Page 56 / 304 Scroll up to view Page 51 - 55
VigorPro5300 Series User’s Guide
48
and MAC address listed in ARP table can be selected and added
to IP Bind List by clicking
Add
below
.
Add and Edit
IP Address
Type the IP address that will be used for the
specified MAC address.
Mac Address
Type the MAC address that is used to bind with
the assigned IP address.
Refresh
It is used to refresh the ARP table. When there is one new PC
added to the LAN, you can click this link to obtain the newly
ARP table information.
IP Bind List
It displays a list for the IP bind to MAC information.
Add
It allows you to add the one you choose from the ARP table or
the IP/MAC address typed in
Add and Edit
to the table of
IP
Bind List
.
Edit
It allows you to edit and modify the selected IP address and MAC
address that you create before.
Delete
You can remove any item listed in
IP Bind List
. Simply click
and select the one, and click
Delete
. The selected item will be
removed from the
IP Bind List
.
Note:
Before you select
Strict Bind
, you have to bind one set of IP/MAC address for one
PC. If not, no one of the PCs can access into Internet. And the web configurator of the
router might not be accessed.
3.3 NAT
Usually, the router serves as an NAT (Network Address Translation) router. NAT is a
mechanism that one or more private IP addresses can be mapped into a single public one.
Public IP address is usually assigned by your ISP, for which you may get charged. Private IP
addresses are recognized only among internal hosts.
When the outgoing packets destined to some public server on the Internet reach the NAT
router, the router will change its source address into the public IP address of the router, select
the available public port, and then forward it. At the same time, the router shall list an entry
in a table to memorize this address/port-mapping relationship. When the public server
response, the incoming traffic, of course, is destined to the router’s public IP address and the
router will do the inversion based on its table. Therefore, the internal host can communicate
with external host smoothly.
The benefit of the NAT includes:
z
Save cost on applying public IP address and apply efficient usage of IP address.
NAT allows the internal IP addresses of local hosts to be translated into one public IP
address, thus you can have only one IP address on behalf of the entire internal hosts.
z
Enhance security of the internal network by obscuring the IP address.
There are
many attacks aiming victims based on the IP address. Since the attacker cannot be
aware of any private IP addresses, the NAT function can protect the internal network.
On NAT page, you will see the private IP address defined in RFC-1918. Usually we use
the 192.168.1.0/24 subnet for the router. As stated before, the NAT facility can map one
or more IP addresses and/or service ports into different specified services. In other words,
the NAT function can be achieved by using port mapping methods.
Below shows the menu items for NAT.
Page 57 / 304
VigorPro5300 Series User’s Guide
49
3.3.1 Port Redirection
Port Redirection
is
usually set up for server related service inside the local network (LAN),
such as web servers, FTP servers, E-mail servers etc. Most of the case, you need a public IP
address for each server and this public IP address/domain name are recognized by all users.
Since the server is actually located inside the LAN, the network well protected by NAT of
the router, and identified by its private IP address/port, the goal of Port Redirection function
is to forward all access request with public IP address from external users to the mapping
private IP address/port of the server.
The port redirection can only apply to incoming traffic.
To use this function, please go to
NAT
page and choose
Port
Redirection
web page. The
Port Redirection Table
provides 20 port-mapping entries for the internal hosts.
Page 58 / 304
VigorPro5300 Series User’s Guide
50
Press any number under Index to access into next page for configuring port redirection.
Enable
Check this box to enable such port redirection setting.
Mode
Two options (Single and Range) are provided here for you to
choose. To set a range for the specific service, select
Range
. In
Range mode, if the public port (start port and end port) and the
starting IP of private IP had been entered, the system will calculate
and display the ending IP of private IP automatically.
Service Name
Enter the description of the specific network service.
Protocol
Select the transport layer protocol (TCP or UDP).
Public Port
Specify which port can be redirected to the specified
Private IP
and Port
of the internal host. If you choose
Range
as the port
redirection mode, you will see two boxes on this field. Simply type
the required numbers on these two boxes.
Private IP
Specify the private IP address of the internal host providing the
service. If you choose
Range
as the port redirection mode, you will
see two boxes on this field. Simply type the IP address in the first
Page 59 / 304
VigorPro5300 Series User’s Guide
51
box (as the starting point). The second one is assigned
automatically after you type the private port number below.
Private Port
Specify the private port number of the service offered by the
internal host. After you enter the proper number in this box, the
second box of Private IP address will be assigned accordingly.
Active
Check this box to activate the port-mapping entry you have
defined.
Note that the router has its own built-in services (servers) such as Telnet, HTTP and FTP etc.
Since the common port numbers of these services (servers) are all the same, you may need to
reset the router in order to avoid confliction.
For example, the built-in web configurator in the router is with default port 80, which may
conflict with the web server in the local network, http://192.168.1.13:80. Therefore, you need
to
change the router’s http port to
any one other than the default port 80
to avoid
conflict, such as 8080. This can be set in the
System Maintenance >>Management Setup
.
You then will access the admin screen of by suffixing the IP address with 8080, e.g.,
http://192.168.1.1:8080 instead of port 80.
Page 60 / 304
VigorPro5300 Series User’s Guide
52
3.3.2 DMZ Host
As mentioned above,
Port Redirection
can redirect incoming TCP/UDP or other traffic on
particular ports to the specific private IP address/port of host in the LAN. However, other IP
protocols, for example Protocols 50 (ESP) and 51 (AH), do not travel on a fixed port. Vigor
router provides a facility
DMZ Host
that maps ALL unsolicited data on any protocol to a
single host in the LAN. Regular web surfing and other such Internet activities from other
clients will continue to work without inappropriate interruption.
DMZ Host
allows a defined
internal user to be totally exposed to the Internet, which usually helps some special
applications such as Netmeeting or Internet Games etc.
Note:
The inherent security properties of NAT are somewhat bypassed if you set up
DMZ host. We suggest you to add additional filter rules or a secondary firewall.
Click
DMZ Host
to open the following page:
WAN1
This page allows you to configure
Private IP
or
Active True IP
as
DMZ host.
Private IP
If you choose
Private IP
as DMZ host, you can type a private IP in
this box or use Choose PC button to choose the one you want.
MAC Address of the
If you choose
Active True IP
as DMZ host, please type the

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top