Page 56 / 74 Scroll up to view Page 51 - 55
o
Port And Address Restricted
The NAT does not forward any
incoming connection requests with the same port address as an
already establish connection.
°
Note
: Some of these options can interact with other port restrictions.
Endpoint Independent Filtering takes priority over inbound filters or
schedules, so it is possible for an incoming session request related to an
outgoing session to enter through a port in spite of an active inbound filter on
that port. However, packets will be rejected as expected when sent to blocked
ports (whether blocked by schedule or by inbound filter) for which there are
no active sessions. Port and Address Restricted Filtering ensures that inbound
filters and schedules work precisely, but prevents some level of connectivity,
and therefore might require the use of port triggers, virtual servers, or port
forwarding to open the ports needed by the application. Address Restricted
Filtering gives a compromise position, which avoids problems when
communicating with certain other types of NAT router (symmetric NATs in
particular) but leaves inbound filters and scheduled access working as
expected.
°
Enable Port Preservation
:
Place a check in this box to enable Port
Preservation. NAT Port preservation (on by default) tries to ensure that, when
a LAN host makes an Internet connection, the same LAN port is also used as
the Internet visible port. This ensures best compatibility for internet
communications. Under some circumstances it may be desirable to turn off
this feature.
°
Enable anti-spoof checking
:
Place a check in this box to enable anti-spoof
checking. Enabling this option can provide protection from certain kinds of
"spoofing" attacks. However, enable this option with care. With some
modems, the WAN connection may be lost when this option is enabled. In
that case, it may be necessary to change the LAN subnet to something other
than 192.168.0.x (192.168.2.x, for example), to re-establish the WAN
connection.
°
Enable DMZ Host
: Place check in this box to enable DMZ host. DMZ host is a
demilitarized zone used to provide Internet services without sacrificing
unauthorized access to its local private network.
Typically, the DMZ host
contains devices accessible to Internet traffic, such as web, FTP, email and
DNS servers.
°
DMZ IP Address
: Specify the IP address of the DMZ host.
°
Non-UDP/TCP/ICMP LAN Sessions
: Place a check in this box to enable
this feature. When a LAN application that uses a protocol other than UDP, TCP,
Page 57 / 74
or ICMP initiates a session to the Internet, the router's NAT can track such a
session, even though it does not recognize the protocol. This feature is useful
because it enables certain applications (most importantly a single VPN
connection to a remote host) without the need for an ALG.
°
Note
: This feature does not apply to the DMZ host (if one is enabled). The
DMZ host always handles these kinds of sessions.
°
Enabling this option (the default setting) enables single VPN connections to a
remote host. (But, for multiple VPN connections, the appropriate VPN ALG
must be used.) Disabling this option, however, only disables VPN if the
appropriate VPN ALG is also disabled.
°
Application Layer Gateway (ALG)
Configuration: Place a check in
appropriate feature boxes to enable them. . Some protocols and applications
require special handling of the IP payload to make them work with network
address translation (NAT). Each ALG provides special handling for a specific
protocol or application. A number of ALGs for common applications are
enabled by default.
o
PPTP
: Allows multiple machines on the LAN to connect to their
corporate networks using PPTP protocol. When the PPTP ALG is
enabled, LAN computers can establish PPTP VPN connections either
with the same or with different VPN servers. When the PPTP ALG is
disabled, the router allows VPN operation in a restricted way -- LAN
computers are typically able to establish VPN tunnels to different VPN
Internet servers but not to the same server. The advantage of
disabling the PPTP ALG is to increase VPN performance. Enabling the
PPTP ALG also allows incoming VPN connections to a LAN side VPN
server (refer to
Advanced > Virtual_Server
).
o
IPSec
: (VPN) Allows multiple VPN clients to connect to their corporate
networks using IPSec. Some VPN clients support traversal of IPSec
through NAT. This option may interfere with the operation of such VPN
clients. If you are having trouble connecting with your corporate
network, try disabling this option. Check with the system administrator
Page 58 / 74
of your corporate network whether your VPN client supports NAT
traversal.
o
RTSP
: Allows applications that use Real Time Streaming Protocol to
receive streaming media from the internet. QuickTime and Real Player
are some of the common applications using this protocol.
o
Windows/MSN Messenger
: Supports use on LAN computers of
Microsoft Windows Messenger (the Internet messaging client that ships
with Microsoft Windows) and MSN Messenger. The SIP ALG must also
be enabled when the Windows Messenger ALG is enabled.
o
FTP
: Allows FTP clients and servers to transfer data across NAT.
o
H.323
(Netmeeting)
:
Allows
H.323
(specifically
Microsoft
Netmeeting) clients to communicate across NAT server.
o
SIP
: Allows devices and applications using VoIP (Voice over IP) to
communicate across NAT. Some VoIP applications and devices have the
ability to discover NAT devices and work around them. This ALG may
interfere with the operation of such devices. If you are having trouble
making VoIP calls, try turning this ALG off.
o
Wake-On-LAN
: This feature enables forwarding of "magic packets"
(that is, specially formatted wake-up packets) from the WAN to a LAN
computer or other device that is "Wake on LAN" (WOL) capable.
o
MMS
: Allows Windows Media Player, using MMS protocol, to receive
streaming media from the internet.
Click on the
Apply
button to store these settings.
Page 59 / 74
WISH
WISH is short for Wireless Intelligent Stream Handling, a technology developed
to enhance your experience of using a wireless network by prioritizing the traffic
of different applications.
°
Enable WISH
: Place a check in this box to enable the WISH feature.
°
HTTP
:
Place a check in this box to add HTTP as a classifier. This allows the
device to recognize HTTP transfers for many common audio and video
streams and prioritize them above other traffic. Such streams are frequently
used by digital media players.
°
Windows Media Center
: Place a check in this box to add HTTP as a
classifier. This enables the router to recognize certain audio and video
streams generated by a Windows Media Center PC and to prioritize these
above other traffic. Such streams are used by systems known as Windows
Media Extenders, such as the Xbox 360.
°
Automatic
: Place a check in this box for the device to automatically
configure the classifiers. When enabled, this option causes the router to
automatically attempt to prioritize traffic streams that it doesn't otherwise
recognize, based on the behavior that the streams exhibit. This acts to
deprioritize streams that exhibit bulk transfer characteristics, such as file
transfers, while leaving interactive traffic, such as gaming or VoIP, running at
a normal priority.
Page 60 / 74
°
Enable
: Place a check in this box to enable the WISH rule. A WISH Rule
identifies a specific message flow and assigns a priority to that flow. For most
applications, the priority classifiers ensure the right priorities and specific
WISH Rules are not required. WISH supports overlaps between rules. If more
than one rule matches for a specific message flow, the rule with the highest
priority will be used.
°
Name
: Assign a meaningful name to the WISH rule.
°
Priority
: Select a priority from the drop-down list. The four priority message
flows are:
o
BK: Background (least urgent).
o
BE: Best Effort.
o
VI: Video.
o
VO: Voice (most urgent).
°
Protocol
: Select a protocol from the drop-down list.
°
Host 1 IP Range
: Specify the IP range for the rule.
°
Host 1 Port Range
: Specify the port range for the rule.
°
Host 2 IP Range
: Specify the IP range for the rule.
°
Host 2 Port Range
: Specify the port range for the rule.
Click on the
Apply
button to insert the entry into the WISH rules list.

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top