Netgear Router WGT624 V3 User Manual
Have a look at the manual Netgear Router WGT624 V3 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 137 Netgear manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Advanced Configuration 6-1 202-10090-01, April 2005 Chapter 6 Advanced Configuration This chapter describes how to configure the advanced features of your WGT624 v3 108 Mbps Wireless Firewall Router. These features can be found under the Advanced heading in the Main Menu of the browser interface. Configuring Port Forwarding to Local Servers Although the router causes your entire local network to appear as a single machine to the Internet, you can make a local server (for example, a web server or game server) visible and available to the Internet. This is done using the Port Forwarding menu. From the Main Menu of the browser interface, under Advanced, click on Port Forwarding to view the port forwarding menu, shown below. Figure 6-1: Port Forwarding Menu . Note: If you are unfamiliar with networking and routing, refer to Appendix B, “Network, Routing, Firewall, and Basics,” to become more familiar with the terms and procedures used in this manual.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 6-2 Advanced Configuration 202-10090-01, April 2005 Use the Port Forwarding menu to configure the router to forward incoming protocols to computers on your local network. In addition to servers for specific applications, you can also specify a Default DMZ Server to which all other incoming protocols are forwarded. The DMZ Server is configured in the WAN Setup Menu. Before starting, youll need to determine which type of service, application or game youll provide and the IP address of the computer that will provide each service. Be sure the computer’s IP address never changes. To configure port forwarding to a local server: 1.From the Service Name box, select the service or game that you will host on your network. If the service does not appear in the list, refer to the following section, “Adding a Port Forwarding Custom Service”. 2.Enter the IP address of the local server in the corresponding Server IP Address box. 3.Click the Add button. Adding a Port Forwarding Custom Service To define a service, game or application that does not appear in the Service Name list, you must determine what port numbers are used by the service. For this information, you may need to contact the manufacturer of the program that you wish to use. When you have the port number information, follow these steps: 1.Click the Add Custom Service button. 2.Enter the first port number in an unused Starting Port box. 3.To forward only one port, enter it again in the Ending Port box. To specify a range of ports, enter the last port to be forwarded in the End Port box. 4.Enter the IP address of the local server in the corresponding Server IP Address box. 5.Type a name for the service. 6.Click Apply at the bottom of the menu. Editing or Deleting a Port Forwarding Entry To edit or delete a Port Forwarding entry, follow these steps. 1.In the table, select the button next to the service name. 2.Click Edit or Delete.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Advanced Configuration 6-3 202-10090-01, April 2005 Local Web and FTP Server Example If a local PC with a private IP address of 192.168.1.33 acts as a web and FTP server, configure the Ports menu to forward HTTP (port 80) and FTP (port 21) to local address 192.168.1.33 In order for a remote user to access this server from the Internet, the remote user must know the IP address that has been assigned by your ISP. If this address is 172.16.1.23, for example, an Internet user can access your web server by directing the browser to http://172.16.1.23. The assigned IP address can be found in the Maintenance Status Menu, where it is shown as the WAN IP Address. Some considerations for this application are: • If your account’s IP address is assigned dynamically by your ISP, the IP address may change periodically as the DHCP lease expires. • If the IP address of the local PC is assigned by DHCP, it may change when the PC is rebooted. To avoid this, you can manually configure the PC to use a fixed address. • Local PCs must access the local server using the PCs’ local LAN address (192.168.1.33 in this example). Attempts by local PCs to access the server using the external IP address (172.16.1.23 in this example) will fail. Multiple Computers for Half Life, KALI or Quake III Example To set up an additional computer to play Half Life, KALI or Quake III: 1.Click the button of an unused port in the table. 2.Select the game again from the Service Name list. 3.Change the beginning port number in the Start Port box. For these games, use the supplied number in the default listing and add +1 for each additional computer. For example, if youve already configured one computer to play Hexen II (using port 26900), the second computers port number would be 26901, and the third computer would be 26902. 4.Type the same port number in the End Port box that you typed in the Start Port box. 5.Type the IP address of the additional computer in the Server IP Address box. 6.Click Apply.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 6-4 Advanced Configuration 202-10090-01, April 2005 Some online games and videoconferencing applications are incompatible with NAT. The WGT624 v3 wireless router is programmed to recognize some of these applications and to work properly with them, but there are other applications that may not function well. In some cases, one local PC can run the application properly if that PC’s IP address is entered as the default in the PORTS Menu. If one local PC acts as a game or videoconferencing host, enter its IP address as the default. Using Port Triggering Port Triggering is an advanced feature that allows you to dynamically open inbound ports on the basis of outbound traffic on different ports. This is an advanced feature that can be used for gaming and other Internet applications. Port Forwarding can typically be used to enable similar functionality, but it is static and has some limitations. Ports will be open to traffic from the Internet until the port forwarding rule is removed. Additionally, port forwarding does not work well for some applications when your WAN IP address is assigned by DHCP, and is changed frequently. Port Triggering opens an incoming port temporarily and does not require the server on the Internet to track your IP address if it is changed. Port Triggering monitors outbound traffic. When the gateway detects traffic on the specified outbound port, it remembers the IP address of the computer that sent the data and “triggers” the incoming port. Incoming traffic on the triggered port is then forwarded to the triggering computer. Once configured, operation is as follows: • A PC makes an outgoing connection using a port number defined in the Port Triggering table. • This Router records this connection, opens the INCOMING port or ports associated with this entry in the Port Triggering table, and associates them with the PC. • The remote system receives the PCs request, and responds using a different port number. • This Router matches the response to the previous request, and forwards the response to the PC. • (Without Port Triggering, this response would be treated as a new connection request rather than a response. As such, it would be handled in accordance with the Port Forwarding rules.) Note: Only 1 PC can use a Port Triggering application at any time. After a PC has finished using a Port Triggering application, there is a Time-out period before the application can be used by another PC. This is required because this Router cannot be sure when the application has terminated.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Advanced Configuration 6-5 202-10090-01, April 2005 Port Triggering Rules Menu The Port Triggering Rules Menu lists the current rules: • Enable - Indicates if the rule is enabled or disabled. Generally, there is no need to disable a rule unless it interferes with some other function, such as Port Forwarding. • Name - The name for this rule. • Outgoing Ports - The port or port range for outgoing traffic. An outgoing connection using one of these ports will Trigger this rule. • Incoming Ports - The port or port range used by the remote system when it responds to the outgoing request. A response using one of these ports will be forwarded to the PC which triggered this rule. Figure 6-2: Port Triggering screens Adding a new Rule To add a new rule, click the Add and enter the following data on the resulting screen. • Name - enter a suitable name for this rule (e.g. the name of the application) • Enable/Disable - select the desired option. • Outgoing (Trigger) Port Range - enter the range of port numbers used by the application when it generates an outgoing request.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 6-6 Advanced Configuration 202-10090-01, April 2005 • Incoming (Response) Port Range - enter the range of port numbers used by the remote system when it responds to the PCs request. Modifying or Deleting an existing Rule: • Select the desired rule by clicking the radio button beside the rule. • Click Edit or Delete as desired. • Checking Operation and Status Rules Status To see which rules are currently being used, click the Status button. The following data will be displayed: • Rule - the name of the Rule. • LAN IP Address - The IP address of the PC currently using this rule. • Open Ports - the Incoming ports which are associated the this rule. Incoming traffic using one of these ports will be sent to the IP address above. • Time Remaining - The time remaining before this rule is released, and thus available for other PCs. This timer is restarted whenever incoming or outgoing traffic is received.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Advanced Configuration 6-7 202-10090-01, April 2005 Configuring WAN Setup Options The WAN Setup options let you configure a DMZ server, change the MTU size and enable the wireless router to respond to a Ping on the WAN port. These options are discussed below. Figure 6-3: WAN Setup menu. • Connect Automatically, as Required Normally, this option should be enabled. An Internet connection will be made automatically after each timeout, whenever Internet-bound traffic is detected. This provides connection on demand and is potentially cost-saving. If disabled, you must connect manually, using the Connection Status button on the Router Status screen. This manual connection will stay up all the time without timeouts. • Disable SPI Firewall Normally, this option should be Enabled, so that your local network will be protected by the Stateful Packet Inspection (SPI) firewall included in the WGT624 v3. However, certain communications functions like VPN may require turning off the SPI feature. Note: When SPI Firewall is disabled, you must use the Passive mode in the PC FTP client to connect to the FTP server.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 6-8 Advanced Configuration 202-10090-01, April 2005 • Setting Up a Default DMZ Server The default DMZ server feature is helpful when using some online games and videoconferencing applications that are incompatible with NAT. The router is programmed to recognize some of these applications and to work properly with them, but there are other applications that may not function well. In some cases, one local PC can run the application properly if that PC’s IP address is entered as the default DMZ server. Incoming traffic from the Internet is normally discarded by the router unless the traffic is a response to one of your local computers or a service that you have configured in the Ports menu. Instead of discarding this traffic, you can have it forwarded to one computer on your network. This computer is called the Default DMZ Server. The WAN Setup menu, shown below lets you configure a Default DMZ Server. To assign a computer or server to be a Default DMZ server, follow these steps: 1.Click WAN Setup link on the Advanced section of the main menu. 2.Type the IP address for that server. To remove the default DMZ server, uncheck the Default DMZ Server checkbox. 3.Click Apply. • Respond to Ping on Internet WAN Port If you want the router to respond to a ping from the Internet, click the ‘Respond to Ping on Internet WAN Port’ check box. This should only be used as a diagnostic tool, since it allows your router to be discovered. Dont check this box unless you have a specific reason to do so. • Setting the MTU Size The default MTU size is usually fine. The normal MTU (Maximum Transmit Unit) value for most Ethernet networks is 1500 Bytes. For some ISPs, particularly some using PPPoE, you may need to reduce the MTU. This should not be done unless you are sure it is necessary for your ISP. Any packets sent through the router that are larger than the configured MTU size will be repackaged into smaller packets to meet the MTU requirement. To change the MTU size: Note: DMZ servers pose a security risk. A computer designated as the default DMZ server loses much of the protection of the firewall, and is exposed to exploits from the Internet. If compromised, the DMZ server can be used to attack your network.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Advanced Configuration 6-9 202-10090-01, April 2005 Under MTU Size, enter a new size between 64 and 1500. Then, click Apply to save the new configuration. Using a Dynamic DNS Service If your network has a permanently assigned IP address, you can register a domain name and have that name linked with your IP address by public Domain Name Servers (DNS). However, if your Internet account uses a dynamically assigned IP address, you will not know in advance what your IP address will be, and the address can change frequently. In this case, you can use a commercial dynamic DNS service which will allow you to register your domain to their IP address, and will forward traffic directed at your domain to whatever your current IP address happens to be. The router contains a client that can connect to many popular dynamic DNS services. You can select one of these services and obtain an account with them. Then, whenever your ISP-assigned IP address changes, your router will automatically contact your dynamic DNS service provider, log in to your account, and register your new IP address. From the Main Menu of the browser interface, under Advanced, click on Dynamic DNS. Figure 6-4: Dynamic DNS screen Note: If your ISP assigns a private WAN IP address (such as 192.168.x.x or 10.x.x.x), the dynamic DNS service will not work because private addresses will not be routed on the Internet.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 6-10 Advanced Configuration 202-10090-01, April 2005 To configure Dynamic DNS: 1.Register for an account with one of the dynamic DNS service providers whose names appear in the ‘Select Service Provider’ box. For example, for dyndns.org, go to www.dyndns.org. 2.Select the Use a Dynamic DNS service check box. 3.Select the name of your dynamic DNS Service Provider. 4.Type the Host Name (or domain name) that your dynamic DNS service provider gave you. 5.Type the User Name for your dynamic DNS account. 6.Type the Password (or key) for your dynamic DNS account. 7.If your dynamic DNS provider allows the use of wildcards in resolving your URL, you may select the Use wildcards check box to activate this feature. For example, the wildcard feature will cause *.yourhost.dyndns.org to be aliased to the same IP address as yourhost.dyndns.org 8.Click Apply to save your configuration.