Watson SHDSL Router
Operating Manual
Watson-SHDSL-Router-Manual.doc
Version 1.1-07
3-6
Revision: 2012-02-15
port triggering since the outbound traffic triggers to which ports inbound traffic is
directed.
For example, consider a server that is accessed using UDP protocol on port
2222. The server responds by connecting the user using UDP on port 3333 when
starting sessions. In such a case you must use port triggering, since this scenar-
io conflicts with the following default firewall settings:
The firewall blocks inbound traffic by default.
The server replies to Watson SHDSL router IP, and the connection is not
sent back to your host, since it is not part of a session.
In order to solve this you need to define a Port Triggering entry, which allows in-
bound traffic on UDP port 3333, only after a LAN host generated traffic to UDP
port 2222. This will result in accepting the inbound traffic from the server, and
sending it back to the LAN Host which originated the outgoing traffic to UDP port
2222.
3.2.5 Website Restrictions
Watson SHDSL router can be configured to block specific Internet websites so
that they cannot be accessed from computers in the local network. Moreover, re-
strictions can be applied to a comprehensive and automatically-updated table of
sites to which access is not recommended.
3.2.6 Network Address Translation (NAT)
Watson SHDSL router features a configurable Network Address Translation
(NAT) and Network Address Port Translation (NAPT) mechanism, allowing to
control the network addresses and ports of packets routed through the router.
When enabling multiple computers on the local network to access the Internet
using a fixed number of public IP addresses, you can statically define which LAN
IP address will be translated to which NAT IP address and/or ports.
By default, Watson SHDSL router operates in NAPT routing mode. However, you
can control your network translation by defining static NAT/NAPT rules. Such
rules map LAN computers to NAT IP addresses.
The NAT/NAPT mechanism is useful for managing Internet usage in your LAN,
or complying with various application demands. For example, you can assign
your primary LAN computer with a single NAT IP address, in order to assure its
permanent connection to the Internet. Another example is when an application
server with which you wish to connect, such as a security server, requires that
packets have a specific IP address - you can define a NAT rule for that address.
3.2.7 Advanced Filtering
Advanced filtering is designed to allow comprehensive control over the firewall's
behavior. You can define specific input and output rules, control the order of logi-
cally similar sets of rules and make a distinction between rules that apply to WAN
and LAN interfaces