802.11g Wireless Four Port Ethernet ADSL2+ Router

allowed to access the router. Select Allow Association to permit access to the router, MAC addresses not lusted will be denied access to the router.

7 Advanced Setup

7.1 Firewall

User can enable or disable firewall feature of the ADSL router in the page.

Firewall: Select this option can automatically detect and block Denial of Service (DoS) attacts, such as Ping of Death, SYN Flood, Port Scan and Land Attack.

SPI: Select this option to Enabled or Disabled the SPI feature. (NOTE: If you enable SPI, all traffics initiate from WAN would be blocked, including DMZ, Virtual Server, and ACL WAN side)

7.2 Routing

This table lists IP address of Internet destinations commonly accessed by your network.

When a computer requests to send data to a listed destination, the device uses the Gateway IP to identify the first Internet router it should contact to route the data most efficiently. Select this option will list the routing table information. You can press ADD ROUTE to edit the static route.

(As below screen)

44

[Static Route]

Select this option to set Static Routing information.

Destination IP Address: This parameter specifies the IP network address of the final destination of packets routed by this rule.

IP Subnet Mask: Enter the subnet mask for this destination.

Gateway IP Address: Enter the IP address of the gateway. A gateway does the actual forwarding of the packets. Enter the gateway’s IP address in the field or select which PVC you wish to act as a gateway.

The gateway is an immediate neighbor of your ADSL Router that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as your Router; over Internet (WAN), the gateway must be the IP address of one of the remote nodes.

Metric: Metric represents the “cost” of transmission for routing purposes. IP Routing uses hop count as the measurement of cost, with a minimum of 1 for directly connected networks. Enter a number that approximates the cost for this link. The number need not to be precise, but it must between 1 and 15. In practice, 2 or 3 is usually a good number.

Announced in RIP: This parameter determines if the ADSL router includes the router to this

45

remote node in its RIP broadcasts. If you choose Yes, the router in this remote node will be propagated to other hosts through RIP broadcasts. If you choose No, this route is kept private and is not included in the RIP broadcasts.

When you are done making changes, click on SAVE to save your changes, DELETE to delete the rule with the parameters you set, BACK to return to the previous screen or CANCEL to exit without saving.

7.3 NAT

Network Address Translation (NAT) is a method for disguising the private IP addresses you use on your LAN as the public IP address you use on the Internet. You define NAT rules that specify exactly how and when to translate between public and private IP addresses. Simply select this option to setup the NAT function for your ADSL router.

Virtual Circuit (VC): The Virtual Circuit (VC) properties of the ATM VC interface identify a unique path that your ADSL/Ethernet router uses to communicate via the ATM-based network with the telephone company central office equipment.

NAT Status: This filed shows the current status of the NAT function for the current VC.

Number of IPs: This field is to specify how many IPs are provided by your ISP for current VC. It can be single IP or multiple IPs.

Note:

For VCs with single IP, they share the same DMZ & Virtual servers; for VCs with multiple

IPs, each VC cab set DMZ and Virtual servers. Furthermore, for VCs with multiple IPs, they can

46

define the Address Mapping rules; for VCs with single IP, since they have only one IP, there is no need to individually define the Address Mapping rule.

7.3.1 What NAT Does

NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host. Note that the IP address (either local or global) of an outside host is never changed.

The global IP addresses for the inside hosts can be either static or dynamically assigned by the

ISP. You may also designate servers, such as a Web server and a telnet server, on your local network and make them accessible to the outside world. With no servers defined, your ROUTER filters out all incoming inquiries, thus preventing intruders from probing your network. For more information on IP address translation, refer to RFC 1631, The IP Network Address Translator

(NAT).

Inside/outside indicates where a host is located relative to the ROUTER. The computers hosts of your LAN are inside, while the Web servers on the Internet are outside.

Global/local indicates the IP address of a host in a packet as the packet traverses a router. The local address refers to the IP address of a host when the packet is in the local network, while the global address refers to the IP address of the host when the same packet is traveling in the WAN side.

Note that inside/outside refers to the location of a host, while global/local refers to the IP address of a host used in a packet. Thus, an inside local address (ILA) is the IP address of an inside host of a packet when the packet is still in the local network, while an inside global address

(IGA) is the IP address of the same inside host when the packet is on the WAN side.

The following table summarizes this information.

Inside

ITEM DESCRIPTION

This refers to the host on the LAN.

Outside This refers to the host on the WAN.

Local

Global

This refers to the packet address (source or destination) as the packet travels on the LAN.

This refers to the packet address (source or destination) as the packet travels on the WAN.

7.3.2 How NAT Works

Each packet has two addresses – a source address and a destination address. For outgoing packets, the ILA is the source address on the LAN, and the IGA is the source address

47

on the WAN. For incoming packets, the ILA is the destination address on the LAN, and the IGA is the destination address on the WAN. NAT maps private (local) IP addresses to globally unique ones required for communication with hosts on other networks. It replaces the original IP source address (and TCP or UDP source port numbers for Many-to-One and Many-to-Many Overload

NAT mapping) in each packet and then forwards it to the Internet. The ROUTER keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored.

The following figure illustrates this.

7.3.3 NAT Application

The following figure illustrates a possible NAT application, where three inside LANs

(logical LANs using IP Alias) behind the router can communicate with three distinct WAN networks. More examples follow at the end of this chapter.

48

7.3.4 NAT Mapping Types

NAT supports five types of IP/port mapping. They are: a. One-to-One: In One-to-One mode, the TC3162 EVM maps one local IP address to one global

IP address. b. Many-to-One: In Many-to-One mode, the TC3162 EVM maps multiple local IP addresses to one global IP address. c. Many-to-Many Overload: In Many-to-Many Overload mode, the TC3162 EVM maps multiple local IP addresses to shared global IP addresses. d. Many-to-Many No Overload: In Many-to-Many No Overload mode, the TC3162 EVM maps each local IP address to a unique global IP address. e. Server: This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world.

The following table summarizes these types.

One-to-One ILA1 IGA1

Many-to-One (SUA/PAT) ILA1 IGA1

ILA2 IGA1

…

Many-to-Many Overload ILA1 IGA1

ILA2 IGA2

ILA3 IGA1

ILA4 IGA2

…

Many-to-Many No Overload ILA1 IGA1

ILA2 IGA2

ILA3 IGA3

…

Server Server 1 IP IGA1

Server 2 IP IGA1

Server 3 IP IGA1

7.3.5 DMZ

A DMZ (de-militarized zone) is a host between a private local network and the outside public network. It prevents outside users from getting direct access to s server that has company data. Users of the public network outside the company can access only the DMZ host.

DMZ: Toggle the DMZ function Enabled or Disabled.

49

DMZ Host IP Address: Enter the specified IP Address for DMZ host on the LAN side

When you are done making changes, click on SAVE to save your changes or on BACK to return to the previous screen.

7.3.6 Virtual Server

The Virtual Server is the server or server(s) behind NAT (on the LAN), for example, Web server or FTP server, that you can make visible to the outside world even though NAT makes your whole inside network appear as a single machine to the outside world.

Rule Index: The Virtual server rule index for this VC. You can specify up to 10 rules. All the VCs with single IP will use the same Virtual Server rules.

Start & End port number: Enter the specific Start and End Port number you want to forward. If it is one port only, you can enter the End port number the same as Start port number. For example, set the FTP Virtual server, you can set the start and end port number to 21.

Local IP Address: Enter the IP Address for the Virtual Server in LAN side.

Virtual Server Listing: This is a listing of all virtual servers your have set.

When you are done making changes, click on SAVE to save your changes, DELETE to delete the rule with the parameters you set, BACK to return to the previous screen or CANCEL to exit without saving.

50

7.3.7 IP Address Mapping

The IP Address Mapping is for those VCs that with multiple IPs. The IP Address Mapping rule is per-VC based. (only for Multiple IPs’ VCs).

Rule Index: The Virtual server rule index for this VC. You can specify up to 10 rules. All the

VCs with single IP will use the same Virtual Server rules.

Rule Type: There are 4 types of One-to-One , Many-to-One, Many-to-Many Overload , and

Many-to Many No-Overload .

Local Start & End IP: Enter the local IP address you plan to map to. Local Start IP is the starting local IP address & Local End IP is the ending local IP address. If the rule is for all local IPs, then the Start IP is 0.0.0.0 and the End IP is 255.255.255.255.

Public Start & End IP: Enter the Public IP Address you want to do NAT. Public Start IP is the

51

starting Public IP Address and Public End IP is the ending Public IP Address. If you have a

Dynamic IP, enter 0.0.0.0 as the Public Start IP.

When you are done making changes, click on SAVE to save your changes, DELETE to delete the rule with the parameters you set, BACK to return to the previous screen or CANCEL to exit without saving.

52

7.4 ADSL

Select this option to set ADSL Mode and ADSL Type information.

ADSL Mode: Select which mode your ADSL connection uses from the dropdown list.

The option has Auto Sync-up, ADSL2+, ADSL2, G.DMT, T1.413, G.LITE

ADSL Type: Select the ADSL type you use from the dropdown list.

ANNEX A, ANNEX I, ANNEX A/L, ANNEX M, ANNEX A/I/J/L/M

When you are done making changes, click on SAVE to save your changes.

53