provide it, the router will

automatically apply default secondary DNS Server IP address:

194.98.0.1 to this field.

The default DNS Server IP address can be found via Online Status:

VoIPon

www.voipon.co.uk

[email protected]

Tel: +44 (0)1245 808195

Fax: +44 (0)1245 808299

Vigor2920 Series User’s Guide

42

If both the Primary IP and Secondary IP Address fields are left empty,

the router will assign its own IP address to local users as a DNS

proxy server and maintain a DNS cache.

If the IP address of a domain name is already in the DNS cache, the

router will resolve the domain name immediately. Otherwise, the

router forwards the DNS query packet to the external DNS server by

establishing a WAN (e.g. DSL/Cable) connection.

There are two common scenarios of LAN settings that stated in Chapter 5. For the

configuration examples, please refer to that chapter to get more information for your necessity.

3.3 NAT

Usually, the router serves as an NAT (Network Address Translation) router. NAT is a

mechanism that one or more private IP addresses can be mapped into a single public one.

Public IP address is usually assigned by your ISP, for which you may get charged. Private IP

addresses are recognized only among internal hosts.

When the outgoing packets destined to some public server on the Internet reach the NAT

router, the router will change its source address into the public IP address of the router, select

the available public port, and then forward it. At the same time, the router shall list an entry in

a table to memorize this address/port-mapping relationship. When the public server response,

the incoming traffic, of course, is destined to the router’s public IP address and the router will

do the inversion based on its table. Therefore, the internal host can communicate with external

host smoothly.

The benefit of the NAT includes:

z

Save cost on applying public IP address and apply efficient usage of IP address.

NAT allows the internal IP addresses of local hosts to be translated into one public IP

address, thus you can have only one IP address on behalf of the entire internal hosts.

z

Enhance security of the internal network by obscuring the IP address.

There are

many attacks aiming victims based on the IP address. Since the attacker cannot be aware

of any private IP addresses, the NAT function can protect the internal network.

On NAT page, you will see the private IP address defined in RFC-1918. Usually we use the

192.168.1.0/24 subnet for the router. As stated before, the NAT facility can map one or

more IP addresses and/or service ports into different specified services. In other words, the

NAT function can be achieved by using port mapping methods.

Below shows the menu items for NAT.

VoIPon

www.voipon.co.uk

[email protected]

Tel: +44 (0)1245 808195

Fax: +44 (0)1245 808299

Vigor2920 Series User’s Guide

43

3.3.1 Port Redirection

Port Redirection

is

usually set up for server related service inside the local network (LAN),

such as web servers, FTP servers, E-mail servers etc. Most of the case, you need a public IP

address for each server and this public IP address/domain name are recognized by all users.

Since the server is actually located inside the LAN, the network well protected by NAT of the

router, and identified by its private IP address/port, the goal of Port Redirection function is to

forward all access request with public IP address from external users to the mapping private IP

address/port of the server.

The port redirection can only apply to incoming traffic.

To use this function, please go to

NAT

page and choose

Port

Redirection

web page. The

Port Redirection Table

provides 20 port-mapping entries for the internal hosts.

Press any number under Index to access into next page for configuring port redirection.

VoIPon

www.voipon.co.uk

[email protected]

Tel: +44 (0)1245 808195

Fax: +44 (0)1245 808299

Vigor2920 Series User’s Guide

44

Enable

Check this box to enable such port redirection setting.

Mode

Two options (Single and Range) are provided here for you to choose.

To set a range for the specific service, select

Range

. In Range mode,

if the public port (start port and end port) and the starting IP of

private IP had been entered, the system will calculate and display the

ending IP of private IP automatically.

Service Name

Enter the description of the specific network service.

Protocol

Select the transport layer protocol (TCP or UDP).

WAN IP

Select the WAN IP used for port redirection. There are eight WAN

IP alias that can be selected and used for port redirection. The

default setting is

All

which means all the incoming data from any

port will be redirected to specified range of IP address and port.

Public Port

Specify which port can be redirected to the specified

Private IP and

Port

of the internal host. If you choose

Range

as the port redirection

mode, you will see two boxes on this field. Simply type the required

number on the first box. The second one will be assigned

automatically later.

Private IP

Specify the private IP address of the internal host providing the

service. If you choose

Range

as the port redirection mode, you will

see two boxes on this field. Type a complete IP address in the first

box (as the starting point) and the fourth digits in the second box (as

the end point).

Private Port

Specify the private port number of the service offered by the internal

host.

Note that the router has its own built-in services (servers) such as Telnet, HTTP and FTP etc.

Since the common port numbers of these services (servers) are all the same, you may need to

reset the router in order to avoid confliction.

VoIPon

www.voipon.co.uk

[email protected]

Tel: +44 (0)1245 808195

Fax: +44 (0)1245 808299

Vigor2920 Series User’s Guide

45

3.3.2 DMZ Host

As mentioned above,

Port Redirection

can redirect incoming TCP/UDP or other traffic on

particular ports to the specific private IP address/port of host in the LAN. However, other IP

protocols, for example Protocols 50 (ESP) and 51 (AH), do not travel on a fixed port. Vigor

router provides a facility

DMZ Host

that maps ALL unsolicited data on any protocol to a

single host in the LAN. Regular web surfing and other such Internet activities from other

clients will continue to work without inappropriate interruption.

DMZ Host

allows a defined

internal user to be totally exposed to the Internet, which usually helps some special

applications such as Netmeeting or Internet Games etc.

The security properties of NAT are somewhat bypassed if you set up DMZ host. We suggest

you to add additional filter rules or a secondary firewall.

Click

DMZ Host

to open the following page:

VoIPon

www.voipon.co.uk

[email protected]

Tel: +44 (0)1245 808195

Fax: +44 (0)1245 808299