Page 76 / 95 Scroll up to view Page 71 - 75
74
4.3.6 Virtual Server
In TCP/IP and UDP networks a port is a 16-bit number used to identify which application
program (usually a server) incoming connections should be delivered to. Some ports have
numbers that are pre-assigned to them by the IANA (the Internet Assigned Numbers
Authority), and these are referred to as “well-known ports”. Servers follow the well-known
port assignments so clients can locate them.
If you wish to run a server on your network that can be accessed from the WAN (i.e. from
other machines on the Internet that are outside your local network), or any application that
can accept incoming connections (e.g. Peer-to-peer/P2P software such as instant
messaging applications and P2P file-sharing applications) and are using NAT (Network
Address Translation), then you need to configure your router to forward these incoming
connection attempts using specific ports to the PC on your network running the application.
You also need to use port forwarding if you wish to host an online game server.
The reason is that when using NAT, your publicly accessible IP address is used by and
points to your router, which needs to deliver all traffic to the private IP addresses used by
your PCs. Please see the
WAN
configuration section of this manual for information on NAT.
The Internet Assigned Numbers Authority (IANA) is the central coordinator for the
assignment of unique parameter values for Internet protocols. Port numbers range from 0 to
65535, but only port numbers 0 to 1023 are reserved for privileged services and are
designated as “well-known ports”. The registered ports are numbered from 1024 through
49151. The remaining ports, referred to as dynamic ports, or private ports, are numbered
from 49152 through 65535.
Examples of well-known and registered port numbers are shown below, for further
information, please see IANA’s website at:
Page 77 / 95
75
Well-known and Registered Ports
Port Number
Protocol
Description
20
TCP
FTP Data
21
TCP
FTP Control
22
TCP & UDP
SSH Remote Login Protocol
23
TCP
Telnet
25
TCP
SMTP (Simple Mail Transfer Protocol)
53
TCP & UDP
DNS (Domain Name Server)
69
UDP
TFTP (Trivial File Transfer Protocol)
80
TCP
World Wide Web HTTP
110
TCP
POP3 (Post Office Protocol Version 3)
119
TCP
NEWS (Network News Transfer Protocol)
123
UDP
NTP (Network Time Protocol)
161
TCP
SNMP
443
TCP & UDP
HTTPS
1503
TCP
T.120
1720
TCP
H.323
4000
TCP
ICQ
7070
UDP
RealAudio
Item:
Item number
Type:
Select
TCP
if you wish to search for connection-based application services on the
remote server using the port number.
Port Start & Port End:
Enter the public port number & range you wish to configure.
IP Address:
Enter the IP address of a specific internal server to which requests from the
specified port is forwarded.
Add:
Click to add a new virtual server rule. Click again and the next figure appears.
Edit:
Check the Rule No. you wish to edit and then click “Edit”.
Page 78 / 95
76
Delete:
Check the Rule No. you wish to delete, then click “Delete”.
Item:
Item number
Service select:
Select the service you wish to configure
Protocol:
Automatic when you choose Service select
Start Port & End Port:
Enter the public port number & range you wish to configure.
IP Address:
Enter the IP address of a specific internal server to which requests from the
specified port is forwarded.
Since NAT acts as a “natural” Internet firewall, your router protects your network from access
by outside users, as all incoming connection attempts point to your router unless you
specifically create Virtual Server entries to forward those ports to a PC on your network.
When your router needs to allow outside users to access internal servers, e.g. a web server,
FTP server, Email server or game server, the router can act as a “virtual server”. You can set
up a local server with a specific port number for the service to use, e.g. web/HTTP (port 80),
FTP (port 21), Telnet (port 23), SMTP (port 25), or POP3 (port 110). When an incoming
access request to the router for a specified port is received, it is forwarded to the
corresponding internal server.
For example, if you set the port number 80 (Web/HTTP) to be mapped to the IP Address
192.168.0.2, then all incoming HTTP requests from outside users are forwarded to the local
server (PC) with the IP address of 192.168.0.2. If the port is not listed as a predefined
application, you need to add it manually.
Page 79 / 95
77
In addition to specifying the port number used, you also need to specify the protocol used.
The protocol is determined by the particular application. Most applications use TCP or UDP,
however you can specify other protocols using the drop-down
Protocol
menu. Setting the
protocol to “all” causes all incoming connection attempts using all protocols on all port
numbers to be forwarded to the specified IP address.
DMZ:
The DMZ Host is a local computer exposed to the Internet. When setting a particular
internal IP address as the DMZ Host, all incoming packets are checked by the Firewall and
NAT algorithms, then passed to the DMZ host when a packet received does not use a port
number in use by any other Virtual Server entries.
If you disable the NAT option in the WAN-ISP section, the Virtual Server
function becomes invalid.
Attention
If the DHCP server option is enabled, you have to be very careful in assigning
the IP addresses of the virtual servers in order to avoid conflicts. The easiest
way of configuring Virtual Servers is to manually assign a static IP address to
each virtual server PC, with an address that does not fall into the range of IP
addresses that are issued by the DHCP server. You can configure the virtual
server IP address manually, but it must still be in the same subnet as the
router.
Attention
Using port forwarding does have security implications, since outside users
are able to connect to PCs on your network. For this reason you are
advised to use specific Virtual Server entries just for the ports your
application requires instead of simply using DMZ or creating a Virtual
Server entry for “All” protocols, as doing so results in all connection
attempts to your public IP address accessing the specified PC.
Page 80 / 95
78
4.3.7 Advanced
Configuration options within the
Advanced
section are for users who wish to take
advantage of the more advanced features of the router. Users who do not understand the
features should not attempt to reconfigure their router, unless advised to do so by support
staff.
There are four items within the
Advanced
section:
Static Route, Dynamic DNS
,
VLan
Control
and
Device Management.
4.3.7.1 Static Route
Click on
Routing Table
and then choose
Create Route
to add a routing table.
Destination:
The destination subnet IP address.
Netmask:
Subnet mask of the destination IP addresses based on above destination.
Gateway:
The gateway IP address to which packets are forwarded.
Interface:
Select the interface through which packets are forwarded.
Cost:
Represents the cost of transmission for routing purposes. The number need not be
precise, but it must be between 0 and 65535.
4.3.7.2 Dynamic DNS
The Dynamic DNS function lets you alias a dynamic IP address to a static hostname, so if
your ISP does not assign you a static IP address you can still use a domain name. This is
especially useful for hosting servers via your ADSL connection, so that anyone wishing to
connect to you may use your domain name, rather than having to use your dynamic IP
address, which changes from time to time. This dynamic IP address is the WAN IP address

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top