ZyXEL Router Prestige 334 User Manual
Have a look at the manual ZyXEL Router Prestige 334 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 3 ZyXEL manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Prestige 334 User’s Guide Chapter 7 Network Address Translation (NAT) Screens 90 The following table summarizes these types. 7.2 Using NAT 7.2.1 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server. The Prestige also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of clients or servers using mapping types. Select either SUA Only or Full Feature in the WAN IP screen. 7.3 SUA Server A SUA server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visible to the outside world even though SUA makes your whole inside network appear as a single computer to the outside world. Table 22 NAT Mapping Types TYPEIP MAPPINGSMT ABBREVIATION One-to-OneILA1ÅÆ IGA11-1 Many-to-One (SUA/PAT)ILA1ÅÆ IGA1 ILA2ÅÆ IGA1 … M-1 Many-to-Many OverloadILA1ÅÆ IGA1 ILA2ÅÆ IGA2 ILA3ÅÆ IGA1 ILA4ÅÆ IGA2 … M-M Ov Many One-to-OneILA1ÅÆ IGA1 ILA2ÅÆ IGA2 ILA3ÅÆ IGA3 … M-1-1 ServerServer 1 IPÅÆ IGA1 Server 2 IPÅÆ IGA1 Server 3 IPÅÆ IGA1 Server Note: You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the Prestige.
Prestige 334 User’s Guide 91 Chapter 7 Network Address Translation (NAT) Screens You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server. The port number identifies a service; for example, web service is on port 80 and FTP on port 21. In some cases, such as for unknown services or where one server can support more than one service (for example both FTP and web service), it might be better to specify a range of port numbers. You can allocate a server IP address that corresponds to a port or a range of ports. Many residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location. If you are unsure, refer to your ISP. 7.3.1 Default Server IP Address In addition to the servers for specified services, NAT supports a default server IP address. A default server receives packets from ports that are not specified in this screen 7.3.2 Port Forwarding: Services and Port Numbers A NAT server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make accessible to the outside world even though NAT makes your whole inside network appear as a single machine to the outside world. Use the SUA Server page to forward incoming service requests to the server(s) on your local network. You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server. The port number identifies a service; for example, web service is on port 80 and FTP on port 21. In some cases, such as for unknown services or where one server can support more than one service (for example both FTP and web service), it might be better to specify a range of port numbers. In addition to the servers for specified services, NAT supports a default server. A service request that does not have a server explicitly designated for it is forwarded to the default server. If the default is not defined, the service request is simply discarded. Note: If you do not assign a Default Server IP Address, the Prestige discards all packets received for ports that are not specified in this screen or remote management. Note: Many residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location. If you are unsure, refer to your ISP.
Prestige 334 User’s Guide Chapter 7 Network Address Translation (NAT) Screens 92 The most often used port numbers are shown in the following table. Please refer to RFC 1700 for further information about port numbers. Please also refer to the Supporting CD for more examples and details on SUA/NAT. 7.3.3 Configuring Servers Behind SUA (Example) Lets say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet Table 23 Services and Port Numbers SERVICESPORT NUMBER ECHO7 FTP (File Transfer Protocol)21 SMTP (Simple Mail Transfer Protocol)25 DNS (Domain Name System)53 Finger79 HTTP (Hyper Text Transfer protocol or WWW, Web)80 POP3 (Post Office Protocol)11 0 NNTP (Network News Transport Protocol)11 9 SNMP (Simple Network Management Protocol)161 SNMP trap162 PPTP (Point-to-Point Tunneling Protocol)1723
Prestige 334 User’s Guide 93 Chapter 7 Network Address Translation (NAT) Screens Figure 29 Multiple Servers Behind NAT Example 7.4 Configuring SUA Server Click SUA/NAT to open the SUA Server screen. Refer to Table 23 for port numbers commonly used for particular services. Note: If you do not assign a Default Server IP Address, the Prestige discards all packets received for ports that are not specified in this screen or remote management.
Prestige 334 User’s Guide Chapter 7 Network Address Translation (NAT) Screens 94 Figure 30 SUA/NAT Setup The following table describes the labels in this screen. Table 24 SUA/NAT Setup LABELDESCRIPTION Default ServerIn addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in this screen. If you do not assign a Default Server IP Address, the Prestige discards all packets received for ports that are not specified in this screen or remote management. #Number of an individual SUA server entry. ActiveSelect this check box to enable the SUA server entry. Clear this checkbox to disallow forwarding of these ports to an inside server without having to delete the entry. NameEnter a name to identify this port-forwarding rule. Start Po rtEnter a port number here. To forward only one port, enter it again in the End Port field. To specify a range of ports, enter the last port to be forwarded in the End Port field. End Port Server IP AddressEnter the inside IP address of the server here. ApplyClick Apply to save your changes back to the Prestige. ResetClick Reset to begin configuring this screen afresh.
Prestige 334 User’s Guide 95 Chapter 7 Network Address Translation (NAT) Screens 7.5 Configuring Address Mapping Ordering your rules is important because the Prestige applies the rules in the order that you specify. When a rule matches the current packet, the Prestige takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty rules. For example, if you have already configured rules 1 to 6 in your current set and now you configure rule number 9. In the set summary screen, the new rule will be rule 7, not 9. Now if you delete rule 4, rules 5 to 7 will be pushed up by 1 rule, so old rules 5, 6 and 7 become new rules 4, 5 and 6. To change your Prestige’s Address Mapping settings, click SUA/NAT, then the Address Mapping tab. The screen appears as shown. Figure 31 Address Mapping The following table describes the labels in this screen. Table 25 Address Mapping LABELDESCRIPTION Local Start IPThis refers to the Inside Local Address (ILA), which is the starting local IP address. If the rule is for all local IP addresses, then this field displays 0.0.0.0 as the Local Start IP address. Local IP addresses are N/A for Server port mapping. Local End IPThis is the end Inside Local Address (ILA). If the rule is for all local IP addresses, then this field displays 255.255.255.255 as the Local End IP address. This field is N/A for One-to-One and Server mapping types. Global Start IPThis refers to the Inside Global IP Address (IGA). 0.0.0.0 is for a dynamic IP address from your ISP with Many-to-One and Server mapping types. Global End IPThis is the end Inside Global Address (IGA). This field is N/A for One-to-One, Many-to-One and Server mapping types.
Prestige 334 User’s Guide Chapter 7 Network Address Translation (NAT) Screens 96 7.5.1 Configuring Address Mapping To edit an address mapping rule, select the radio button of a rule and click the Edit button to display the screen shown next. Ty p e1. One-to-One mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type. 2. Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXELs Single User Account feature that previous ZyXEL routers supported only. 3. Many-to-Many Overload mode maps multiple local IP addresses to shared global IP addresses. 4. Many One-to-One mode maps each local IP address to unique global IP addresses. 5. Server allows you to specify inside servers of different services behind the NAT to be accessible to the outside world. Insert Click Insert to insert a new mapping rule before an existing one. Edit Click Edit to go to the Address Mapping Rule screen. DeleteClick Delete to delete an address mapping rule. Table 25 Address Mapping LABELDESCRIPTION
Prestige 334 User’s Guide 97 Chapter 7 Network Address Translation (NAT) Screens Figure 32 Address Mapping Edit The following table describes the labels in this screen. Table 26 Address Mapping Edit LABELDESCRIPTION Ty peChoose the port mapping type from one of the following. 1. One-to-One: One-to-one mode maps one local IP address to one global IP address. Note that port numbers do not change for One-to-one NAT mapping type. 2. Many-to-One: Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXELs Single User Account feature. 3. Many-to-Many Overload: Many-to-Many Overload mode maps multiple local IP addresses to shared global IP addresses. 4. Many One-to-One: Many One-to-one mode maps each local IP address to unique global IP addresses. 5. Server: This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world. Local Start IPThis is the starting Inside Local IP Address (ILA). Local IP addresses are N/A for Server port mapping. Local End IPThis is the end Inside Local IP Address (ILA). If your rule is for all local IP addresses, then enter 0.0.0.0 as the Local Start IP address and 255.255.255.255 as the Local End IP address. This field is N/A for One-to-One and Server mapping types. Global Start IPThis is the starting Inside Global IP Address (IGA). Enter 0.0.0.0 here if you have a dynamic IP address from your ISP. Global End IPThis is the ending Inside Global IP Address (IGA). This field is N/A for One-to- One, Many-to-One and Server mapping types. ApplyClick Apply to save your changes back to the Prestige. CancelClick Cancel to return to the previous screen and not save your changes.
Prestige 334 User’s Guide Chapter 7 Network Address Translation (NAT) Screens 98 7.6 Trigger Port Forwarding Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side. With regular port forwarding you set a forwarding port in NAT to forward a service (coming in from the server on the WAN) to the IP address of a computer on the client side (LAN). The problem is that port forwarding only forwards a service to a single LAN IP address. In order to use the same service on a different LAN computer, you have to manually replace the LAN computers IP address in the forwarding port with another LAN computers IP address, Trigger port forwarding solves this problem by allowing computers on the LAN to dynamically take turns using the service. The Prestige records the IP address of a LAN computer that sends traffic to the WAN to request a service with a specific port number and protocol (a trigger port). When the Prestiges WAN port receives a response with a specific port number and protocol (incoming port), the Prestige forwards the traffic to the LAN IP address of the computer that sent the request. After that computer’s connection for that service closes, another computer on the LAN can use the service in the same manner. This way you do not need to configure a new IP address each time you want a different LAN computer to use the application. 7.6.1 Trigger Port Forwarding Example The following is an example of trigger port forwarding. Figure 33 Trigger Port Forwarding Process: Example 1Jane requests a file from the Real Audio server (port 7070). 2Port 7070 is a “trigger” port and causes the Prestige to record Jane’s computer IP address. The Prestige associates Janes computer IP address with the incoming port range of 6970-7170. 3The Real Audio server responds using a port number ranging between 6970-7170. 4The Prestige forwards the traffic to Jane’s computer IP address. 5Only Jane can connect to the Real Audio server until the connection is closed or times out. The Prestige times out in three minutes with UDP (User Datagram Protocol), or two hours with TCP/IP (Transfer Control Protocol/Internet Protocol).
Prestige 334 User’s Guide 99 Chapter 7 Network Address Translation (NAT) Screens 7.6.2 Two Points To Remember About Trigger Ports 1Trigger events only happen on data that is going coming from inside the Prestige and going to the outside. 2If an application needs a continuous data stream, that port (range) will be tied up so that another computer on the LAN can’t trigger it. 7.7 Configuring Trigger Port Forwarding To change your Prestige’s trigger port settings, click SUA/NAT and the Trigger Port tab. The screen appears as shown. Figure 34 Trigger Port The following table describes the labels in this screen. Note: Only one LAN computer can use a trigger port (range) at a time Table 27 Trigger Port LABELDESCRIPTION #This is the rule index number (read-only). NameType a unique name (up to 15 characters) for identification purposes. All characters are permitted - including spaces.