Edimax Router BR-6215NRg User Manual

							 
40  
 
2.6 NAT 
Network Address Translation (NAT) allows multiple users at your local site to access the Internet through a single Public 
IP Address or multiple Public IP Addresses. NAT provides Firewall protection from hacker attacks and has the flexibility 
to allow you to map Private IP Addresses to Public IP Addresses for key services such as Websites and FTP. 
 
 
 
 
 
Parameters   Description 
Port Forwarding You can have different services (e.g. email, FTP, Web etc.) going to different service 
servers/clients in your LAN. The Port Forwarding allows you to re-direct a particular range 
of service port numbers (from the Internet/WAN Ports) to a particular LAN IP address. 
Virtual Server You can have different services (e.g. email, FTP, Web etc.) going to different service 
servers/clients in your LAN. The Virtual Server allows you to re-direct a particular service 
port number (from the Internet/WAN Port) to a particular LAN IP address and its service 
port number. 
Special Applications Some applications require multiple connections, such as Internet games, video 
conferencing, Internet telephony and others. In this section you can configure the router to 
support these types of applications. 
UPnP Setting It allows to Enable or Disable UPnP feature here. After you enable the UPnP feature, all 
client systems that support UPnP, like Windows XP, can discover this router automatically 
and access the Internet through this router without any configuration. The NAT Traversal 
function provided by UPnP can let applications that support UPnP smoothly connect to 
Internet sites without any incompatibility problem due to the NAPT port translation. 
ALG Setting  You can select special applications that need “Application Layer Gateway” to support here.
Static Routing  You can disable NAT function and setup the routing rules manually. 
 
Click on one of the above NAT selections and proceed to the manuals relevant sub-section. 
 
2.6.1 Port Forwarding 
The Port Forwarding allows you to re-direct a particular range of service port numbers (from the Internet/WAN Ports) to a 
particular LAN IP address. It helps you to host some servers behind the router NAT firewall.  
						

							 
41  
 
Parameters   Description 
Enable Port Forwarding  Enable Port Forwarding 
Private IP This is the private IP of the server behind the NAT firewall. 
Note: You need to give your LAN PC clients a fixed/static IP address for Port Forwarding 
to work properly. 
Type This is the protocol type to be forwarded. You can choose to forward “TCP” or “UDP” 
packets only or select “both” to forward both “TCP” and “UDP” packets. 
Port Range  The range of ports to be forward to the private IP. 
Comment  The description of this setting. 
Add Port Forwarding Fill in the Private IP, “Type”, “Port Range” and Comment of the setting to be added and 
then click Add. Then this Port Forwarding setting will be added into the Current Port 
Forwarding Table below. If you find any typo before adding it and want to retype again, 
just click Clear and the fields will be cleared. 
Remove Port Forwarding If you want to remove some Port Forwarding settings from the “Current Port Forwarding 
Table, select the Port Forwarding settings you want to remove in the table and then click 
Delete Selected. If you want remove all Port Forwarding settings from the table, just click 
Delete All button. Click Reset will clear your current selections. 
Click  at the bottom of the screen to save the above configurations. You can now configure other advance 
sections or start using the router (with the advance settings in place) 
 
2.6.2 Virtual Server  
Use the Virtual Server function when you want different servers/clients in your LAN to handle different service/Internet 
application type (e.g. Email, FTP, Web server etc.) from the Internet. Computers use numbers called port numbers to 
recognize a particular service/Internet application type. The Virtual Server allows you to re-direct a particular service port 
number (from the Internet/WAN Port) to a particular LAN private IP address and its service port number. (See Glossary 
for an explanation on Port number)  
						

							 
42  
 
Parameters   Description 
Enable Virtual Serve  Enable Virtual Server. 
Private IP This is the LAN client/host IP address that the Public Port number packet will be sent to. 
Note: You need to give your LAN PC clients a fixed/static IP address for Virtual Server to 
work properly. 
Private Port This is the port number (of the above Private IP host) that the below Public Port number 
will be changed to when the packet enters your LAN (to the LAN Server/Client IP) 
Type Select the port number protocol type (TCP, UDP or both). If you are unsure, then leave it 
to the default both protocols. 
Public Port Enter the service (service/Internet application) port number from the Internet that will be 
re-directed to the above Private IP address host in your LAN  
Note: Virtual Server function will have priority over the DMZ function if there is a conflict 
between the Virtual Server and the DMZ settings. 
Comment  The description of this setting. 
Add Virtual Server Fill in the Private IP, Private Port, Type, “Public Port” and Comment of the setting 
to be added and then click Add. Then this Virtual Server setting will be added into the 
Current Virtual Server Table below. If you find any typo before adding it and want to 
retype again, just click Clear and the fields will be cleared. 
Remove Virtual Server If you want to remove some Virtual Server settings from the “Current Virtual Server 
Table, select the Virtual Server settings you want to remove in the table and then click 
Delete Selected. If you want remove all Virtual Server settings from the table, just click 
Delete All button. Click Reset will clear your current selections. 
 
Click  at the bottom of the screen to save the above configurations. You can now configure other advance 
sections or start using the router (with the advance settings in place) 
 
Note: The function of NAS FTP/HTTP server will be affected after you setting FTP/HTTP server in Virtual Server, due to 
the priority of settings in Virtual Server are higher than in NAS. 
 
Example: Virtual Server 
The diagram below demonstrates one of the ways you can use the Virtual Server function. Use the Virtual Server when 
you want the web server located in your private LAN to be accessible to Internet users. The configuration below means 
that any request coming form the Internet to access your web server will be translated to your LAN’s web server 
(192.168.2.2).  
  
						

							 
43  
Note: For the virtual server to work properly Internet/remote users must know your global IP address. (For websites you 
will need to have a fixed/static global/public IP address) 
 
 
 
 
 
 
 
 
 
 
 
 
2.6.3 Special Applications 
Some applications require multiple connections, such as Internet games, video conferencing, Internet telephony and 
others. In this section you can configure the router to support multiple connections for these types of applications. 
 
Parameters   Description 
Enable Trigger Port  Enable the Special Application function. 
Trigger Port  This is the out going (Outbound) range of port numbers for this particular application 
Trigger Type  Select whether the outbound port protocol is “TCP”, “UDP” or both. 
Public Port Enter the In-coming (Inbound) port or port range for this type of application (e.g. 2300-
2400, 47624) 
Note: Individual port numbers are separated by a comma (e.g. 47624, 5775, and 6541 
etc.). To input a port range use a “dash” to separate the two port number range (e.g. 
2300-2400) 
Public Type  Select the Inbound port protocol type: “TCP”, “UDP” or both  
						

							 
44  
Comment  The description of this setting. 
Popular applications This section lists the more popular applications that require multiple connections. Select 
an application from the Popular Applications selection. Once you have selected an 
application, select a location (1-10) in the Copy to selection box and then click the Copy 
to button. This will automatically list the Public Ports required for this popular application 
in the location (1-10) you’d specified. 
Add Special Application Fill in the Trigger Port, Trigger Type”, “Public Port”, Public Type, Public Port and 
Comment of the setting to be added and then click Add. Then this Special Application 
setting will be added into the Current Trigger-Port Table below. If you find any typo 
before adding it and want to retype again, just click Clear and the fields will be cleared.
If you want to add a popular application, select one “Popular Application” and then click 
“Add”. 
Remove Special 
Application If you want to remove some Special Application settings from the Current Trigger-Port 
Table, select the Special Application settings you want to remove in the table and then 
click Delete Selected. If you want remove all Special Applications settings from the 
table, just click Delete All button. Click Reset will clear your current selections. 
 
Click  at the bottom of the screen to save the above configurations. You can now configure other advance 
sections or start using the router (with the advance settings in place) 
 
Example: Special Applications  
If you need to run applications that require multiple connections, specify the port (outbound) normally associated with 
that application in the Trigger Port field. Then select the protocol type (TCP or UDP) and enter the public ports 
associated with the trigger port to open them up for inbound traffic. 
 
Example: 
 
ID Trigger 
Port Trigger 
Type   Public 
Port Public 
Type Comment 
1 28800  UDP 2300-2400, 
47624 TCP MSN Game 
Zone 
2 6112 UDP 6112  UDP Battle.net 
 
In the example above, when a user trigger’s port 28800 (outbound) for MSN Game Zone then the router will allow 
incoming packets for ports 2300-2400 and 47624 to be directed to that user.   
 
Note: Only one LAN client can use a particular special application at a time. 
 
2.6.4 UPnP Settings 
With UPnP, all PCs in you Intranet will discover this router automatically. So you do not have to do any configuration for 
your PC and can access the Internet through this router easily. 
  
						

							 
45  
Parameters Default Description 
UPnP Feature Disable You can Enable or Disable UPnP feature here. After you enable the 
UPnP feature, all client systems that support UPnP, like Windows 
XP, can discover this router automatically and access the Internet 
through this router without any configuration. The NAT Traversal 
function provided by UPnP can let applications that support UPnP 
smoothly connect to Internet sites without any incompatibility problem 
due to the NAPT port translation. 
 
Click  at the bottom of the screen to save the above configurations. You can now configure other advance 
sections or start using the router (with the advance settings in place) 
 
 
2.6.5 ALG Settings 
You can select applications that need “Application Layer Gateway” to support. 
 
Parameters Default Description 
Enable   You can select to enable “Application Layer Gateway”, and then the 
router will let that application correctly pass though the NAT gateway.
 
Click  at the bottom of the screen to save the above configurations. You can now configure other advance 
sections or start using the router (with the advance settings in place) 
 
2.6.6 Static Routing 
This router provides Static Routing function when NAT is disabled. With Static Routing, the router can forward packets 
according to your routing rules. The IP sharing function will not work any more in Static Routing mode. 
 
Note: The DMZ function of firewall will not work if static routing is enabled.  
						

							 
46  
 
 
Parameters   Description 
Enable Static Routing Static Routing function is default disabled. You have to enable the Static Routing function 
before your routing rules take effect. 
Destination LAN IP  The network address of destination LAN. 
Subnet Mask  The subnet mask of destination LAN. 
Default Gateway The next stop gateway of the path toward the destination LAN. This is the IP of the neighbor 
router that this router should communicate with on the path to the destination LAN. 
Hop Count  The number of hops (routers) to pass through to reach the destination LAN. 
Interface  The interface that go to the next hop (router). 
Add a Rule Fill in the Destination LAN IP, Subnet Mask”, “Default Gateway”, Hop Count and 
Interface of the rule to be added and then click Add. Then this rule of Static Routing will be 
added into the Static Routing Table below. If you find any typo before adding it and want to 
retype again, just click Reset and the fields will be cleared. 
Remove a Rule If you want to remove some routing rules from the Static Routing Table, select the rules you 
want to remove in the table and then click Delete Selected. If you want remove all rules 
from the table, just click Delete All button. Click Reset will clear your current selections. 
 
Click  at the bottom of the screen to save the above configurations. You can now configure other advance 
sections or start using the router (with the advance settings in place) 
 
2.7 Firewall 
 
The Broadband router provides extensive firewall protection by restricting connection parameters, thus limiting the risk of 
hacker attack, and defending against a wide array of common Internet attacks. However, for applications that require 
unrestricted access to the Internet, you can configure a specific client/server as a Demilitarized Zone (DMZ).  
 
Note: To enable the Firewall settings select Enable and click Apply  
						

							 
47  
 
Parameters   Description 
Access Control  Access Control allows you to specify which hosts users can or cannot have access to 
certain Internet applications 
URL Blocking  URL Blocking allows you to specify which URLs can not be accessed by users. 
DoS  The Broadband routers firewall can block common hacker attacks and can log the attack 
activities. 
DMZ The DMZ function allows you to re-direct all packets going to your WAN port IP address 
to a particular IP address in your LAN. 
 
Click on one of the firewall selections and proceed to the manual’s relevant sub-section 
 
2.7.1 Access Control 
If you want to restrict users from accessing certain Internet applications/services (e.g. Internet websites, email, FTP etc.), 
this is the place to set that configuration. Access Control allows users to define the traffic type permitted in your LAN. 
You can control which PC client can have access to these services.  
  
						

							 
48  
Parameters   Description 
Deny If select “Deny” then all PCs will be allowed to access Internet accept for the PCs in the 
list below. 
Allow If select “Allow” then all PCs will be denied to access Internet accept for the PCs in the 
list below. 
Filter client PCs by IP  Fill “IP Filtering Table” to filter PC clients by IP. 
Add PC  You can click Add PC to add an access control rule for users by IP addresses. 
Remove PC If you want to remove some PC from the IP Filtering Table, select the PC you want to 
remove in the table and then click Delete Selected. If you want remove all PCs from the 
table, just click Delete All button. 
Filter client PC by MAC 
address Check “Enable MAC Filtering” to enable MAC Filtering. 
Add PC Fill in “Client PC MAC Address” and “Comment” of the PC that is allowed to access the 
Internet, and then click “Add”. If you find any typo before adding it and want to retype 
again, just click Reset and the fields will be cleared. 
Remove PC If you want to remove some PC from the MAC Filtering Table, select the PC you want to 
remove in the table and then click Delete Selected. If you want remove all PCs from the 
table, just click Delete All button. If you want to clear the selection and re-select again, 
just click “Reset”. 
 
You can now configure other advance sections or start using the router (with the advance settings in place) 
 
  
						

							 
49  
 
Parameters   Description 
Client PC Description  The description for this client PC rule. 
Client PC IP Addresses Enter the IP address range that you wish to apply this Access Control rule. This is the 
user’s IP address (es) that you wish to setup an Access Control rule. 
Note: You need to give your LAN PC clients a fixed/static IP address for the Access 
Control rule to work properly. 
Client PC Service You can block the clients from accessing some Internet services by checking the services 
you want to block. 
Protocol  This allows you to select UDP, TCP or both protocol types you want to block. 
Port Range It can be assign up to five port ranges. The router will block clients from accessing 
Internet services that use these ports. 
Apply Changes  Click “Apply Changes” to save the setting. 
Reset  Click “Reset” to clear all fields. 
 
Click  at the bottom of the screen to save the above configurations. You can now configure other 
advance sections or start using the router (with the advance settings in place) 
 
Example: Access Control  
In the example below, LAN client A can only access websites that use Port 80. However, LAN client B is able to access 
websites and any other service that uses ports between 80 and 999. 
 
 
 
 
 
 
 
 
 
2.7.2 URL Blocking 
You can block access to some Web sites from particular PCs by entering a full URL address or just keyword of the Web 
site.