Page 76 / 196 Scroll up to view Page 71 - 75
76
Configuring Advanced Settings
Setting up the NAT function
The Gigaset SX763 WLAN dsl comes equipped with the NAT (Network Address Transla-
tion) function. With address mapping, several users in the local network can access the
Internet via one or more public IP addresses. All the local IP addresses are assigned to
the router's public IP address by default.
One of the characteristics of NAT is that data from the Internet is not allowed into the
local network unless it has been explicitly requested by one of the PCs in the network.
Most Internet applications can run behind the NAT firewall without any problems. For
example, if you request Internet pages or send and receive e-mails, the request for data
from the Internet comes from a PC in the local network, and so the router allows the
data through. The router opens precisely
one
port for the application. A port in this con-
text is an internal PC address, via which the data is exchanged between the Internet and
a client on a PC in the local network. Communicating via a port is subject to the rules of
a particular protocol (TCP or UDP).
If an external application tries to send a call to a PC in the local network, the router will
block it. There is no open port via which the data could enter the local network.
Some applications, such as games on the Internet, require several links, i.e. several ports
so that the players can communicate with each other. In addition, these applications
must also be permitted to send requests from other users on the Internet to users in the
local network. These applications cannot be run if Network Address Translation (NAT)
has been activated.
Using port forwarding (the forwarding of requests to particular ports) the router is
forced to send requests from the Internet for a certain service, for example a game, to
the appropriate port(s) on the PC on which the game is running.
Port triggering is a special variant of port forwarding. Unlike port forwarding, the
Gigaset SX763 WLAN dsl forwards the data from the port block to the PC which has pre-
viously sent data to the Internet via a certain port (trigger port). This means that
approval for the data transfer is not tied to one specific PC in the network, rather to the
port numbers of the required Internet service.
Where configuration is concerned, this means:
u
You have to define a so-called trigger port for the application and also the protocol
(TCP or UDP) that this port uses. You then assign the public ports that are to be
opened for the application to this trigger port.
u
The router checks all outgoing data for the port number and protocol. If it identifies
a match of port and protocol for a defined trigger port, then it will open the assigned
public ports and notes the IP address of the PC that sent the data. If data comes back
from the Internet via one of these public ports, the router allows it through and
directs it to the appropriate PC. A trigger event always comes from a PC within the
local network. If a trigger port is addressed from outside, the router simply ignores it.
Page 77 / 196
77
Configuring Advanced Settings
When the Gigaset SX763 WLAN dsl is supplied, the
NAT
function (Network Address
Translation) is activated, i.e. all IP addresses of PCs in the local network are converted to
the router's public IP address when accessing the Internet.
You can use the NAT settings to configure the Gigaset SX763 WLAN dsl to carry out the
following tasks:
u
Set up port triggering for special applications (page 78),
u
Set up the Gigaset SX763 WLAN dsl as a virtual server by configuring Port Forward-
ing (page 79),
u
Open the firewall for a selected PC (page 80).
By default the NAT function is activated. You should only deactivate the NAT function if
you want to configure you own firewall in you local network.
ì
In the
Advanced Settings
menu, select:
Internet
Address Translation (NAT)
ì
Select the required option.
Note:
u
An application that is configured for port triggering can only be run by one user in
the local network at a time.
u
As long as the public ports are open, they can be used by unauthorised persons to
gain access to a PC in the local network.
Note:
For the functions described below, the IP addresses of the PCs must remain
unchanged. If the IP addresses of the PCs are assigned via the DHCP server of the
Gigaset SX763 WLAN dsl, you must select
Never expires
(page 85) as the setting in
the
Local Network
menu entry for the
Lease time
or assign static IP addresses for the
PCs.
Page 78 / 196
78
Configuring Advanced Settings
Port Triggering
If you configure port triggering for a certain application, you must identify a trigger port
and the protocol (TCP or UDP) this port uses. You can then assign the public ports that
must be opened for the application and this trigger port.
You can select known Internet services for this purpose or assign ports or blocks of ports
manually.
ì
In the
Advanced Settings
menu, select:
Internet
Address Translation (NAT)
Port Triggering
ì
Select the required application from the
Predefined applications
list.
ì
Click the
Add
button. The data for the required service is entered on the screen.
ì
Select the checkbox in the
Enabled
column.
If the application you require is not in the list, you must enter the relevant data on the
screen manually:
ì
Local protocol
: Select the protocol that is to be monitored for outgoing traffic.
ì
Local port
: Enter the port that is to be monitored for outgoing traffic.
ì
Public protocol
: Select the protocol that is to be allowed for incoming data traffic.
ì
Public port
: Enter the port that is to be opened for incoming traffic.
You can enter a single port number, several individual port numbers separated by
commas, port blocks consisting of two port numbers separated by a dash, or any
combination of these, for example
80,90-140,180
.
ì
Comment
: Enter a description to help you identify different entries.
ì
Select the checkbox in the
Enabled
column.
Page 79 / 196
79
Configuring Advanced Settings
ì
Click the
Delete
button to delete an entry. Click the
Add
button to add a new entry.
ì
Apply the settings by clicking
OK
.
Port Forwarding
If you configure Port Forwarding, the Gigaset SX763 WLAN dsl outwardly assumes the
role of the server. It receives requests from remote users under its public IP address and
automatically redirects them to local PCs. The private IP addresses of the servers on the
local network remain protected.
Internet services are addressed via defined port numbers. The Gigaset SX763 WLAN dsl
needs a mapping table of the port numbers to redirect the service requests to the serv-
ers that actually provide the service.
Port Forwarding has been configured for this purpose.
ì
In the
Advanced Settings
menu, select:
Internet
Address Translation (NAT)
Port Forwarding
ì
Select the required application from the
Predefined applications
list.
ì
Activate
Enabled
by ticking the check box.
ì
Click the
Add
button. The data for the required service is entered on the screen.
ì
Click the
Delete
button to delete an entry.
If the application you require is not in the list, you must manually enter the relevant data
on the screen:
ì
Select the protocol for the service you are providing from the
Protocol
list.
ì
Under
Public port
, enter the port number(s) of the service you are providing.
Page 80 / 196
80
Configuring Advanced Settings
You can use
a single port number,
several port numbers separated by commas,
port blocks consisting of two port numbers separated by a dash, or
any combination of these (for example
80,90-140,180
).
ì
In the
Local port
field, enter the internal port number to which service requests are
to be forwarded.
You can only specify one port number here.
ì
Enter the IP address of the PC that provides the service in the
Local IP address
field.
Example: The Web server has been configured to react to requests on port 8080.
However, the requests from web sites enter the Web server via port 80 (standard
value). If you add the PC to the forwarding table and define port 80 as the public
port and port 8080 as an internal port, all requests from the Internet are diverted to
the service with the port number 80 on the Web server of the PC you have defined
with port 8080.
ì
Comment
: Enter a description that makes it easy to identify different entries.
ì
Activate
Enabled
by ticking the check box.
ì
Click the
Add
button to add a new entry.
ì
Click the
Delete
button to delete an entry.
ì
Click
OK
to apply the settings.
Opening the firewall for a selected PC (Exposed Host)
You can set up a client in your local network to be a so-called "exposed host" (DMZ). Your
device will then forward all incoming data traffic from the Internet to this client. You can
then, for example, operate your own Web server on one of the clients in your local net-
work and make it accessible to Internet users.
As the exposed host, the local client is directly visible to the Internet and therefore par-
ticularly vulnerable to attacks (e.g. hacker attacks). Only activate this function if it is
absolutely necessary (e.g. to operate a Web server) and other functions (e.g. port for-
warding) are not adequate. In this case you should take appropriate measures for the
clients concerned.
Note:
Only one PC per public IP address can be set up as an Exposed Host (see also Port For-
warding on page 79).

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top