Netgear Wndr3400v3 N600 Wireless Dual Band Router User Manual

							Advanced Settings 
81  N600 Wireless Dual Band Router WNDR3400v3
ignores any inbound traffic that is not a response to your own outbound traffic. You can 
configure exceptions to this default rule by using the port forwarding feature. 
A typical application of port forwarding can be shown by reversing the client-server 
relationship from the previous web server example. In this case, a remote computer’s 
browser needs to access a web server running on a computer in your local network. Using 
port forwarding, you can tell the router, “When you receive incoming traffic on port 80 (the 
standard port number for a web server process), forward it to the local computer at 
192.168.1.123.” The following sequence shows the effects of the port forwarding rule you 
have defined:
1. The user of a remote computer opens a browser and requests a web page from 
www.example.com, which resolves to the public IP address of your router. The remote 
computer composes a web page request message with the following destination 
information: 
Destination address. The IP address of www.example.com, which is the address of your 
router.
Destination port number. 80, which is the standard port number for a web server 
process.
The remote computer then sends this request message through the Internet to your 
router.
2. Your router receives the request message and looks in its rules table for any rules covering 
the disposition of incoming port 80 traffic. Your port forwarding rule specifies that incoming 
port 80 traffic should be forwarded to local IP address 192.168.1.123. Therefore, your router 
modifies the destination information in the request message:
The destination address is replaced with 192.168.1.123.
Your router then sends this request message to your local network.
3. Your web server at 192.168.1.123 receives the request and composes a return message 
with the requested web page data. Your web server then sends this reply message to your 
router.
4. Your router performs Network Address Translation (NAT) on the source IP address, and 
sends this request message through the Internet to the remote computer, which displays the 
web page from www.example.com.
To configure port forwarding, you need to know which inbound ports the application needs. 
You can usually determine this information by contacting the publisher of the application or 
the relevant user groups and newsgroups.
How Port Forwarding Differs from Port Triggering
The following points summarize the differences between port forwarding and port triggering:
•Port triggering is used by any computer on your network, although only one computer can 
use it at a time.
•Port forwarding is configured for a single computer on your network. 
						

							Advanced Settings 82
N600 Wireless Dual Band Router WNDR3400v3 
•
Port triggering does not require that you know the computer’s IP address in advance. The 
IP address is captured automatically.
• Port forwarding requires that you specify the computer
 ’s IP address during configuration, 
and the IP address can never change.
• Port triggering requires specific outbound traf
 fic to open the inbound ports, and the 
triggered ports are closed after a period of no activity.
• Port forwarding is always active and does not need to be triggered.
Set Up Port Forwarding to Local Servers
Using the port forwarding feature, you can allow certain types of incomi\
ng traffic to reach 
servers on your local network. For example, you might want to make a loc\
al web server, FTP 
server, or game server visible and available to the Internet.
Use the Port Forwarding screen to configure the router to forward specif\
ic incoming protocols 
to computers on your local network. In addition to servers for specific \
applications, you can 
also specify a default DMZ server to which all other incoming protocols \
are forwarded.
Before starting, you need to determine which type of service, applicatio\
n, or game you want 
to provide, and the local IP address of the computer that provides the s\
ervice. 

The server 
computer has to always have the same IP address.
To set up port forwarding:
Tip:T
o ensure that your server computer always has the same IP 
address, use the reserved IP address feature of your N600 Wireless 
Dual Band Router. 
1.  Select  Advanced Setup > Port Forwarding/Port T
 riggering to display the following 
screen: 
						

							Advanced Settings 83
 N600 Wireless Dual Band Router WNDR3400v3
Port Forwarding is selected as the service type.
2.  From the Service Name list, select the service or game that you host on \
your network. If the 
service does not appear in the list, see  Add a Custom Service on page 83.
3.  In the corresponding Server IP 
 Address field, enter the last digit of the IP address of your 
local computer that provides this service. 
4.  Click  Add. 
 The service appears in the list in the screen.
Add a Custom Service
To define a service, game, or application that does not appear in the Ser\
vice Name list, you 
have to first determine which port number or range of numbers used by th\
e application. You 
can usually determine this information by contacting the publisher of th\
e application or user 
groups or newsgroups. 
To add a custom service:
1. Select  Advanced > 
 Advanced Setup > Port Forwarding/Port Triggering .
2.  Select  Port Forwarding  as the service type.
3.  Click the  Add Custom Service button to display the following screen:
4. In the Service Name field, enter a descriptive name. 
5.  In the Service 
 Type list, select the protocol. If you are unsure, select  TCP/UDP.
6.  Specify the port settings:
• External Starting Port and External Ending Port. 
 These are the starting number 
and ending number for the public ports at the Internet interface. For si\
ngle port 
forwarding, the number in the External Starting Port and External Ending\
 Port fields 
can be the same. 
• Use the same port range for Internal port . 
 This check box is selected by default. If 
you want to use different ports, clear this check box and specify the internal ports. 
						

							Advanced Settings 
84 N600 Wireless Dual Band Router WNDR3400v3 
•Internal Starting Port and Internal Ending Port. These are the starting number and 
ending number for the ports of a computer on the router’s local area network (LAN). 
These are private ports. The router calculates the internal ending port. 
7. In the Internal IP Address field, enter the IP address of your local computer that provides this 
service.
8. Click Apply. The service appears in the list in the Port Forwarding/Port Triggering screen.
Edit or Delete a Port Forwarding Entry
To edit or delete a port forwarding entry:
1. In the table, select the radio button next to the service name.
2. Click Edit Service or Delete Service.
Application Example: Making a Local Web Server Public
If you host a web server on your local network, you can use port forwarding to allow web 
requests from anyone on the Internet to reach your web server. 
To make a local web server public:
1. Assign your web server either a fixed IP address or a dynamic IP address using DHCP 
address reservation. In this example, your router always gives your web server an IP 
address of 192.168.1.33. 
2. In the Port Forwarding screen, configure the router to forward the HTTP service to the local 
address of your web server at 192.168.1.33. HTTP (port 80) is the standard protocol for web 
servers.
3. (Optional) Register a host name with a Dynamic DNS service, and configure your router to 
use the name as described in 
Dynamic DNS on page 86. To access your web server from 
the Internet, a remote user has to know the IP address assigned by your ISP. However, if 
you use a Dynamic DNS service, the remote user can reach your server by a user-friendly 
Internet name, such as mynetgear.dyndns.org.
Set Up Port Triggering
Port triggering is a dynamic extension of port forwarding that is useful in these cases:
•More than one local computer needs port forwarding for the same application (but not 
simultaneously).
•An application needs to open incoming ports that are different from the outgoing port.
When port triggering is enabled, the router monitors outbound traffic looking for a specified 
outbound “trigger” port. When the router detects outbound traffic on that port, it remembers 
the IP address of the local computer that sent the data. The router then temporarily opens the 
specified incoming port or ports, and forwards incoming traffic on the triggered ports to the 
triggering computer.  
						

							Advanced Settings 85
 N600 Wireless Dual Band Router WNDR3400v3
Port forwarding creates a static mapping of a port number or range to a \
single local 
computer. Port triggering dynamically opens ports to any computer that needs the\
m and can 
close the ports when they are no longer needed.
Note:
If you use applications such as multiplayer gaming, peer-to-peer 
connections, real-time communications such as instant messaging, or 
remote assistance (a feature in Windows XP), you should also enable 
Universal Plug and Play (UPnP) according to the instructions in 
Universal Plug and Play  on page
  90.
To set up port triggering, you need to know which inbound ports the appli\
cation needs. Also,  you need to know the number of the outbound port that triggers the openi\
ng of the inbound 
ports. 

You can usually determine this information by contacting the publisher of\
 the 
application or user groups or newsgroups.
To set up port triggering: 
1.  Select  Advanced > 
 Advanced Setup > Port Forwarding/Port Triggering .
2.  Select the Port T
 riggering radio button to display the port triggering information.
3. Clear the Disable Port Triggering check box if it is selected.
Note: If the Disable Port Triggering check box is selected after you configure\
 
port triggering, port triggering is disabled. However, any port triggeri\
ng 
configuration information you added to the router is retained even 
though it is not used.
4.  In the Port 
 Triggering Timeout field, enter a value up to 9999 minutes. This value controls 
the inactivity timer for the designated inbound ports. The inbound ports close when the 
inactivity time expires. This is required because the router cannot be sure when the 
application has terminated. 
						

							Advanced Settings 86
N600 Wireless Dual Band Router WNDR3400v3 
5. 
Click  Add Service to display the following screen: 
6. In the Service Name field, type a descriptive service name. 
7.  In the Service User list, select  Any (the default) to allow this service to be used by any 
computer on the Internet. Otherwise, select  Single address, and enter the IP address of 
one computer to restrict the service to a particular computer

. 
8.  Select the service type, either  TCP or UDP or both ( TCP/UDP). If you are not sure, select 
TCP/UDP
 .
9.  In the 
Triggering Port field, enter the number of the outbound traffic port that causes the 
inbound ports to open. 
10.  Enter the inbound connection port information in the Connection 
 Type, Starting Port, and 
Ending Port fields.
11.  Click  Apply . 
 The service appears in the Port Triggering Portmap table. 
Dynamic DNS
If your Internet service provider (ISP) gave you a permanently assigne\
d IP address, you can 
register a domain name and have that name linked with your IP address by\
 public Domain 
Name Servers (DNS). However, if your Internet account uses a dynamically assigned IP 
address, you do not know in advance what your IP address will be, and th\
e address can 
change frequently. In this case, you can use a commercial Dynamic DNS service. This type 
of service lets you register your domain to their IP address and forward\
s traffic directed at 
your domain to your frequently changing IP address.
If your ISP assigns a private WAN IP address (such as 192.168.x.x or 10.x.x.x), the Dynamic 
DNS service will not work because private addresses are not routed on th\
e Internet.
Your router contains a client that can connect to the Dynamic DNS service\
 provided by  DynDNS.org. First visit their website at http://www
 .dyndns.org and obtain an account and 
host name that you configure in the router. Then, whenever your ISP-assigned IP address  
						

							Advanced Settings 87
 N600 Wireless Dual Band Router WNDR3400v3
changes, your router automatically contacts the Dynamic DNS service prov\
ider, logs in to 
your account, and registers your new IP address. If your host name is ho\
stname, for 
example, you can reach your router at http://hostname.dyndns.org.
On the Advanced tab, select 
Advanced Setup > Dynamic DNS to display the following 
screen:
To set up Dynamic DNS:
1.  Register for an account with one of the Dynamic DNS service providers wh\
ose URLs 
appear in the Service Provider list. 
2.  Select the Use a Dynamic DNS Service  check box. 
3.  Select the URL of your Dynamic DNS service provider
 . For example, for DynDNS.org, 
select  www.dyndns.org .
4.  T
ype the host name (or domain name) that your Dynamic DNS service provi\
der gave you.
5. T
ype the user name for your Dynamic DNS account. This is the name that you use to log in 
to your account, not your host name.
6.  T
ype the password (or key) for your Dynamic DNS account. 
7.  Click  Apply to save your configuration.
Static Routes
Static routes provide additional routing information to your router. Und\
er usual 
circumstances, the router has adequate routing information after it has \
been configured for 
Internet access, and you do not need to configure additional static rout\
es. You have to 
configure static routes only for unusual cases such as multiple routers \
or multiple IP subnets 
located on your network.
As an example of when a static route is needed, consider the following c\
ase: • Y
our primary Internet access is through a cable modem to an ISP. 
						

							Advanced Settings 88
N600 Wireless Dual Band Router WNDR3400v3 
•
You have an ISDN router on your home network for connecting to the compan\
y where 
you are employed. This router’s address on your LAN is  192.168.1.100.
• Y
our company’s network address is 134.177.0.0.
When you first configured your router, two implicit static routes were c\
reated. A default route 
was created with your ISP as the gateway

, and a second static route was created to your 
local network for all 192.168.1.x addresses. With this configuration, if\
 you attempt to access a 
device on the 134.177.0.0 network, your router forwards your request to \
the ISP. The ISP 
forwards your request to the company where you are employed, and the req\
uest is denied by 
the company’s firewall.
In this case you have to define a static route, telling your router that\
 134.177.0.0 should be 
accessed through the ISDN router at 192.168.1.100. In this example:
• The Destination IP 
 Address and IP Subnet Mask fields specify that this static route 
applies to all 134.177.x.x addresses. 
• The Gateway IP 
 Address field specifies that all traffic for these addresses should be 
forwarded to the ISDN router at 192.168.1.100. 
• A metric value of 1 works since the ISDN router is on the LAN. 
• Private is selected only as a precautionary security measure in case RIP\
 is activated.
To set up a static route:
1. Select  Advanced > 
 Advanced Setup > Static Routes, and click  Add to display the 
following screen:
2.  In the Route Name field, type a name for this static route (for identification purposes only.) 
3.  Select the  Private check box if you want to limit access to the LAN only
 . If Private is 
selected, the static route is not reported in RIP. 
4.  Select the  Active check box to make this route ef
 fective. 
5.  T
ype the IP address of the final destination.  
						

							Advanced Settings 89
 N600 Wireless Dual Band Router WNDR3400v3
6. 
Type the IP subnet mask for this destination. If the destination is a sin\
gle host, type 
255.255.255.255. 
7.  T
ype the gateway IP address, which has to be a  router on the same LAN segment as the 
N600 Wireless Dual Band Router. 
8.  T
ype a number between 1 and 15 as the metric value. 
This value represents the number of routers between your network and the\
 destination. Usually
 , a setting of 2 or 3 works, but if this is a direct connection, set it \
to 1. 
9.  Click  Apply to add the static route. 
Remote Management
The remote management feature lets you upgrade or check the status of yo\
ur N600 Wireless 
Dual Band Router over the Internet.
To set up remote management:
1. Select  Advanced > 
 Advanced Setup > Remote Management. 
Note:Be sure to change the router’s default login password to a secure 
password. The ideal password should contain no dictionary words 
from any language and contain uppercase and lowercase letters, 
numbers, and symbols. It can be up to 30 characters.
2.  Select the T
 urn Remote Management On  check box.
3.  Under  Allow Remote 
 Access By, specify the external IP addresses allowed to access the 
router’s  remote management.
Note: For enhanced security, restrict access to as few external IP addresses 
as practical. 
						

							Advanced Settings 
90 N600 Wireless Dual Band Router WNDR3400v3 
•To allow access from a single IP address on the Internet, select Only This 
Computer. Enter the IP address that allows access. 
•To allow access from a range of IP addresses on the Internet, select IP Address 
Range. Enter a beginning and ending IP address to define the allowed range. 
•To allow access from any IP address on the Internet, select Everyone. 
4. Specify the port number for accessing the web management interface.
Normal web browser access uses the standard HTTP service port 80. For greater 
security, enter a custom port number for the remote web management interface. Choose 
a number between 1024 and 65535, but do not use the number of any common service 
port. The default is 8080, which is a common alternate for HTTP.
5. Click Apply to have your changes take effect.
When accessing your router from the Internet, type your router’s WAN IP address into 
your browser’s address or location field followed by a colon (:) and the custom port 
number. For example, if your external address is 134.177.0.123 and you use port number 
8080, enter http://134.177.0.123:8080 in your browser.
USB Settings
For added security, the router can be set up to share only approved USB devices. See 
Specify Approved USB Devices on page 57 for the procedure.
Universal Plug and Play
Universal Plug and Play (UPnP) helps devices, such as Internet appliances and computers, 
to access the network and connect to other devices as needed. UPnP devices can 
automatically discover the services from other registered UPnP devices on the network.
Note:If you use applications such as multiplayer gaming, peer-to-peer 
connections, or real-time communications such as instant messaging 
or remote assistance (a feature in Windows XP), you should enable 
UPnP.