76

Configuring Advanced Settings

Setting up the NAT function

The Gigaset SX763 WLAN dsl comes equipped with the NAT (Network Address Transla-

tion) function. With address mapping, several users in the local network can access the

Internet via one or more public IP addresses. All the local IP addresses are assigned to

the router's public IP address by default.

One of the characteristics of NAT is that data from the Internet is not allowed into the

local network unless it has been explicitly requested by one of the PCs in the network.

Most Internet applications can run behind the NAT firewall without any problems. For

example, if you request Internet pages or send and receive e-mails, the request for data

from the Internet comes from a PC in the local network, and so the router allows the

data through. The router opens precisely

one

port for the application. A port in this con-

text is an internal PC address, via which the data is exchanged between the Internet and

a client on a PC in the local network. Communicating via a port is subject to the rules of

a particular protocol (TCP or UDP).

If an external application tries to send a call to a PC in the local network, the router will

block it. There is no open port via which the data could enter the local network.

Some applications, such as games on the Internet, require several links, i.e. several ports

so that the players can communicate with each other. In addition, these applications

must also be permitted to send requests from other users on the Internet to users in the

local network. These applications cannot be run if Network Address Translation (NAT)

has been activated.

Using port forwarding (the forwarding of requests to particular ports) the router is

forced to send requests from the Internet for a certain service, for example a game, to

the appropriate port(s) on the PC on which the game is running.

Port triggering is a special variant of port forwarding. Unlike port forwarding, the

Gigaset SX763 WLAN dsl forwards the data from the port block to the PC which has pre-

viously sent data to the Internet via a certain port (trigger port). This means that

approval for the data transfer is not tied to one specific PC in the network, rather to the

port numbers of the required Internet service.

Where configuration is concerned, this means:

u

You have to define a so-called trigger port for the application and also the protocol

(TCP or UDP) that this port uses. You then assign the public ports that are to be

opened for the application to this trigger port.

u

The router checks all outgoing data for the port number and protocol. If it identifies

a match of port and protocol for a defined trigger port, then it will open the assigned

public ports and notes the IP address of the PC that sent the data. If data comes back

from the Internet via one of these public ports, the router allows it through and

directs it to the appropriate PC. A trigger event always comes from a PC within the

local network. If a trigger port is addressed from outside, the router simply ignores it.

77

Configuring Advanced Settings

When the Gigaset SX763 WLAN dsl is supplied, the

NAT

function (Network Address

Translation) is activated, i.e. all IP addresses of PCs in the local network are converted to

the router's public IP address when accessing the Internet.

You can use the NAT settings to configure the Gigaset SX763 WLAN dsl to carry out the

following tasks:

u

Set up port triggering for special applications (page 78),

u

Set up the Gigaset SX763 WLAN dsl as a virtual server by configuring Port Forward-

ing (page 79),

u

Open the firewall for a selected PC (page 80).

By default the NAT function is activated. You should only deactivate the NAT function if

you want to configure you own firewall in you local network.

ì

In the

Advanced Settings

menu, select:

Internet

–

Address Translation (NAT)

ì

Select the required option.

Note:

u

An application that is configured for port triggering can only be run by one user in

the local network at a time.

u

As long as the public ports are open, they can be used by unauthorised persons to

gain access to a PC in the local network.

Note:

For the functions described below, the IP addresses of the PCs must remain

unchanged. If the IP addresses of the PCs are assigned via the DHCP server of the

Gigaset SX763 WLAN dsl, you must select

Never expires

(page 85) as the setting in

the

Local Network

menu entry for the

Lease time

or assign static IP addresses for the

PCs.

78

Configuring Advanced Settings

Port Triggering

If you configure port triggering for a certain application, you must identify a trigger port

and the protocol (TCP or UDP) this port uses. You can then assign the public ports that

must be opened for the application and this trigger port.

You can select known Internet services for this purpose or assign ports or blocks of ports

manually.

ì

In the

Advanced Settings

menu, select:

Internet

–

Address Translation (NAT)

–

Port Triggering

ì

Select the required application from the

Predefined applications

list.

ì

Click the

Add

button. The data for the required service is entered on the screen.

ì

Select the checkbox in the

Enabled

column.

If the application you require is not in the list, you must enter the relevant data on the

screen manually:

ì

Local protocol

: Select the protocol that is to be monitored for outgoing traffic.

ì

Local port

: Enter the port that is to be monitored for outgoing traffic.

ì

Public protocol

: Select the protocol that is to be allowed for incoming data traffic.

ì

Public port

: Enter the port that is to be opened for incoming traffic.

You can enter a single port number, several individual port numbers separated by

commas, port blocks consisting of two port numbers separated by a dash, or any

combination of these, for example

80,90-140,180

.

ì

Comment

: Enter a description to help you identify different entries.

ì

Select the checkbox in the

Enabled

column.

79

Configuring Advanced Settings

ì

Click the

Delete

button to delete an entry. Click the

Add

button to add a new entry.

ì

Apply the settings by clicking

OK

.

Port Forwarding

If you configure Port Forwarding, the Gigaset SX763 WLAN dsl outwardly assumes the

role of the server. It receives requests from remote users under its public IP address and

automatically redirects them to local PCs. The private IP addresses of the servers on the

local network remain protected.

Internet services are addressed via defined port numbers. The Gigaset SX763 WLAN dsl

needs a mapping table of the port numbers to redirect the service requests to the serv-

ers that actually provide the service.

Port Forwarding has been configured for this purpose.

ì

In the

Advanced Settings

menu, select:

Internet

–

Address Translation (NAT)

–

Port Forwarding

ì

Select the required application from the

Predefined applications

list.

ì

Activate

Enabled

by ticking the check box.

ì

Click the

Add

button. The data for the required service is entered on the screen.

ì

Click the

Delete

button to delete an entry.

If the application you require is not in the list, you must manually enter the relevant data

on the screen:

ì

Select the protocol for the service you are providing from the

Protocol

list.

ì

Under

Public port

, enter the port number(s) of the service you are providing.

80

Configuring Advanced Settings

You can use

–

a single port number,

–

several port numbers separated by commas,

–

port blocks consisting of two port numbers separated by a dash, or

–

any combination of these (for example

80,90-140,180

).

ì

In the

Local port

field, enter the internal port number to which service requests are

to be forwarded.

You can only specify one port number here.

ì

Enter the IP address of the PC that provides the service in the

Local IP address

field.

Example: The Web server has been configured to react to requests on port 8080.

However, the requests from web sites enter the Web server via port 80 (standard

value). If you add the PC to the forwarding table and define port 80 as the public

port and port 8080 as an internal port, all requests from the Internet are diverted to

the service with the port number 80 on the Web server of the PC you have defined

with port 8080.

ì

Comment

: Enter a description that makes it easy to identify different entries.

ì

Activate

Enabled

by ticking the check box.

ì

Click the

Add

button to add a new entry.

ì

Click the

Delete

button to delete an entry.

ì

Click

OK

to apply the settings.

Opening the firewall for a selected PC (Exposed Host)

You can set up a client in your local network to be a so-called "exposed host" (DMZ). Your

device will then forward all incoming data traffic from the Internet to this client. You can

then, for example, operate your own Web server on one of the clients in your local net-

work and make it accessible to Internet users.

As the exposed host, the local client is directly visible to the Internet and therefore par-

ticularly vulnerable to attacks (e.g. hacker attacks). Only activate this function if it is

absolutely necessary (e.g. to operate a Web server) and other functions (e.g. port for-

warding) are not adequate. In this case you should take appropriate measures for the

clients concerned.

Note:

Only one PC per public IP address can be set up as an Exposed Host (see also Port For-

warding on page 79).