Watson-SHDSL-Router-Manual.doc
Version 1.0-03
Watson SHDSL Router
Operating Manual
3.2.3 DMZ Host
The DMZ (Demilitarized) Host feature allows one local computer to be exposed to the Internet. Des-
ignate a DMZ host when:
You wish to use a special-purpose Internet service, such as an on-line application or video-
conferencing program, that is not present in the Port Forwarding list and for which no port range in-
formation is available.
You are not concerned with security and wish to expose one computer to all services without re-
striction.
Warning: A DMZ host is not protected by the firewall and may be vulnerable to attack. Designating
a DMZ host may also put other computers in the local network at risk. When designating a DMZ
host, you must consider the security implications and protect it if necessary.
An incoming request for access to a service in the local network, such as a Web-server, is fielded
by Watson SHDSL router. It will forward this request to the DMZ host (if one is designated) unless
the service is being provided by another PC in the home network (assigned in Port Forwarding), in
which case that PC will receive the request instead.
3.2.4 Port Triggering
Port triggering can be used for dynamic port forwarding configuration. By setting port triggering
rules, you can allow inbound traffic to arrive at a specific LAN host, using ports different than those
used for the outbound traffic. This is called port triggering since the outbound traffic triggers to
which ports inbound traffic is directed.
For example, consider a server that is accessed using UDP protocol on port 2222. The server re-
sponds by connecting the user using UDP on port 3333 when starting sessions. In such a case you
must use port triggering, since this scenario conflicts with the following default firewall settings:
The firewall blocks inbound traffic by default.
The server replies to Watson SHDSL router IP, and the connection is not sent back to your
host, since it is not part of a session.
In order to solve this you need to define a Port Triggering entry, which allows inbound traffic on
UDP port 3333, only after a LAN host generated traffic to UDP port 2222. This will result in accept-
ing the inbound traffic from the server, and sending it back to the LAN Host which originated the
outgoing traffic to UDP port 2222.
3.2.5 Website Restrictions
Watson SHDSL router can be configured to block specific Internet websites so that they cannot be
accessed from computers in the local network. Moreover, restrictions can be applied to a compre-
hensive and automatically-updated table of sites to which access is not recommended.
3.2.6 Network Address Translation (NAT)
Watson SHDSL router features a configurable Network Address Translation (NAT) and Network
Address Port Translation (NAPT) mechanism, allowing to control the network addresses and ports
of packets routed through the router. When enabling multiple computers on the local network to ac-
cess the Internet using a fixed number of public IP addresses, you can statically define which LAN
IP address will be translated to which NAT IP address and/or ports.
Revision: 2007-05-24 3-5
To Next Page
Loading...
