background image

 

NAT 

NAT (Network Address Translation) is the technology which allows one (1) WAN (Internet) IP 
address to be used by many LAN users. 

 

 

Figure 4-10: NAT

 

 

Settings – NAT 

NAT 
Configuration 

 

NAT Routing

 –Enables or disables NAT routing by checking or un-checking 

the checkbox. If you disable NAT routing, this device will act as a Bridge or 
Static Router. Most features, including Load Balance, will be unavailable. If 
some packets have port numbers which cannot be translated for special 
applications, you must input value in port range for 

Disable Port Translation

 

TCP Timeout

 –The time during which TCP expects to receive the 

acknowledgement from the destination. The default is 300 seconds.  

 

UDP Timeout

 –The time during which UDP expects to receive the 

acknowledgement from the destination. The default is 120 seconds. 

 

TCP Window Limit

 –The maximum number of outstanding packets prior to 

TCP receiving an acknowledgement. The default is 0 (no limit). 

 

TCP MSS Limit

 –The largest amount of data that can be transmitted in one 

TCP packet. The default is 0 (no change). 

Page 44 

Summary of Contents for BR-6624

Page 1: ...BR 6624 Load Balancing Router Manual...

Page 2: ......

Page 3: ...IP Setup 28 Routing 30 Virtual Server 33 Special Application 36 Dynamic DNS 38 Multi DMZ 40 UPnP 42 NAT 43 ARP Status 45 Advanced Features 46 5 SECURITY MANAGEMENT 48 Overview 48 URL Filter 48 Access...

Page 4: ...NDOWS TCP IP SETUP 72 Overview 72 TCP IP Settings 72 APPENDIX C TROUBLESHOOTING 78 Overview 78 General Problems 78 Internet Access 78 Copyright 2005 All Rights Reserved Document Version 2 0 All tradem...

Page 5: ...rt The Load Balancer has two 2 WAN ports allowing connection of two 2 Broadband modems This gives twice the bandwidth of a single modem Flexible configuration allows each port to use a different type...

Page 6: ...ed So if your ISP has given you multiple IP addresses you can have multiple DMZ PCs Each DMZ PC has unrestricted 2 way Internet access providing the ability to run programs that are otherwise incompat...

Page 7: ...the Internet Password protected Configuration Optional password protection is provided to prevent unauthorized users from modifying the configuration data and settings HTTP Firmware Upgrade and backu...

Page 8: ...hysical connection or data in out OFF No physical connection ON The corresponding LAN port is using 100BaseT OFF 10BaseT connection on the corresponding LAN port or no connection WAN LINK ACT 10M 100M...

Page 9: ...N1 LINK ACT 10M 100M LEDs flash alternatively Firmware Download in progress WAN1 LINK ACT 10M 100M LEDs flash concurrently MAC address not assigned WAN1 LINK ACT 10M 100M LEDs solid On SDRAM error WAN...

Page 10: ...ub WAN 1 Connect the primary Broadband Modem here Default Settings When The Load Balancer has finished booting all configuration settings will be set to the factory defaults including IP Address set t...

Page 11: ...e Load Balancer 3 When downloading is finished It should then work normally using the default settings Note The supplied Windows TFTP utility also allows you to perform three 3 other operations Save t...

Page 12: ...tors TCP IP network protocol must be installed on all PCs Procedure 1 Configuring The Load Balancer for your LAN 1 Use a standard LAN cable to connect your PC to any Hub port on The Load Balancer 2 Co...

Page 13: ...192 168 1 2 to 192 168 1 254 with a Network Mask of 255 255 255 0 See Appendix B Windows TCP IP Setup for details Check that The Load Balancer is properly installed LAN connection is OK and it is powe...

Page 14: ...s using a different IP address range In the latter case enter an unused IP Address from within the range used by your LAN Subnet Mask The default value 255 255 255 0 is standard for small class C netw...

Page 15: ...server when allocating IP Addresses to DHCP clients This range also determines the number of DHCP clients supported DHCP Free List Free Entry indicates how many DHCP entries are not currently allocate...

Page 16: ...Balancer Both 10BaseT and 100BaseT connections can be used simultaneously If you need to connect The Load Balancer to another Hub just use a standard LAN cable to connect any port on The Load Balancer...

Page 17: ...Setup from the menu to see a screen like the example below Configure WAN 1 and or WAN 2 as required For any of the following situations refer to Chapter 3 Advanced Port Setup for any further configur...

Page 18: ...n you connect You can ignore the Address Info fields PPPoE Select this if your ISP uses this method Usually your ISP will provide some PPPoE software This software is no longer required and should not...

Page 19: ...me enter it here Otherwise you can use the default value MAC address Some ISP s record your MAC address also called Physical address or Network Adapter address If so you can enter the MAC address expe...

Page 20: ...et Access To configure your PCs to use The Load Balancer for Internet access follow this procedure For Windows 9x 2000 1 Select Start Menu Settings Control Panel Internet Options 2 Select the Connecti...

Page 21: ...licking Sign On always ensure that you are using the Load Balancer location Macintosh Clients From your Macintosh you can access the Internet via The Load Balancer The procedure is as follows 1 Open t...

Page 22: ...according to your version of Linux and X windows shell 1 Start your X Windows client 2 Select Control Panel Network 3 Select the Interface entry for your Network card Normally this will be called eth...

Page 23: ...are using both WAN ports It allows you to determine the proportion of WAN traffic sent through each port Advanced PPPoE setup is required if you wish to use multiple sessions on one or both of the WA...

Page 24: ...ed after 4 tries the connection is considered as failed HTTP The device gets TCP connection with the Alive Indicator first Then the device sends HTTP HEAD packet to the Alive Indicator If any HTTP DAT...

Page 25: ...ransparent to WAN1 can go through either WAN eg WAN1 or WAN2 interface based on the loading mechanism specified in the Load Balance section It acts like a load balancing mechanism for Transparent Brid...

Page 26: ...ional if using Internet connections on both WAN ports Figure 3 2 Load Balance These settings are only functional if using both WAN ports If using both WAN ports these settings determine the proportion...

Page 27: ...ugh the WAN port 3 Sessions Established The link with the least number of sessions built on the WAN port 4 IP Addresses The link with the least number of Host IP addresses built on the WAN port Loadin...

Page 28: ...dvanced PPPoE The screen is required in order to use multiple PPPoE sessions on the same WAN port It can also be used to manually connect or disconnect a PPPoE session Figure 3 3 Advanced PPPoE Page 2...

Page 29: ...ssigned Host Name This field is used by a Host to uniquely associate an access concentrator to a particular Host request PPPoE Auto Dialup Auto Dialup Connect on demand To enable or disable auto dialu...

Page 30: ...default value is 1460 bytes the same as the maximum PPTP MTU for this device WAN IP Account User Name The PPTP user name login name assigned by your ISP Password The PPTP password associated with the...

Page 31: ...ion Enter 1 to keep the connection always alive Enter 0 to enable dial on demand by trigger Echo Time To determine how often an Echo request is sent to the PPTP server Normally leave this setting at i...

Page 32: ...wish to use the Access Filter feature This requires that each PC be identified by using the Host IP Setup screen You wish to have different URL Filter settings for different PCs This requires that ea...

Page 33: ...rk Adapter Address Enter the MAC address of this host Select Group Select the group you wish to put this host into Reserve in DHCP Select Enable to reserve a particular LAN IP address for a particular...

Page 34: ...will automatically go to WAN2 if WAN2 is alive Select WAN Port Select PPPoE session If the setting above is Enable select the desired Port and Session Otherwise ignore these settings Note Multiple PPP...

Page 35: ...is the address of the destination network segment Netmask The subnet mask used to select the bits from an IP Address that corresponds to the subnet Gateway The IP router that the packets destined for...

Page 36: ...and 3 LAN segments The Load Balancer requires 2 entries as follows Entry 1 Segment 1 Destination IP Address 192 168 2 0 Network Mask 255 255 255 0 Gateway IP Address 192 168 1 100 Interface LAN Metri...

Page 37: ...access a server on your LAN because Your Server s IP address is only valid on your LAN not on the Internet Attempts to connect to devices on your LAN are blocked by the firewall in The Load Balancer...

Page 38: ...ual Servers on your LAN have the same IP Address This IP Address is allocated by your ISP This address should be static rather than dynamic to make it easier for Internet users to connect to your Serv...

Page 39: ...IP addresses WAN The WAN port that the virtual server is bound on Port Range LAN The range of port numbers used by the server If only one port number is used fill the same number in both starting and...

Page 40: ...y do not function correctly because they are blocked by the firewall in The Load Balancer In this case you can define the application as a Special Application in order to make it work Note that the te...

Page 41: ...he remote server or PC Incoming Port Range Enter the beginning and end of the range of port numbers used by the application server for data you receive If the application uses a single port number ent...

Page 42: ...d client available at http www dyndns org Other sites may offer the same service but can not be guaranteed to work TZO at http www tzo com 3322 is available in China at http www 3322 org To use the Dy...

Page 43: ...na It is similar to Standard client User Defined DDNS Server This is the user define DDNS server If the DDNS other than TZO dyndns org and 3322 Additional Settings These options are available if using...

Page 44: ...ort IP address Any traffic sent to that IP address will be forwarded to the specified PC allowing unrestricted 2 way communication between the DMZ PC and other Internet users or Servers Note The DMZ P...

Page 45: ...on Private IP LAN The IP address of the server in the DMZ Access Group To specify which Access Group will be applied Each Access Group has its own access rules Default Applies the access rules for the...

Page 46: ...e router will broadcast its UPnP information This value can range from 2 to 1440 minutes The default interval is for 30 minutes Shorter time interval will ensure that control points have current devic...

Page 47: ...UpnP Port Mapping List You can set the dynamic port mappings to Internet gateway via UPnP on Windows XP This will allow you make a connection between applications and the defined device Page 43...

Page 48: ...umbers which cannot be translated for special applications you must input value in port range for Disable Port Translation TCP Timeout The time during which TCP expects to receive the acknowledgement...

Page 49: ...lias entry the WAN IP acts as an alias of the host with Local LAN IP accessing the Internet via the specified WAN port for the specified protocol packets i e 1 1 NAT Enable To activate or deactivate c...

Page 50: ...quests Reply In Out The numbers of system ARP reply to System Time System starting time Global Arp Ageout Time Arp time out By default is 600 seconds If set to 0 means no expire Arp Table List all LAN...

Page 51: ...is any domain in your private network you can setup the Domain Name Private IP mapping table for DNS query Protocol Port Binding It is similar to SMTP binding but you must setup additional data such a...

Page 52: ...TP packets are bound on the WAN port IPSec Passthrough To determine if the VPN client can make a tunnel established with remote side VPN host PPTP Passthrough To determine if PPTP client can connect t...

Page 53: ...tect new sessions that is exceed the maximum sampling time URL Filter This feature allows you to block or allow access to specific Web sites You can block allow Internet access by URL IP address or Ke...

Page 54: ...Block Internet Access All the web page accesses will be blocked if the target is found in the packets Allow Internet Access All the web page accesses will be permitted if the target is found in the pa...

Page 55: ...ontrol over the Internet access and applications available to LAN users Five 5 user groups are available and each group can have different access rights All PCs users are in the Default group unless a...

Page 56: ...net access defined in User Defined Filter ICMP Filter To limit the ICMP activities initialized from the LAN Selected Packet Types To prohibit the selected types of ICMP packets from the LAN to be pass...

Page 57: ...exceeds the Maximum in the Sampling Time any new session in the system will be dropped Default 65535 sess sec maximum 65535 sess sec Maximum of New Sessions for Host If the number of new sessions for...

Page 58: ...Exception Firewall Exception System Filter Exception Rules Enable To activate or deactivate this rule Interface The port that the packets enter the device on Protocol The protocol of the packets to be...

Page 59: ...e QoS work Figure 6 1 QoS Setup Data QoS Setup QoS Feature Enable QoS Users can choose to Enable QoS Quality of Service If set to enable QoS the QoS will allow higher priority packets to pass through...

Page 60: ...cket overwrite the priority defined in policy configuration Policy Configuration Setting the QoS policy can assign received packets a higher lower priority based on your configuration to pass through...

Page 61: ...s and MAC address By default the IP address is 0 0 0 0 for all IP Addresses but the MAC address is 00 00 00 00 00 00 which cannot be used to classify Port and Protocol Type define all packets for spec...

Page 62: ...t Assistant Overview The following advanced features are provided Admin Setup Email Alert SNMP Syslog Upgrade Firmware This chapter contains details of the configuration and use of each of these featu...

Page 63: ...ble the remote access mechanism Figure 7 1 Admin Password Enter the desired password re enter it in the Verify Password field then save it When you connect to The Load Balancer with your Browser you w...

Page 64: ...via the Internet See below for details If not enabled access is only available by a PC on the LAN Access port The port number used when connecting remotely The default port number is 8080 Allowed Remo...

Page 65: ...s an email server address the warning email will be sent to Email Recipient Address It is an email address of system administrator the email will be sent to Figure 7 3 Email Alert Settings Email Alert...

Page 66: ...ex abc Password The password of an e mail sender address for authentication ex 12345 Sender Address The email address of the sender Recipient Address The email address of the receiver ex admin yourdo...

Page 67: ...identify this device Community A relationship between a SNMP agent and a set of SNMP managers that defines authentication access control and proxy characteristics Trap Targets Up to three IP addresse...

Page 68: ...ration allow you where to send system information to other machine or not There are up to three machines you can choose to send your system log Message Status Messages send only keep when keep send me...

Page 69: ...priority level and Debug is the lowest Setting priority to Debug will send all generated messages Log Priority Modules This feature displays and controls the current log priority for each module For...

Page 70: ...save the system configuration for you Notice You have to refresh the browser after you saved the system configuration file Upgrade Firmware You also can do firmware upgrade by input the correct passw...

Page 71: ...tore Default Value button on this screen is clicked ALL of your settings will be erased The default IP address password and ALL other settings will be restored to the factory default values The DCHP s...

Page 72: ...configured operation is automatic However there are some situations where additional Internet configuration may be required Refer to Chapter 4 Advanced Features for further details System Status Use...

Page 73: ...e Load Balancer Subnet Mask The Network Mask Subnet Mask for the IP Address above MAC Address The MAC physical address of the Load Balancer as seen from the local LAN DHCP Server The status of the DHC...

Page 74: ...t reboot the Load Balancer Restore Factory Defaults This will delete all existing settings and restore the factory default settings See below for details WAN Status Use the WAN Status link on the main...

Page 75: ...Share The current traffic loading between the WAN ports Current Loading The number of sessions Bytes and Packets currently being processed on each port Current Bandwidth The current Download and Uploa...

Page 76: ...WAN 1 Status 1 Power External Power Adapter 5 V 1 5A DC FCC Statement This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cau...

Page 77: ...n Server versions of Windows the default TCP IP setting is to act as a DHCP client If you wish to check your TCP IP settings the procedure is described in the following sections If your LAN has a Rout...

Page 78: ...f your PC is already configured check with your network administrator before making the following changes If the DNS Server fields are empty select Use the following DNS server addresses and enter the...

Page 79: ...B 4 DNS Tab Win 95 98 Checking TCP IP Settings Windows 2000 1 Select Control Panel Network and Dial up Connection 2 Right click the Local Area Connection icon and select Properties You should see a sc...

Page 80: ...xed IP Address Use the following IP Address If your PC is already configured check with your network administrator before making the following changes Enter The Load Balancer s IP address in the Defau...

Page 81: ...ht click the Local Area Connection and choose Properties You should see a screen like the following Figure B 7 Network Configuration Windows XP 3 Select the TCP IP protocol for your network card 4 Cli...

Page 82: ...ixed IP Address Use the following IP Address If your PC is already configured check with your network administrator before making the following changes Enter The Load Balancer s IP address in the Defa...

Page 83: ...ith The Load Balancer s default IP Address of 192 168 1 1 Also the Network Mask should be set to 255 255 255 0 to match The Load Balancer In Windows you can check these settings by using Control Panel...

Page 84: ...pecial Applications feature to allow the use of Internet applications which do not function correctly If this does solve the problem you can use the DMZ function This should work with most application...

Reviews: