Chapter 10 NAT Forwarding
Router’s NAT (Network Address Translation) feature makes the devices in the LAN use the same public IP address to communicate in the internet, which protects the local network by hiding IP addresses of the devices. However, it also brings about the problem that external host cannot initiatively communicate with the specified device in the local network.
With forwarding feature the router can penetrate the isolation of NAT and allows the external hosts on the internet to initiatively communicate with the devices in the local network, thus to realize some special functions.
TP-Link router includes four forwarding rules. If two or more rules are set, the priority of implementation from high to low is Virtual Servers, Port Triggering, UPnP and DMZ.
This chapter contains the following sections:
•Translate Address and Port by ALG
•Share Local Resources in the Internet by Virtual Server
•Open Ports Dynamically by Port Triggering
1. Translate Address and Port by ALG
ALG (Application Layer Gateway) allows customized NAT (Network Address Translation) traversal filters to be plugged into the gateway to support address and port translation for certain application layer “control/data” protocols: FTP, TFTP, H323 etc. Enabling ALG is recommended.
1.Visit http://tplinkmodem.net, and log in with the password or your TP-Link ID.
2.Go to Advanced > NAT Forwarding > ALG.
Note:
It is recommended to keep the default settings.
•PPTP Pass-through: If enabled, it allows Point-to-Point sessions to be tunneled through an IP network and passed through the router.
•L2TP Pass-through: If enabled, it allows Layer 2 Point-to-Point sessions to be tunneled through an IP network and passed through the router.
•IPSec Pass-through: If enabled, it allows IPSec (Internet Protocol Security) to be tunneled through an IP network and passed through the router. IPSec uses cryptographic security services to ensure private and secure communications over IP networks.
•FTP ALG: If enabled, it allows FTP (File Transfer Protocol) clients and servers to transfer data via NAT.
•TFTP ALG: If enabled, it allows TFTP (Trivial File Transfer Protocol) clients and servers to transfer data via NAT.
•H323 ALG: If enabled, it allows Microsoft NetMeeting clients to communicate via NAT.
•SIP ALG: If enabled, it allows clients communicate with SIP (Session Initiation Protocol) servers via NAT.
•RTSP ALG: If enabled, it allows RTSP (Real-Time Stream Protocol) clients and servers to transfer data via NAT.
2. Share Local Resources in the Internet by Virtual Server
When you build up a server in the local network and want to share it on the internet, Virtual Server can realize the service and provide it to the internet users. At the same time virtual server can keep the local network safe as other services are still invisible from the internet.
Virtual server can be used for setting up public services in your local network, such as HTTP, FTP, DNS, POP3/SMTP and Telnet. Different service uses different service port. Port 80 is used in HTTP service, port 21 in FTP service, port 25 in SMTP service and port 110 in POP3 service. Please verify the service port number before the configuration.
I want to:
Share my personal website I’ve built in local network with my friends through the internet.
For example, the personal website has been built in my home PC (192.168.1.100). I hope that my friends in the internet can visit my website in some way. The PC is connected to the router with the WAN IP address 218.18.232.154.
How can I do that?
1.Assign a static IP address to your PC, for example 192.168.1.100.
2.Visit http://tplinkmodem.net, and log in with the password or your TP-Link ID.
3.Go to Advanced > NAT Forwarding > Virtual Servers, click Add.
4.Click View Existing Services, and choose HTTP. The external port, internal port and protocol will be auto-populated. Enter the PC’s IP address 192.168.1.100 in the Internal IP field.
5.Click Save to save the settings.
Note:
1.It is recommended to keep the default settings of Internal Port and Protocol if you are not clear about which port and protocol to use.
2.If the service you want to use is not in the Service Type, you can enter the corresponding parameters manually. You should verify the port number that the service needs.
3.You can add multiple virtual server rules if you want to provide several services in a router. Please note that the External Port cannot be overlapped.
Done!
Users in the internet can enter http:// WAN IP (in this example, enter
http:// 218.18.232.154) to visit your personal website.
Note:
1.WAN IP should be a public IP address. For the WAN IP is assigned dynamically by ISP, it is recommended to apply and register a domain name for the WAN by DDNS, go to Set Up a Dynamic DNS Service Account for more information. Then you can use http://domain name to visit the website.
2.If you have changed the default External Port, you should use http://WAN IP: External Port or
http://domain name: External Port to visit the website.
3. Open Ports Dynamically by Port Triggering
Port triggering can specify a triggering port and its corresponding external ports. When a host in the local network initiates a connection to the triggering port, all the external ports will be opened for subsequent connections. The router can record the IP address of the host. When the data from the internet return to the external ports, the router can forward them to the corresponding host. Port triggering is mainly applied to online games, VoIPs and video players. Common applications include MSN Gaming Zone, Dialpad and Quick Time 4 players, etc.
Follow the steps below to configure the port triggering rules:
1.Visit http://tplinkmodem.net, and log in with the password or your TP-Link ID.
2.Go to Advanced > NAT Forwarding > Port Triggering and click Add.
3.Click View Existing Applications, and select the desired application. The triggering port and protocol, the external port and protocol will be auto-populated. Here we take application MSN Gaming Zone as an example.
4.Click Save to apply the settings.
Tips:
1.You can add multiple port triggering rules according to your network need.
2.If the application you need is not listed in the Existing Applications list, please enter the parameters manually. You should verify the external ports the application uses first and enter them into External Port field according to the format the page displays.
4. Make Applications Free from Port Restriction by DMZ
When a PC is set to be a DMZ (Demilitarized Zone) host in the local network, it is totally exposed to the internet, which can realize the unlimited bidirectional communication between internal hosts and external hosts. The DMZ host becomes a virtual server with all ports opened. When you are not clear about which ports to open in some special applications, like IP camera and database software, you can set the PC to be a DMZ host.
Note:
DMZ is more applicable in the situation that users are not clear about which ports to open. When it is enabled, the DMZ host is totally exposed to the internet, which may bring some potential safety hazard. If DMZ is not in use, please disable it in time.
I want to:
Make the home PC join the internet online game without port restriction.
For example, due to some port restriction, when playing the online games, you can log in normally but cannot join a team with other players. To solve this problem, set your PC as a DMZ with all ports opened.
How can I do that?
1.Assign a static IP address to your PC, for example 192.168.1.100.
2.Visit http://tplinkmodem.net, and log in with the password or your TP-Link ID.
3.Go to Advanced > NAT Forwarding > DMZ and select the checkbox to enable DMZ.
4.Enter the IP address 192.168.1.100 in the DMZ Host IP Address filed.
5.Click Save to save the settings.
Done!
The configuration is completed. You’ve set your PC to a DMZ host and now you can make a team to game with other players.
5. Make Xbox Online Games Run Smoothly by UPnP
UPnP (Universal Plug and Play) protocol allows the applications or host devices to automatically find the front-end NAT device and send request to it to open the corresponding ports. With UPnP enabled, the applications or host devices in the both sides of NAT device can freely communicate with each other, realizing the seamless connection of the network. You may need to enable the UPnP if you want to use applications for multiplayer gaming, peer-to-peer connections, real-time communication (such as VoIP or telephone conference) or remote assistance, etc.
Tips:
1.UPnP is enabled by default in this router.
2.Only the application supporting UPnP protocol can use this feature.
3.UPnP feature needs the support of operating system (e.g. Windows Vista/ Windows 7/ Windows 8, etc. Some of operating system need to install the UPnP components).
For example, when you connect your Xbox to the router which has connected to the internet to play online games, UPnP will send requests to the router to open the corresponding ports, allowing the following data penetrating the NAT to transmit. Therefore, you can play Xbox online games without a hitch.
If necessary, you can follow the steps to change the status of UPnP.
1.Visit http://tplinkmodem.net, and log in with the password or your TP-Link ID;
2.Go to Advanced > NAT Forwarding > UPnP and toggle on or off according to your needs.
Thank you for your feedback.
Sorry, something went wrong!