Chapter 5: Advanced
|
69
Mobile Broadband 11n Wireless Router MBR1000 User Manual
Setting Up a Default DMZ Server
WARNING!
For security reasons, you should avoid using the default DMZ
server feature. When a computer is designated as the default DMZ
server, it loses much of the protection of the firewall, and is
exposed to many exploits from the Internet. If compromised, the
computer can be used to attack your network.
The default DMZ server feature is helpful when you are using some online games and
videoconferencing applications that are incompatible with NAT. The router is programmed to
recognize some of these applications and to work correctly with them, but there are other
applications that might not function well. In some cases, one local computer can run the
application correctly if that computer’s IP address is entered as the default DMZ server.
Incoming traffic from the Internet is normally discarded by the router unless the traffic is a
response to one of your local computers or a service that you have configured in the Ports
screen. Instead of discarding this traffic, you can have it forwarded to one computer on your
network. This computer is called the default DMZ server.
Table 14. WAN Setup Settings
Setting
Description
Disable SPI Firewall
This check box is usually cleared so that the firewall protects your
LAN against port scans and denial of service attacks. This check box
should be selected only in special circumstances.
Default DMZ Server
This feature is sometimes helpful when you are using some online
games and videoconferencing. Be careful when using this feature
because it makes the firewall security less effective. See
Setting
Up a Default DMZ Server
on page 69.
Respond to Ping on Internet
If you want the router to respond to a ping from the Internet, select
this check box. This should be used only as a diagnostic tool, since it
allows your router to be discovered. Do not select this check box
unless you have a specific reason to do so.
MTU Size
Maximum Transmit Unit (MTU) value. For most Ethernet networks
this is 1500 bytes, or 1492 bytes for PPPoE connections, or 1436
bytes for PPTP connections.
NAT Filtering
This is set to
Secured
to provide a secure firewall to protect
computers on the LAN from attacks from the Internet. The Open
setting is less secure.
Disable SIP ALG
Some VoIP applications do not work well with SIP ALG. Selecting
this check box might help your VoIP devices create or accept a call
through the router.