o
Port And Address Restricted
The NAT does not forward any
incoming connection requests with the same port address as an
already establish connection.
°
Note
: Some of these options can interact with other port restrictions.
Endpoint Independent Filtering takes priority over inbound filters or
schedules, so it is possible for an incoming session request related to an
outgoing session to enter through a port in spite of an active inbound filter on
that port. However, packets will be rejected as expected when sent to blocked
ports (whether blocked by schedule or by inbound filter) for which there are
no active sessions. Port and Address Restricted Filtering ensures that inbound
filters and schedules work precisely, but prevents some level of connectivity,
and therefore might require the use of port triggers, virtual servers, or port
forwarding to open the ports needed by the application. Address Restricted
Filtering gives a compromise position, which avoids problems when
communicating with certain other types of NAT router (symmetric NATs in
particular) but leaves inbound filters and scheduled access working as
expected.
°
Enable Port Preservation
:
Place a check in this box to enable Port
Preservation. NAT Port preservation (on by default) tries to ensure that, when
a LAN host makes an Internet connection, the same LAN port is also used as
the Internet visible port. This ensures best compatibility for internet
communications. Under some circumstances it may be desirable to turn off
this feature.
°
Enable anti-spoof checking
:
Place a check in this box to enable anti-spoof
checking. Enabling this option can provide protection from certain kinds of
"spoofing" attacks. However, enable this option with care. With some
modems, the WAN connection may be lost when this option is enabled. In
that case, it may be necessary to change the LAN subnet to something other
than 192.168.0.x (192.168.2.x, for example), to re-establish the WAN
connection.
°
Enable DMZ Host
: Place check in this box to enable DMZ host. DMZ host is a
demilitarized zone used to provide Internet services without sacrificing
unauthorized access to its local private network.
Typically, the DMZ host
contains devices accessible to Internet traffic, such as web, FTP, email and
DNS servers.
°
DMZ IP Address
: Specify the IP address of the DMZ host.
°
Non-UDP/TCP/ICMP LAN Sessions
: Place a check in this box to enable
this feature. When a LAN application that uses a protocol other than UDP, TCP,