Inbound Access - Dynamix UM-A User Manual

4/1 port

Hide thumbs Also See for UM-A:

User manual (197 pages)

Quick start manual (10 pages)

Quick start manual (12 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

Table of Contents

A.3.2 Inbound Access

Inbound access is normally blocked; however, selective inbound sessions may be enabled. The NAT

module implements two types of inbound access control: Virtual Server and Demilitarized Zone

(DMZ).

Virtual Server: The term "Virtual Server" came from the concept of subdividing one physical

system into multiple "virtual" systems.

1. The NAT module provides Virtual Server service through static inbound NAT

sessions.

2. Each Virtual Server statically maps a local host per service TCP/UDP port of the

WAN interface.

3. Multiple mappings may be mapped to the same local host.

4. A static inbound NAT session includes the protocol type (TCP or UDP) of the

incoming packet, the public port number the packet is destined to, and the IP address

and the port number of the virtual server (i.e. the local host).

5. Contiguous public ports form a group that can be mapped to a virtual server from the

WEB by entering the port range for that group (see the Virtual Server configuration

page).

6. Depending on the memory resource availability, up to 20 public ports group can be

created. However the maximum number of mapped ports is 20.

Demilitarized Zone (DMZ): The NAT module provides the functionality of a "NAT box"

DMZ, not a "real" DMZ. The general definition of a "real" DMZ is a section of a network

between exterior and interior firewalls where publicly accessible servers are usually placed.

A "real" DMZ provides separation of the servers placed within it and the private network, a

"NAT box" DMZ does not.

1. The DMZ implemented in the NAT module allows one local host to be exposed to

the Internet. i.e. Only one DMZ host can be configured in the system.

2. When an incoming packet from the public domain cannot be resolved by NAT

Sessions and Virtual Servers, it is forwarded to this "default host."

3. Note that it allows full bi-directional public access, and address translation still takes

place.

4. One popular use of this feature is when inbound connections to a range of ports are

required and it is impractical or impossible to accommodate them via port mappings.

5. The DMZ opens all ports on this particular local host to all unsolicited traffic,

therefore posing some security risk. This means that the protection of NAT is

removed from that local host and external hosts can initiate conversations with it on

any port.

4/1 Port ADSL Router

P 131

Table of Contents

Inbound Access - Dynamix UM-A User Manual

Related Manuals for Dynamix UM-A

Related Content for Dynamix UM-A

Table of Contents