61

Configuring the Advanced Settings

Setting up the NAT function

Your Gigaset SE551 WLAN dsl/cable comes provided with the NAT (Network Address

Translation) function. With Address Mapping, several users on your local network can

access the Internet via one or more public IP addresses. In the default setting, all the

local IP address are mapped to your router's public IP address.

One feature of NAT is that data from the Internet is not allowed into your local network

unless it has been explicitly requested by one of the PCs on that network. Most Internet

applications run behind the NAT firewall without any problems. If you request Internet

pages, for example, or send and receive e-mails, the request for data from the Internet

comes from a PC on the local network and so the router allows the data through. The

router opens exactly

one

port for the application. A port is an internal PC address

through which the data is exchanged between a server on the Internet and a client on

a PC in the local network. Communicating via a port follows the rules of a particular pro-

tocol (TCP or UDP).

If an external application tries to send a call to a PC within the local network, the router

will block it. There is no open port via which the data could enter the local network.

Some applications, such as games on the Internet, require several links, i.e. several ports

so that the players can communicate with each other. In addition, these applications

must also be permitted to send requests from other users on the Internet to the user on

the local network. These applications cannot work if Network Address Translation (NAT)

has been activated.

Using port forwarding (the forwarding of requests to particular ports) you make the

router forward requests from the Internet for a certain service, e.g a game, to the appro-

priate port or ports on the PC on which the game is running.

Port triggering is a specific variant of port forwarding. Unlike port forwarding, in this

case the Gigaset SE551 WLAN dsl/cable forwards data from the set port block to the PC

which has previously sent data to the Internet via a certain port (trigger port). This

means that approval for the data transfer is not tied to one specific PC in your network,

but only to the port numbers of the required Internet service.

Where configuration is concerned, this means:

u

You have to define a so-called trigger port for the application and also the protocol

(TCP or UDP) that this port uses. Then you assign to this trigger port the public ports

that have to be opened for the application.

u

The router checks all outgoing data for the port number and protocol. If it recognises

a match of port and protocol to a defined trigger port, then it will open the assigned

public ports and notes the IP address of the PC that sent the data. If data comes back

from the Internet via one of these public ports, it allows the data through and directs

it to the right PC. A trigger event always comes from a PC within the local network.

If a trigger port is addressed from outside, it is simply ignored by the router.

62

Configuring the Advanced Settings

When the Gigaset SE551 WLAN dsl/cable is supplied, the

NAT

function (Network Address

Translation) is activated, i.e. all IP addresses of PCs in the local network are converted to

the router's public IP address when accessing the Internet.

You can use the NAT settings for the Gigaset SE551 WLAN dsl/cable to

u

set up port triggering for special applications (see page 63),

u

set up the Gigaset SE551 WLAN dsl/cable as a virtual server by configuring Port For-

warding (see page 64),

u

open the firewall for selected PCs (see page 65).

You can activate or deactivate the NAT function (default setting: NAT function is acti-

vated).

ì

In the

Advanced Settings

–

Internet

menu, select

Address Translation (NAT)

and

select the required option.

Please remember:

u

An application that is configured for port triggering can only be run by one user in

the local network at a time.

u

As long as the public ports are open, they can be used by unauthorised persons to

gain access to a PC in the local network.

Please remember:

For the functions described below you must make sure that the IP addresses of the

PCs do not change. If the IP addresses of the PCs are assigned via the DHCP server

of the Gigaset SE551 WLAN dsl/cable, you must select the option

Never expires

(see page 70) for the settings on the

Local Network

screen for

Lease time

or assign

static IP addresses for the PCs.

63

Configuring the Advanced Settings

Port Triggering

If you configure Port Triggering for a certain application, determine a so-called trigger

port and the protocol (TCP or UDP) this port uses. Then you assign to this trigger port

the public ports that have to be opened for the application.

You can select known Internet services for this or assign ports or blocks of ports manu-

ally.

ì

To set up port triggering for a service, in the

Address Translation (NAT)

menu,

select

Port Triggering

.

ì

Select the required application from the

Predefined applications

list.

ì

Click the

Add

button. The data for the required service is entered on the screen.

ì

Select the option in the

Enabled

column.

If the application you require is not in the list, then you must enter the relevant data on

the screen manually:

ì

Local protocol

: Select the protocol that is to be monitored for outgoing traffic.

ì

Local port

: Enter the port that is to be monitored for outgoing traffic.

ì

Public protocol

: Select the protocol that is to be allowed for incoming data traffic.

ì

Public port

: Enter the port that is to be opened for incoming traffic.

ì

Comment

: Enter a description to help you identify different entries.

Note:

You can enter a single port number, several individual port numbers separated by

commas, port blocks consisting of two port numbers separated by a dash, or any

combination of these, e.g.

80,90-140,180

).

64

Configuring the Advanced Settings

ì

Select the option in the

Enabled

column.

ì

Click on the

Delete

button to delete an entry. Click on the

Add

button to add a new

entry.

ì

Apply the settings by clicking

OK

.

Port Forwarding

If you configure Port Forwarding, the Gigaset SE551 WLAN dsl/cable outwardly assumes

the role of the servers. It receives requests from remote users under its public IP address

and automatically redirects them to local PCs. The private IP addresses of the servers on

the local network remain protected.

Internet services are addressed via defined port numbers. The Gigaset SE551 WLAN dsl/

cable needs a mapping table of the port numbers to redirect the service requests to the

server that actually provides the service. For this, Port Forwarding has to be configured.

ì

To set up port forwarding for a service, select

Port Forwarding

in the

Address Translation (NAT)

menu.

ì

Select the required application from the

Predefined applications

list.

ì

Click the

Add

button. The data for the required service is entered on the screen.

ì

Select the option in the

Enabled

column.

If the application you require is not in the list, then you must enter the relevant data on

the screen manually:

ì

Select the protocol of the service you are providing from the

Protocol

list.

ì

Under

Public port,

enter the port number of the service you are providing.

ì

In the

Local port

field, enter the internal port number to which service requests are

to be forwarded.

65

Configuring the Advanced Settings

ì

In the

Local IP address

field, enter the IP address of the PC which provides the serv-

ice.

Example: the Web server has been configured to react to requests on port 8080.

However, the requests from websites enter by port 80 (standard value). If you add

the PC to the forwarding table and define port 80 as the public port and Port 8080

as an internal port, all requests from the Internet are diverted to the service with the

port number 80 on the Web server of the PC you have defined with port 8080.

ì

Click on

Add

.

ì

Click on

Delete

if you wish to delete the data in the relevant line again.

ì

Select the option in the

Enabled

column.

ì

Click

OK

to apply the settings.

Opening the firewall for selected PCs (Exposed Host)

You can set up a client in your local network to be an exposed host. Your device will

them forward all incoming data traffic from the Internet to this client. You can then, for

example, operate your own Web server on one of the clients in your local network and

make it accessible to Internet users.

As the exposed host your local client is directly visible to the Internet and therefore par-

ticularly exposed to risk (e.g. from hacker attacks). You should only activate this func-

tion if it is absolutely necessary (e.g. to operate a Web server) and other functions

(e.g. port forwarding) are not adequate. In this case you should take appropriate meas-

ures on the clients concerned.

ì

To set up a PC as Exposed Host, select

Exposed Host

in the

Address Translation

(NAT)

menu.

Note:

You can enter a single port number, several individual port numbers separated by

commas, port blocks consisting of two port numbers separated by a dash, or any

combination of these, e.g.

80,90-140,180

).

Please remember:

Only one PC per public IP address can be set up as Exposed Host (see also the section

"Port Forwarding" on page 64.