Zyxel NBG-416N Router Manual PDF (Setup & Configuration Guide)

Page 106 / 244 Scroll up to view Page 101 - 105

Chapter 11 Network Address Translation (NAT)

NBG-416N User’s Guide

106

Refer to

Appendix E on page 205

for port numbers commonly used for particular

services.

Figure 62

Network > NAT > Application

The following table describes the labels in this screen.

Table 42

Network > NAT > Application

LABEL

DESCRIPTION

Add Application Rule

Active

Select the check box to enable this rule and the requested service can

be forwarded to the host with a specified internal IP address.

Clear the checkbox to disallow forwarding of these ports to an inside

server without having to delete the entry.

Service Name

Type a name (of up to 31 printable characters) to identify this rule in

the first field next to

Service Name

. Otherwise, select a predefined

service in the second field next to

Service Name

. The predefined

service name and port number(s) will display in the

Service Name

and

Port

fields.

Local Port

Range

Public Port

Range

Type a port number(s) to be forwarded.

To specify a range of ports, enter a hyphen (-) between the first port

and the last port, such as 10-20.

To specify two or more non-consecutive port numbers, separate them

by a comma without spaces, such as 123,567.

Server IP

Address

Type the inside IP address of the server that receives packets from the

port(s) specified in the

Port

field.

Apply

Click

Apply

to save your changes to the

Application Rules Summary

table.

Page 107 / 244

Chapter 11 Network Address Translation (NAT)

NBG-416N User’s Guide

107

11.5

Technical Reference

The following section contains additional technical information about the NBG-

416N features described in this chapter.

11.5.1

NAT Port Forwarding: Services and Port Numbers

A port forwarding set is a list of inside (behind NAT on the LAN) servers, for

example, web or FTP, that you can make accessible to the outside world even

though NAT makes your whole inside network appear as a single machine to the

outside world.

Use the

Application

screen to forward incoming service requests to the server(s)

on your local network. You may enter a single port number or a range of port

numbers to be forwarded, and the local IP address of the desired server. The port

number identifies a service; for example, web service is on port 80 and FTP on

port 21. In some cases, such as for unknown services or where one server can

support more than one service (for example both FTP and web service), it might

be better to specify a range of port numbers.

In addition to the servers for specified services, NAT supports a default server. A

service request that does not have a server explicitly designated for it is forwarded

Reset

Click

Reset

to not save and return your new changes in the

Service

Name

and

Port

fields to the previous one.

Application Rules Summary

#

This is the number of an individual port forwarding server entry.

Active

This icon is turned on when the rule is enabled.

Name

This field displays a name to identify this rule.

Local Start/End

Port

Public Start/End

Port

This field displays the port number(s).

Protocol

This field displays the traffic protocol type.

Server IP

Address

This field displays the inside IP address of the server.

Modify

Click the

Edit

icon to display and modify an existing rule setting in the

fields under

Add Application Rule

.

Click the

Remove

icon to delete a rule.

Table 42

Network > NAT > Application (continued)

LABEL

DESCRIPTION

Page 108 / 244

Chapter 11 Network Address Translation (NAT)

NBG-416N User’s Guide

108

to the default server. If the default is not defined, the service request is simply

discarded.

Note: Many residential broadband ISP accounts do not allow you to run any server

processes (such as a Web or FTP server) from your location. Your ISP may

periodically check for servers and may suspend your account if it discovers any

active services at your location. If you are unsure, refer to your ISP.

11.5.2

NAT Port Forwarding Example

Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (

A

in

the example), port 80 to another (

B

in the example) and assign a default server IP

address of 192.168.1.35 to a third (

C

in the example). You assign the LAN IP

addresses and the ISP assigns the WAN IP address. The NAT network appears as a

single host on the Internet.

Figure 63

Multiple Servers Behind NAT Example

Page 109 / 244

NBG-416N User’s Guide

109

C

HAPTER

12

Firewall

12.1

Overview

Use these screens to enable and configure the firewall that protects your NBG-

416N and your LAN from unwanted or malicious traffic.

Enable the firewall to protect your LAN computers from attacks by hackers on the

Internet and control access between the LAN and WAN. By default the firewall:

•

allows traffic that originates from your LAN computers to go to all of the

networks.

•

blocks traffic that originates on the other networks from going to the LAN.

The following figure illustrates the default firewall action. User

A

can initiate an IM

(Instant Messaging) session from the LAN to the WAN (

1

). Return traffic for this

session is also allowed (

2

). However other traffic initiated from the WAN is blocked

(

3

and

4

).

Figure 64

Default Firewall Action

12.2

What You Can Do

•

Use the

General

screen

to enable or disable the NBG-416N’s firewall (

Section

12.4 on page 111

).

Page 110 / 244

Chapter 12 Firewall

NBG-416N User’s Guide

110

•

Use the

Services

screen to enable or disable ICMP and VPN passthrough

features (

Section 12.5 on page 111

).

12.3

What You Need To Know

The NBG-416N’s firewall feature physically separates the LAN and the WAN and

acts as a secure gateway for all data passing between the networks.

12.3.1

About the NBG-416N Firewall

The NBG-416N firewall is a stateful inspection firewall and is designed to protect

against Denial of Service attacks when activated (click

the

General

tab under

Firewall

and then click the

Enable

Firewall

check box). The NBG-416N's

purpose is to allow a private Local Area Network (LAN) to be securely connected to

the Internet. The NBG-416N can be used to prevent theft, destruction and

modification of data, as well as log events, which may be important to the security

of your network.

The NBG-416N is installed between the LAN and a broadband modem connecting

to the Internet. This allows it to act as a secure gateway for all data passing

between the Internet and the LAN.

The NBG-416N has one Ethernet WAN port and four Ethernet LAN ports, which are

used to physically separate the network into two areas.The WAN (Wide Area

Network) port attaches to the broadband (cable or DSL) modem to the Internet.

The LAN (Local Area Network) port attaches to a network of computers, which

needs security from the outside world. These computers will have access to

Internet services such as e-mail, FTP and the World Wide Web. However, "inbound

access" is not allowed (by default) unless the remote host is authorized to use a

specific service.

12.3.2

VPN Pass Through Features

A Virtual Private Network (VPN) is a way to securely connect two networks over

the Internet. For example a home network and one in a business office. This

requires special equipment on both ends of the connection.

The NBG-416N is not one of the endpoints but it does allow traffic from those

endpoints to pass through. The NBG-416N allows the following types of VPN traffic

to pass through:

•

IP security (IPSec)

•

Point-to-Point Tunneling Protocol (PPTP)

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share