Netgear Router WGT624 V4 User Manual
Have a look at the manual Netgear Router WGT624 V4 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 137 Netgear manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
5-1 v1.0, May 2007 Chapter 5 Advanced Configuration This chapter describes how to configure the advanced features of your WGT624 v4 wireless router. These features are listed under the Advanced heading in the router’s main menu. Configuring Port Forwarding to Local Servers Although the router causes your entire local network to appear as a single machine to the Internet, you can make a local server (for example, a Web server or game server) visible and available to the Internet. This is done using the Port Forwarding page. From the Advanced section of the main menu, click Port Forwarding / Port Triggering to view the port forwarding page. Figure 5-1 Note: If you are unfamiliar with networking and routing, see “Internet Networking and TCP/IP Addressing” in Appendix B,” for a link to a tutorial that will help you become more familiar with the terms and procedures used in this manual.
108 Mbps Wireless Router WGT624 v4 Reference Manual 5-2 Advanced Configuration v1.0, May 2007 You can use the Port Forwarding menu to configure the router to forward incoming protocols to computers on your local network. In addition to servers for specific applications, you can also specify a Default DMZ Server to which all other incoming protocols are forwarded. The DMZ Server is configured in the WAN Setup Menu. Before starting, determine which type of service, application or game you will provide and the IP address of the computer that will provide each service. Be sure the computer’s IP address never changes. To configure port forwarding to a local server: 1.From the Service Name box, select the service or game that you will host on your network. If the service does not appear in the list, see the following section, “Adding a Port-Forwarding Custom Service”. 2.Enter the IP address of the local server in the corresponding Server IP Address box. 3.Click Add. Adding a Port-Forwarding Custom Service To define a service, game, or application that does not appear in the Service Name list, you must determine what port numbers are used by the service. For this information, you may need to contact the manufacturer of the program that you wish to use. When you have the port number information, follow these steps: 1.Click Add Custom Service. 2.Enter the first port number in an unused Starting Port box. 3.To forward only one port, enter it again in the Ending Port box. To specify a range of ports, enter the last port to be forwarded in the End Port box. 4.Enter the IP address of the local server in the corresponding Server IP Address box. 5.Type a name for the service. 6.Click Apply. Editing or Deleting a Port-Forwarding Entry To edit or delete a port forwarding entry: 1.In the table, select the button next to the service name. 2.Click Edit Service or Delete Service.
108 Mbps Wireless Router WGT624 v4 Reference Manual Advanced Configuration 5-3 v1.0, May 2007 Local Web and FTP Server Example If a local computer with a private IP address of 192.168.1.33 acts as a Web and FTP server, configure the ports menu to forward HTTP (port 80) and FTP (port 21) to local address 192.168.1.33 In order for a remote user to access this server from the Internet, the remote user must know the IP address that has been assigned by your ISP. If this address is 172.16.1.23, for example, users can access your Web server by directing the browser to http://172.16.1.23. You can view the assigned IP address in the Maintenance Status page, where it is shown as the WAN IP Address. Some considerations for this application are: • If your account’s IP address is assigned dynamically by your ISP, the IP address may change periodically as the DHCP lease expires. • If the IP address of the local computer is assigned by DHCP, it may change when the computer is rebooted. To avoid this, you can manually configure the computer to use a fixed address. • Local computers must access the local server using the computers’ local LAN address (192.168.1.33 in this example). Attempts by local computers to access the server using the external IP address (172.16.1.23 in this example) will fail. Network Computer Gaming Example To set up an additional computer to play Half Life, KALI, or Quake III: 1.Click the button of an unused port in the table. 2.Select the game again from the Service Name list. 3.Change the beginning port number in the Start Port box. For these games, use the supplied number in the default listing and add +1 for each additional computer. For example, if you have already configured one computer to play Hexen II (using port 26900), the second computer’s port number would be 26901, and the third computer would be 26902. 4.Type the same port number in the End Port box that you typed in the Start Port box. 5.Type the IP address of the additional computer in the Server IP Address box. 6.Click Apply.
108 Mbps Wireless Router WGT624 v4 Reference Manual 5-4 Advanced Configuration v1.0, May 2007 Some online games and videoconferencing applications are incompatible with NAT. The WGT624 v4 wireless router is programmed to recognize some of these applications and to work properly with them, but there are other applications that may not function well. In some cases, one local computer can run the application properly if that computer’s IP address is entered as the default in the Ports Menu. If one local computer acts as a game or videoconferencing host, enter its IP address as the default. Using Port Triggering Port triggering is an advanced feature that allows you to dynamically open inbound ports on the basis of outbound traffic on different ports. This feature can be used for gaming and other Internet applications. Port forwarding can typically be used to enable similar functionality, but it is static and has some limitations. Ports will be open to traffic from the Internet until the port-forwarding rule is removed. Additionally, port forwarding does not work well for some applications when your WAN IP address is assigned by DHCP, and is changed frequently. Port triggering opens an incoming port temporarily and does not require the server on the Internet to track your IP address if it is changed. Port triggering monitors outbound traffic. When the gateway detects traffic on the specified outbound port, it remembers the IP address of the computer that sent the data and “triggers” the incoming port. Incoming traffic on the triggered port is then forwarded to the triggering computer. Once configured, operation is as follows: 1. A computer makes an outgoing connection using a port number defined in the Port Triggering table. 2. The wireless router records this connection, opens the INCOMING port or ports associated with this entry in the Port Triggering table, and associates them with the computer. 3. The remote system receives the computer’s request, and responds using a different port number. 4. The wireless router matches the response to the previous request, and forwards the response to the computer. Without port triggering, this response would be treated as a new connection request rather than a response. As such, it would be handled in accordance with the port forwarding rules. Note: Only one computer can use a port triggering application at any time.
108 Mbps Wireless Router WGT624 v4 Reference Manual Advanced Configuration 5-5 v1.0, May 2007 After a computer has finished using a port Triggering application, there is a time-out period before the application can be used by another computer. This is required because the wireless router cannot be sure when the application has terminated. Port Triggering Menu The Port Triggering Portmap Table lists the current port triggering services: •Enable. Indicates if the rule is enabled or disabled. Generally, there is no need to disable a rule unless it interferes with some other function, such as port forwarding. •Service Name. The name assigned to this service. •Service Type. Either TCP or UDP. •Inbound Connection—indicates the type of inbound connection (TCP/UDP, TCP, or UDP) and the port range. •Service User—indicates who can use the service on the network. Adding a New Service To add a new service, click Add Service, and then enter the following data. 1.Enter service name in the Service Name box (for example, the name of the application) 2.Select Any or Single address from the Service User drop-down list. The default value (Any) will allow everyone on the network to use the service. If you select Single address, enter the IP address of the computer that will be allowed to use the service. Figure 5-2
108 Mbps Wireless Router WGT624 v4 Reference Manual 5-6 Advanced Configuration v1.0, May 2007 3.Select the service type (TCP or UDP) from the Service Type drop-down list. 4.Enter the outbound port number in the Triggering Port box. 5.Enter the inbound connection port information: a.Connection type (TCP/UDP, TCP, or UDP) b.Starting port c.Ending port For inbound connection information, see the game or applications manual or the product’s support website. Editing or Deleting a Service To edit an existing service: 1.From the Port Triggering page, select the service you want to edit from the list of services in the Port Triggering Portmap Table. 2.Click Edit Service or Delete Service, as required. 3.If editing, change the service information on the Port Triggering - Services page, as described in “Adding a New Service” on page 5-5, and then click Apply. WA N S e t u p O p t i o n s The WAN Setup options let you configure a DMZ server, change the MTU size, and enable the wireless router to respond to a ping on the WAN port. Figure 5-3
108 Mbps Wireless Router WGT624 v4 Reference Manual Advanced Configuration 5-7 v1.0, May 2007 The WAN setup options are explained below: • Disable SPI Firewall. Normally, this option should be enabled, so that your local network will be protected by the stateful packet inspection (SPI) firewall included in the wireless router. However, certain communications functions like VPN may require turning off the SPI feature. • Default DMZ Server. The default DMZ server feature is helpful when you use some online games and videoconferencing applications that are incompatible with NAT. The router is programmed to recognize some of these applications and to work properly with them, but there are other applications that may not function well. In some cases, one local computer can run the application properly if that computer’s IP address is entered as the default DMZ server. Incoming traffic from the Internet is normally discarded by the router unless the traffic is a response to one of your local computers or a service that you have configured in the Ports menu. Instead of discarding this traffic, you can have it forwarded to one computer on your network. This computer is called the default DMZ server. • NAT Filtering. This determines how your router handles inbound traffic. The Secured option provides a secure firewall to protect the computers on the LAN from attacks from the Internet, but it may cause some Internet games, point-to-point applications, or multimedia applications not to work. The Open option provides less protection, but allows almost all Internet applications to work. • Assigning a Default DMZ Server. See “Assigning a Default DMZ Server” on page 5-8. Note: When SPI firewall is disabled, you must use the Passive mode in the computer FTP client to connect to the FTP server. Note: DMZ servers pose a security risk. A computer designated as the default DMZ server loses much of the protection of the firewall, and is exposed to exploits from the Internet. If compromised, the DMZ server can be used to attack your network.
108 Mbps Wireless Router WGT624 v4 Reference Manual 5-8 Advanced Configuration v1.0, May 2007 • Respond to a Ping on the Internet WAN Port. If you want the router to respond to a ping from the Internet, select this check box. This should be used only as a diagnostic tool, since it allows your router to be discovered. Do not select this check box unless you have a specific reason to do so. • Setting the MTU Size. In most cases it is not necessary to set the MTU size. See “Setting the MTU Size” on page 5-8. Assigning a Default DMZ Server To assign a computer or server to be a default DMZ server: 1.Click WAN Setup on the Advanced section of the main menu. 2.Type the IP address for that server. To remove the default DMZ server, clear the Default DMZ Server check box. 3.Click Apply. Setting the MTU Size The default MTU size does not usually need to be changed. The normal maximum transmit unit (MTU) value for most Ethernet networks is 1500 bytes. For some ISPs, particularly some using PPPoE, you may need to reduce the MTU. You should not do this unless you are sure it is necessary for your ISP. Any packets sent through the router that are larger than the configured MTU size will be repackaged into smaller packets to meet the MTU requirement. To change the MTU size: 1.Under MTU Size, enter a new size between 64 and 1500. 2.Click Apply to save the new configuration. Using a Dynamic DNS Service If your network has a permanently assigned IP address, you can register a domain name and have that name linked with your IP address by public domain name servers (DNS). However, if your Internet account uses a dynamically assigned IP address, you will not know in advance what your IP address will be, and the address can change frequently. In this case, you can use a commercial dynamic DNS service that will allow you to register your domain to their IP address, and will forward traffic directed at your domain to whatever your current IP address happens to be.
108 Mbps Wireless Router WGT624 v4 Reference Manual Advanced Configuration 5-9 v1.0, May 2007 The router contains a client that can connect to many popular dynamic DNS services. You can select one of these services and obtain an account with them. Then, whenever your ISP-assigned IP address changes, your router will automatically contact your dynamic DNS service provider, log in to your account, and register your new IP address. From the wireless router’s main menu, under Advanced, click Dynamic DNS. To configure dynamic DNS: 1.Register for an account with one of the dynamic DNS service providers whose names appear in the Select Service Provider box. For example, for dyndns.org, enter www.dyndns.org. 2.Select the “Use a Dynamic DNS Service” check box. 3.Select the name of your dynamic DNS Service Provider. 4.Type the Host Name (or domain name) that your dynamic DNS service provider gave you. 5.Type the User Name for your dynamic DNS account. 6.Type the Password (or key) for your dynamic DNS account. 7.If your dynamic DNS provider allows the use of wildcards in resolving your URL, you may select the Use Wildcards check box to activate this feature. Note: If your ISP assigns a private WAN IP address (such as 192.168.x.x or 10.x.x.x), the dynamic DNS service will not work because private addresses will not be routed on the Internet. Figure 5-4
108 Mbps Wireless Router WGT624 v4 Reference Manual 5-10 Advanced Configuration v1.0, May 2007 For example, the wildcard feature will cause *.yourhost.dyndns.org to be aliased to the same IP address as yourhost.dyndns.org 8.Click Apply to save your configuration. Using LAN IP Setup Options The LAN IP Setup feature allows configuration of LAN IP services such as DHCP and RIP. From the wireless router’s main menu, under Advanced, click LAN IP Setup. The router is shipped preconfigured to use private IP addresses on the LAN side, and to act as a DHCP server. The router’s default LAN IP configuration is: • LAN IP address—192.168.1.1 • Subnet mask—255.255.255.0 These addresses are part of the IETF-designated private address range for use in private networks, and should be suitable in most applications. If your network has a requirement to use a different IP addressing scheme, you can make those changes in this menu. Figure 5-5