Chapter 6 Network Address Translation (NAT) Screens

P-660R-F1 Series User’s Guide

81

6.4.3

Configuring Servers Behind Port Forwarding (Example)

Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (

A

in the example),

port 80 to another (

B

in the example) and assign a default server IP address of 192.168.1.35 to a

third (

C

in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address.

The NAT network appears as a single host on the Internet.

Figure 43

Multiple Servers Behind NAT Example

6.5

Configuring Port Forwarding

Note: The

Port Forwarding

screen is available only when you select

SUA Only

in the

NAT > General

screen.

If you do not assign a

Default Server

IP address, the ZyXEL Device discards all

packets received for ports that are not specified here or in the remote management

setup.

Click

Network > NAT > Port Forwarding

to open the following screen.

See

Table 26 on page 80

for port numbers commonly used for particular services.

Figure 44

NAT Port Forwarding

Chapter 6 Network Address Translation (NAT) Screens

P-660R-F1 Series User’s Guide

82

The following table describes the fields in this screen.

6.5.1

Port Forwarding Rule Edit

To edit a port forwarding rule, click the rule’s edit icon in the

Port Forwarding

screen to display

the screen shown next.

Figure 45

Port Forwarding Rule Setup

Table 27

NAT Port Forwarding

LABEL

DESCRIPTION

Default Server

Setup

Default Server

In addition to the servers for specified services, NAT supports a default server. A

default server receives packets from ports that are not specified in this screen. If

you do not assign a

Default Server

IP address, the ZyXEL Device discards all

packets received for ports that are not specified here or in the remote

management setup.

Port Forwarding

Service Name

Select a service from the drop-down list box.

Server IP Address

Enter the IP address of the server for the specified service.

Add

Click this button to add a rule to the table below.

#

This is the rule index number (read-only).

Active

Click this check box to enable the rule.

Service Name

This is a service’s name.

Start Port

This is the first port number that identifies a service.

End Port

This is the last port number that identifies a service.

Server IP Address

This is the server’s IP address.

Modify

Click the edit icon to go to the screen where you can edit the port forwarding rule.

Click the delete icon to delete an existing port forwarding rule. Note that

subsequent rules move up by one when you take this action.

Apply

Click

Apply

to save your changes back to the ZyXEL Device.

Cancel

Click

Cancel

to return to the previous configuration.

Chapter 6 Network Address Translation (NAT) Screens

P-660R-F1 Series User’s Guide

83

The following table describes the fields in this screen.

6.6

The SIP ALG Screen

Some NAT routers may include a SIP Application Layer Gateway (ALG). A SIP ALG allows SIP calls

to pass through NAT by examining and translating IP addresses embedded in the data stream.

When the ZyXEL Device registers with the SIP register server, the SIP ALG translates the ZyXEL

Device’s private IP address inside the SIP data stream to a public IP address. You do not need to

use STUN or an outbound proxy if your ZyXEL Device is behind a SIP ALG.

Use this screen to enable and disable the SIP (VoIP) ALG in the ZyXEL Device. To access this

screen, click

Network > NAT > ALG.

Figure 46

Network > NAT > ALG

Table 28

Port Forwarding Rule Setup

LABEL

DESCRIPTION

Active

Click this check box to enable the rule.

Service Name

Enter a name to identify this port-forwarding rule.

Start Port

Enter a port number in this field.

To forward only one port, enter the port number again in the

End Port

field.

To forward a series of ports, enter the start port number here and the end port

number in the

End Port

field.

End Port

Enter a port number in this field.

To forward only one port, enter the port number again in the

Start

Port

field above

and then enter it again in this field.

To forward a series of ports, enter the last port number in a series that begins with

the port number in the

Start Port

field above.

Server IP

Address

Enter the inside IP address of the server here.

Back

Click

Back

to return to the previous screen.

Apply

Click

Apply

to save your changes back to the ZyXEL Device.

Cancel

Click

Cancel

to begin configuring this screen afresh.

Chapter 6 Network Address Translation (NAT) Screens

P-660R-F1 Series User’s Guide

84

The following table describes the fields in this screen.

6.7

DMZ Hosting

For some applications or devices, NAT can cause problems or it might be best to allow some

functions to operate on an private LAN IP address without being “hidden”from the WAN side. DMZ

Hosting allows a singel IP address to be visisble from the WAN.

Use this screen to enable and disable DMZ Hosting and select a specific IP address to apply DMZ

hosting. To access this screen, click

Network > NAT > ALG

.

Figure 47

Network > NAT > DMZ

The following table describes the fields in this screen.

Table 29

Network > NAT > ALG

LABEL

DESCRIPTION

Enable SIP ALG

Select this to make sure SIP (VoIP) works correctly with port-forwarding and

address-mapping rules.

Apply

Click this to save your changes.

Reset

Click this to restore your previously saved settings.

Table 30

Network > NAT > DMZ

LABEL

DESCRIPTION

Active DMZ

Hosting

Select this to activate DMZ Hosting for the specified IP address.

DMZ Hosting

Address

Type the IP address used for DMZ hosting. This IP address will be outside that

group of LAN IP addresses normally hidden by NAT. It will be visible to anyone

actively looking for LAN IP addresses on your private network.

Apply

Click this to save your changes.

P-660R-F1 Series User’s Guide

85

C

HAPTER

7

Firewalls

7.1

Overview

This chapter shows you how to enable and configure the ZyXEL Device firewall. Use these screens

to enable and configure the firewall that protects your ZyXEL Device and network from attacks by

hackers on the Internet and control access to it. By default the firewall:

•

allows traffic that originates from your LAN computers to go to all other networks.

•

blocks traffic that originates on other networks from going to the LAN.

The following figure illustrates the default firewall action. User

A

can initiate an IM (Instant

Messaging) session from the LAN to the WAN (1). Return traffic for this session is also allowed (2).

However other traffic initiated from the WAN is blocked (3 and 4).

Figure 48

Default Firewall Action

7.1.1

What You Can Do in the Firewall Screens

•

Use the

General

screen to enable firewall and/or triangle route on the ZyXEL Device, and set the

default action that the firewall takes on packets that do not match any of the firewall rules.

•

Use the

Rules

screen to view the configured firewall rules and add, edit or remove a firewall rule.

•

Use the

Threshold

screen to set the thresholds that the ZyXEL Device uses to determine when

to start dropping sessions that do not become fully established (half-open sessions).

7.1.2

What You Need to Know About Firewall

DoS

Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the

Internet. Their goal is not to steal information, but to disable a device or network so users no longer

WAN

LAN

3

4

1

2

A