VigorPro5300 Series User’s Guide

48

and MAC address listed in ARP table can be selected and added

to IP Bind List by clicking

Add

below

.

Add and Edit

IP Address

–

Type the IP address that will be used for the

specified MAC address.

Mac Address

–

Type the MAC address that is used to bind with

the assigned IP address.

Refresh

It is used to refresh the ARP table. When there is one new PC

added to the LAN, you can click this link to obtain the newly

ARP table information.

IP Bind List

It displays a list for the IP bind to MAC information.

Add

It allows you to add the one you choose from the ARP table or

the IP/MAC address typed in

Add and Edit

to the table of

IP

Bind List

.

Edit

It allows you to edit and modify the selected IP address and MAC

address that you create before.

Delete

You can remove any item listed in

IP Bind List

. Simply click

and select the one, and click

Delete

. The selected item will be

removed from the

IP Bind List

.

Note:

Before you select

Strict Bind

, you have to bind one set of IP/MAC address for one

PC. If not, no one of the PCs can access into Internet. And the web configurator of the

router might not be accessed.

3.3 NAT

Usually, the router serves as an NAT (Network Address Translation) router. NAT is a

mechanism that one or more private IP addresses can be mapped into a single public one.

Public IP address is usually assigned by your ISP, for which you may get charged. Private IP

addresses are recognized only among internal hosts.

When the outgoing packets destined to some public server on the Internet reach the NAT

router, the router will change its source address into the public IP address of the router, select

the available public port, and then forward it. At the same time, the router shall list an entry

in a table to memorize this address/port-mapping relationship. When the public server

response, the incoming traffic, of course, is destined to the router’s public IP address and the

router will do the inversion based on its table. Therefore, the internal host can communicate

with external host smoothly.

The benefit of the NAT includes:

z

Save cost on applying public IP address and apply efficient usage of IP address.

NAT allows the internal IP addresses of local hosts to be translated into one public IP

address, thus you can have only one IP address on behalf of the entire internal hosts.

z

Enhance security of the internal network by obscuring the IP address.

There are

many attacks aiming victims based on the IP address. Since the attacker cannot be

aware of any private IP addresses, the NAT function can protect the internal network.

On NAT page, you will see the private IP address defined in RFC-1918. Usually we use

the 192.168.1.0/24 subnet for the router. As stated before, the NAT facility can map one

or more IP addresses and/or service ports into different specified services. In other words,

the NAT function can be achieved by using port mapping methods.

Below shows the menu items for NAT.

VigorPro5300 Series User’s Guide

49

3.3.1 Port Redirection

Port Redirection

is

usually set up for server related service inside the local network (LAN),

such as web servers, FTP servers, E-mail servers etc. Most of the case, you need a public IP

address for each server and this public IP address/domain name are recognized by all users.

Since the server is actually located inside the LAN, the network well protected by NAT of

the router, and identified by its private IP address/port, the goal of Port Redirection function

is to forward all access request with public IP address from external users to the mapping

private IP address/port of the server.

The port redirection can only apply to incoming traffic.

To use this function, please go to

NAT

page and choose

Port

Redirection

web page. The

Port Redirection Table

provides 20 port-mapping entries for the internal hosts.

VigorPro5300 Series User’s Guide

50

Press any number under Index to access into next page for configuring port redirection.

Enable

Check this box to enable such port redirection setting.

Mode

Two options (Single and Range) are provided here for you to

choose. To set a range for the specific service, select

Range

. In

Range mode, if the public port (start port and end port) and the

starting IP of private IP had been entered, the system will calculate

and display the ending IP of private IP automatically.

Service Name

Enter the description of the specific network service.

Protocol

Select the transport layer protocol (TCP or UDP).

Public Port

Specify which port can be redirected to the specified

Private IP

and Port

of the internal host. If you choose

Range

as the port

redirection mode, you will see two boxes on this field. Simply type

the required numbers on these two boxes.

Private IP

Specify the private IP address of the internal host providing the

service. If you choose

Range

as the port redirection mode, you will

see two boxes on this field. Simply type the IP address in the first

VigorPro5300 Series User’s Guide

51

box (as the starting point). The second one is assigned

automatically after you type the private port number below.

Private Port

Specify the private port number of the service offered by the

internal host. After you enter the proper number in this box, the

second box of Private IP address will be assigned accordingly.

Active

Check this box to activate the port-mapping entry you have

defined.

Note that the router has its own built-in services (servers) such as Telnet, HTTP and FTP etc.

Since the common port numbers of these services (servers) are all the same, you may need to

reset the router in order to avoid confliction.

For example, the built-in web configurator in the router is with default port 80, which may

conflict with the web server in the local network, http://192.168.1.13:80. Therefore, you need

to

change the router’s http port to

any one other than the default port 80

to avoid

conflict, such as 8080. This can be set in the

System Maintenance >>Management Setup

.

You then will access the admin screen of by suffixing the IP address with 8080, e.g.,

http://192.168.1.1:8080 instead of port 80.

VigorPro5300 Series User’s Guide

52

3.3.2 DMZ Host

As mentioned above,

Port Redirection

can redirect incoming TCP/UDP or other traffic on

particular ports to the specific private IP address/port of host in the LAN. However, other IP

protocols, for example Protocols 50 (ESP) and 51 (AH), do not travel on a fixed port. Vigor

router provides a facility

DMZ Host

that maps ALL unsolicited data on any protocol to a

single host in the LAN. Regular web surfing and other such Internet activities from other

clients will continue to work without inappropriate interruption.

DMZ Host

allows a defined

internal user to be totally exposed to the Internet, which usually helps some special

applications such as Netmeeting or Internet Games etc.

Note:

The inherent security properties of NAT are somewhat bypassed if you set up

DMZ host. We suggest you to add additional filter rules or a secondary firewall.

Click

DMZ Host

to open the following page:

WAN1

This page allows you to configure

Private IP

or

Active True IP

as

DMZ host.

Private IP

If you choose

Private IP

as DMZ host, you can type a private IP in

this box or use Choose PC button to choose the one you want.

MAC Address of the

If you choose

Active True IP

as DMZ host, please type the