Digi Connect Wi-SP User Manual page 50

Digi Connect and ConnectPort TS Family web interface
Forward TCP/UDP/FTP connections from external networks to the following internal
n
devices: Specifies a list of connections based on a specific IP port and where those
connections should be forwarded to. Typically the connecting devices come from the public side
of the network and are redirected to a device on the private side of the network.
You can forward a single port or a range of ports. To forward a range of ports, specify the
number of ports in the range, in the Range Port Count field for the port forwarding entry.
When a range is configured, the first port in the range is specified, and the full range is
indicated in the displayed entry information.
Note that FTP connections require special handling by NAT. This is because the FTP commands
and replies are character-based, and some of them contain port numbers in this message text.
Those embedded port numbers potentially need to be translated by NAT as messages pass
between the private and public sides of the network. For this reason, you should select FTP as
the protocol type when configuring a rule for FTP connection forwarding to an FTP server on
the private network side. If you use TCP, FTP communications may not work correctly. Note
also that TCP port 21 is the standard port number for FTP. Finally, using port ranges for FTP
forwarding is not supported; a port count of 1 is required.
IP forwarding example
For example, to enable port forwarding of RealPort data (network port 771) on a Digi Connect WAN
VPN to a Digi Connect SP with an IP address of 10.8.128.10, you would do the following:
1. Select the Enable IP Routing check box.
2. In the Forward TCP/UDP connections from external networks to the following internal
devices section, type the port forwarding information as follows, and click Add.
Socket tunnel settings
You can use a socket tunnel to connect two network devices: one on the Digi Connect and
ConnectPort TS Family product's local network and the other on the remote network. This is
especially useful for providing SSL data protection when the local devices do not support the SSL
protocol.
One of the endpoint devices is configured to initiate the socket tunnel. The tunnel is initiated when
that device opens a TCP socket to the Digi Connect and ConnectPort TS Family product on the
configured port number. The Digi Connect and ConnectPort TS Family product then opens a separate
connection to the specified destination host. Once the tunnel is established, the Digi Connect and
ConnectPort TS Family product acts as a proxy for bi-directional data between the remote network
socket and the local network socket, regardless of which end initiated the tunnel.
Socket tunnel settings include:
Digi Connect Family and ConnectPort TS Family
Configuration through the web interface
50