Customize Internet Traffic Rules for Ports

116

Orbi

WiFi System

The user name is

admin

. The default password is

password

. The user name and

password are case-sensitive.

The BASIC Home page displays.

4.

Select

ADVANCED > Advanced Setup > Port Forwarding/Port Triggering.

The Port Forwarding/Port Triggering page displays.

5.

Select the

Port Triggering

radio button.

The page adjusts.

6.

Click the

Add Service

button.

7.

In the

Service Name

field, type a descriptive service name.

8.

In the

Service User

menu, select

Any,

or select

Single address

and enter the IP address

of one computer:

•

Any

(the default) allows any computer on the Internet to use this service.

•

Single address

restricts the service to a particular computer.

9.

Select the service type, either

TCP

or

UDP

or

TCP/UDP

(both).

If you are not sure, select

TCP/UDP

.

10.

In the

Triggering Port

field, enter the number of the outbound traffic port that will open the

inbound ports.

11.

Enter the inbound connection port information in the

Connection Type

,

Starting Port

, and

Ending Port

fields.

12.

Click the

Apply

button.

The service is now in the Portmap Table. You must enable port triggering before the

router used port triggering for the service that you added. See

Enable Port Triggering

on

page

116.

Enable Port Triggering



To enable port triggering:

1.

Launch a web browser from a computer or mobile device that is connected to your Orbi

network.

Customize Internet Traffic Rules for Ports

117

Orbi

WiFi System

2.

Enter

orbilogin.com

.

A login window opens.

3.

Enter the router admin user name and password.

The user name is

admin

. The default password is

password

. The user name and

password are case-sensitive.

The BASIC Home page displays.

4.

Select

ADVANCED > Advanced Setup > Port Forwarding/Port Triggering

.

The Port Forwarding/Port Triggering page displays.

5.

Select the

Port Triggering

radio button.

6.

Clear the

Disable Port Triggering

check box.

If this check box is selected, the router does not use port triggering even if you specified

port triggering settings.

7.

In the

Port Triggering Timeout

field, enter a value up to 9999 minutes.

This value controls how long the inbound ports stay open when the router detects no

activity. This value is required because the router cannot detect when the application

terminates.

Application Example: Port Triggering for Internet Relay Chat

Some application servers, such as FTP and IRC servers, send replies to multiple port

numbers. Using port triggering, you can tell the router to open more incoming ports when a

particular outgoing port starts a session.

An example is Internet Relay Chat (IRC). Your computer connects to an IRC server at

destination port 6667. The IRC server not only responds to your originating source port, but

also sends an “identify” message to your computer on port 113. Using port triggering, you can

tell the router, “When you initiate a session with destination port 6667, you must also allow

incoming traffic on port 113 to reach the originating computer.” The following sequence

shows the effects of the port triggering rule you define:

1.

You open an IRC client program to start a chat session on your computer.

Customize Internet Traffic Rules for Ports

118

Orbi

WiFi System

2.

Your IRC client composes a request message to an IRC server using a destination port

number of 6667, the standard port number for an IRC server process. Your computer then

sends this request message to your router.

3.

Your router creates an entry in its internal session table describing this communication

session between your computer and the IRC server. Your router stores the original

information, performs Network Address Translation (NAT) on the source address and port,

and sends this request message through the Internet to the IRC server.

4.

Noting your port triggering rule and observing the destination port number of 6667, your

router creates another session entry to send any incoming port 113 traffic to your computer.

5.

The IRC server sends a return message to your router using the NAT-assigned source port

(for example, port 33333) as the destination port. The IRC server also sends an “identify”

message to your router with destination port 113.

6.

When your router receives the incoming message to destination port 33333, it checks its

session table to see if a session is active for port number 33333. Finding an active session,

the router restores the original address information replaced by NAT and sends this reply

message to your computer.

7.

When your router receives the incoming message to destination port 113, it checks its

session table and finds an active session for port 113 associated with your computer. The

router replaces the message’s destination IP address with your computer’s IP address and

forwards the message to your computer.

8.

When you finish your chat session, your router eventually senses a period of inactivity in the

communications. The router then removes the session information from its session table,

and incoming traffic is no longer accepted on port numbers 33333 or 113.

119

9

9.

Use VPN to Access Your Network

You can use OpenVPN software to remotely access your router using virtual private networking

(VPN). This chapter explains how to set up and use VPN access.

This chapter includes the following sections:

•

Set Up a VPN Connection

•

Install OpenVPN Software

•

Use a VPN Tunnel on Your Windows Computer

•

Use VPN to Access Your Internet Service at Home

Use VPN to Access Your Network

120

Orbi

WiFi System

Set Up a VPN Connection

A virtual private network (VPN) lets you use the Internet to securely access your network

when you aren’t home.

Secure

remote access

Internet

Open VPN

Client

Figure 13. VPN provides a secure tunnel between your home network and a remote computer

This type of VPN access is called a client-to-gateway tunnel. The computer is the client, and

the router is the gateway. To use the VPN feature, you must log in to the router and enable

VPN, and you must install and run VPN client software on the computer.

VPN uses DDNS or a static IP address to connect with your router.

To use a DDNS service, register for an account with a host name (sometimes called a

domain name). You use the host name to access your network. The router supports these

accounts: NETGEAR, No-IP, and Dyn.

If your Internet service provider (ISP) assigned a static WAN IP address (such as 50.196.x.x

or 10.x.x.x) that never changes to your Internet account, the VPN can use that IP address to

connect to your home network.

Specify VPN Service in the Router

You must specify the VPN service settings in the router before you can use a VPN

connection.



To specify the VPN service:

1.

Launch a web browser from a computer or mobile device that is connected to your Orbi

network.

2.

Enter

orbilogin.com

.

A login window opens.

3.

Enter the router admin user name and password.