Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624

Advanced Configuration

7-3

M-10153-01

3.

Select the Internet service you want to use from the Service Name list. If the service does not

appear in the list, refer to the section

“Adding a Port Forwarding Custom Service” on

page 7-3

.

4.

Type the IP address of the computer in the Server IP Address box.

5.

Click the Add button.

Note:

You may have a single computer or server available for more than one type of service. To

do that, select another service, and type the same IP address for that computer or server.

For Internet Games or Applications

Although the router causes your entire local network to appear as a single machine to the Internet,

you can make a local server (for example, a Web server or game server) visible and available to

the Internet.

.

Use the Port Forwarding menu to configure the router to forward incoming protocols to computers

on your local network. In addition to servers for specific applications, you can also specify a

default DMZ server to which all other incoming protocols are forwarded. The DMZ server must be

connected to LAN port 4 on the WGU624. The DMZ port feature can be enabled in the WAN

Setup menu. See

“Configuring WAN Setup Options” on page 7-6

for more information.

Before starting, you need to determine which type of service, application or game you will provide

and the IP address of the computer that will provide each service. Be sure the computer’s IP

address never changes. To configure port forwarding to a local server:

1.

From the Service Name box, select the service or game that you will host on your network.

2.

Enter the IP address of the local server in the corresponding Server IP Address box.

3.

Click the Add button.

Adding a Port Forwarding Custom Service

To define a service, game or application that does not appear in the Service Name list, you must

determine which port numbers are used by the service. For this information, you may need to

contact the manufacturer of the program that you want to use. When you have the port number

information, follow these steps:

Note:

If you are unfamiliar with networking and routing, refer to

Appendix B,

“Network, Routing, Firewall, and Basics”

, to become more familiar with the terms and

procedures used in this manual.

Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624

7-4

Advanced Configuration

M-10153-01

1.

Click the Add Custom Service button.

2.

Enter the first port number in an unused Starting Port box.

3.

To forward only one port, enter it again in the Ending Port box. To specify a range of ports,

enter the last port to be forwarded in the End Port box.

4.

Enter the IP address of the local server in the corresponding Server IP Address box.

5.

Type a name for the service.

6.

Click Apply at the bottom of the menu.

Adding Additional Computers

To set up an additional computer to play, for example Hexen II or KALI:

1.

Click the Add Custom Service button.

2.

Type the service name in the Service Name box.

3.

Type the beginning port number in the Starting Port box.

For these games, use the supplied number in the default listing and add +1 for each additional

computer. For example, if you have already configured one computer to play Hexen II using

port 26900, the second computer's port number would be 26901, the third computer's port

number would be 26902.

4.

Type the same port number in the Ending Port box.

5.

Type the IP address of the computer in the Server IP Address box.

6.

Click the Add button.

Local Web and FTP Server Example

If a local PC with a private IP address of 192.168.1.33 acts as a Web and FTP server, configure the

Port Forwarding menu to forward HTTP (port 80) and FTP (port 21) to local address 192.168.1.33.

In order for a remote user to access this server from the Internet, the remote user must know the IP

address that has been assigned by your ISP. If this address is 172.16.1.23, for example, an Internet

user can access your Web server by directing the browser to http://172.16.1.23. The assigned IP

address can be found in the Maintenance Status Menu, where it is shown as the WAN IP Address.

Some considerations for this application are:

•

If your account’s IP address is assigned dynamically by your ISP, the IP address may change

periodically as the DHCP lease expires.

Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624

Advanced Configuration

7-5

M-10153-01

•

If the IP address of the local PC is assigned by DHCP, it may change when the PC is rebooted.

To avoid this, you can manually configure the PC to use a fixed address.

•

Local PCs must access the local server using the PCs’ local LAN address (192.168.1.33 in this

example). Attempts by local PCs to access the server using the external IP address

(172.16.1.23 in this example) will fail.

Some online games and videoconferencing applications are incompatible with NAT. The

WGU624 wireless router is programmed to recognize some of these applications and to work

properly with them, but there are other applications that may not function well. In some cases, one

local PC can run the application properly if that PC’s IP address is entered as the default in the Port

Forwarding Menu. If one local PC acts as a game or videoconferencing host, enter its IP address as

the default.

Configuring Port Triggering

To define a game or application for Port Triggering, you must determine what port numbers are

used by the service. For this information, you may need to contact the manufacturer of the program

that you wish to use. When you have the port number information, follow these steps:

1.

From the main menu of the browser interface, under the Advanced section, select Port

Forwarding/Port Triggering.

2.

Select Port Triggering to display the Port Triggering screen, as shown below.

Figure 7-2:

Port Triggering menu

Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624

7-6

Advanced Configuration

M-10153-01

3.

Click the Add button.

4.

Type a name for the service.

5.

Enter unused port numbers for the Outgoing Start Port and End Port. To trigger only one port,

enter it again in the Outgoing End Port box. To specify a range of ports, enter the last port to

be triggered in the End Port box.

6.

Enter unused port numbers for the Incoming Start Port and End Port. To trigger only one port,

enter it again in the Incoming End Port box. To specify a range of ports, enter the last port to

be forwarded in the End Port box.

7.

Enter the IP address of the local server or computer in the corresponding Server IP Address

box.

8.

Click Add.

9.

Select the Turn on Port Triggering check box.

10.

Specify the Port Triggering Timeout value.

11.

Click Apply at the bottom of the menu to save your new configuration.

Configuring WAN Setup Options

The WAN Setup options let you enable the DMZ port, change the MTU size and enable the

wireless router to respond to a Ping on the WAN port. These options are discussed below.

Figure 7-3:

WAN Setup menu.

Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624

Advanced Configuration

7-7

M-10153-01

Enable DMZ Port:

LAN port 4 on the WGU624 is reserved to be used as the DMZ port. You can

also use this port as a regular LAN port when this feature is not enabled. The DMZ port feature is

helpful when using some online games and videoconferencing applications that are incompatible

with NAT. The router is programmed to recognize some of these applications and to work

properly with them, but there are other applications that may not function well. In some cases, one

local PC can run the application properly if that PC is connected directly to LAN port 4 as the

default DMZ server.

Incoming traffic from the Internet is normally discarded by the router unless the traffic is a

response to one of your local computers or a service that you have configured in the Ports menu.

Instead of discarding this traffic, you can have it forwarded to one computer on your network. This

computer is called the default DMZ server.

To forward traffic to the DMZ server:

1.

From the Main Menu of the browser interface, under Advanced, click Port Forwarding/Port

Triggering.

2.

Select Port Forwarding to display the Port Forwarding menu.

3.

Select the Internet service you want to forward from the Service Name list. If the service does

not appear in the list, refer to the section

“Adding a Port Forwarding Custom Service” on

page 7-3

.

4.

Enter the IP address of the DMZ server in the corresponding Server IP Address box.

5.

Click Apply at the bottom of the menu.

Respond to Ping on Internet Port:

If you want the router to respond to a 'ping' from the Internet,

select the Respond to Ping on Internet Port check box. This should only be used as a diagnostic

tool, since it allows your router to be discovered. Don't check this box unless you have a specific

reason to do so.

Disable SPI:

Normally, this option should be Enabled, so that your local network will be protected

by the Stateful Packet Inspection (SPI) firewall included in the WGU624. However, certain

communications functions like VPN may require turning off the SPI feature.

Note:

DMZ servers pose a security risk. A computer designated as the default DMZ

server loses much of the protection of the firewall, and is exposed to exploits from the

Internet. However, the WGU624 provides a hardware DMZ port, which is much more

secure than a software solution. When enabled, the DMZ port is in a separate LAN sector

from the other LAN ports, including the Wireless LAN.