NEXXT SOLUTIONS ARN03304U1 User Manual

Nexxt Solutions - ACRUX - Wireless N Gigabit Router

4.8.2 FTP Server

You can conﬁgure a FTP server on this page. Follow the instructions below to set up your FTP server:

Plug an external USB hard disk drive or USB ﬂash

1. drive into this Router.

Click the Enable/Disable radio box to enable/ disable internet access to ftp from WAN port.

Change the Service port to specify a port for ftp server to use (default 21).

The Internet Address displays the WAN IP address of this router, so that others can access ftp through this address.

If WAN type is PPPOE/PPTP/L2TP, there would be two connections. Therefore, users can access the ftp server via two connections. Users in a private LAN can access ftp server via Public Address while internet users can access ftp server via Internet Address.

Click the Start button to start the ftp server.

On this page, when a share folder is added, you can view its display name, volume partition, folder path and you can delete the share folder by clicking the delete button.

Nexxt Solutions - ACRUX - Wireless N Gigabit Router

Name - This folder’s display name.

Partition - The volume that the folder resides.

Folder - The real full path of the speciﬁed folder.

Modify - You can edit the share folder by clicking the modify button.

Delete - You can delete the share folder by clicking the delete button.

Note:

The max share folders number is 10. If you want to share a new folder when the number has reached 10, you can delete a share folder and then add a new one. If you want to change the FTP settings, you need to restart FTP Server to enable the Settings Change.

4.8.3 Media Server

You can conﬁgure media server on this page. Follow the instructions below to set up your media server:

Plug an external USB hard disk drive or USB ﬂash

1. drive into this Router. Click the Start button to initiate the media server.

2. Click the Add share folder button to specify a

3. folder as the search path of media server. Click the Scan All button to scan all the share

4. folders immediately. You can also select Auto- scan and at same time choose the auto scan interval time from the pull-down list, and then click the Save button to save the new settings. In this case, the media server will auto scan the share folder.

Nexxt Solutions - ACRUX - Wireless N Gigabit Router

On this page, when a share folder is added, you can view its display name, ﬁle system type, folder path and you can delete the share folder by clicking the delete button as shown in the corresponding dialog box.

Name - This folder’s display name.

File System - The ﬁle system on the partition can be FAT32 or NTFS.

Folder - The real full path of the speciﬁed folder.

Delete - You can delete the share folder by clicking the delete button.

Note:

The max. share folders number is 3. If you want to share a new folder when the numbers have reached to be 3, you can delete a share folder and then add a new one. Click the Start button to start the media server. Click the Stop button to stop the media server. Click the Scan All button to scan all the share folders immediately. Click the delete button to delete the speciﬁed share folder.

Nexxt Solutions - ACRUX - Wireless N Gigabit Router

4.8.4 User Accounts

You can specify the user name and password for Network Sharing users on the following User Accounts page. Network Sharing users can use Internet Explorer to access ﬁles stored in the USB drive. There are two Network Sharing users that can access the shares. They are Administrator and Guest. Administrator has read/write privileges while Guest has read-only access. Only Administrator can use a Web browser to transfer the ﬁles from a PC to the Writable shared volume on the USB drive.

Figure 4-32 User Accounts

User Name - Type the user name that you want to give access to the USB drive. The user name should consist of alphanumeric characters, not exceeding 15 in length.

Password - Enter the password in the Password ﬁeld. The password should consist of alphanumeric characters, not exceeding 15 in length. For security purposes, the password for each user

Nexxt Solutions - ACRUX - Wireless N Gigabit Router

account is not displayed. Conﬁrm Password - Re-enter the password here.

Click the Save button to store your settings. Click the Clear All button to clear all the ﬁelds.

Note:

Please restart the service for the new settings to take effect.

If you cannot use the new user name and password to access the shares, press Windows

logo + R to open the Run dialog box. Next, net use \\192.168.0.1/delete/yes and press Enter.

(192.168.0.1 is your Router’s LAN IP address.)

4.9 Forwarding

Figure 4-33 The Forwarding menu

There are four submenus under Forwarding (shown in Figure 4-33): Virtual Servers, Port Triggering, DMZ and UPnP. Click on any of these items in order to conﬁgure the corresponding function.

4.9.1 Virtual Servers

Go to “Forwarding Virtual Servers” in the menu,



in order to visualize and add virtual servers, as shown in the following screen (Figure 4-34). Virtual servers can be used for setting up public services on your LAN, such as DNS, Email and FTP. A virtual

Nexxt Solutions - ACRUX - Wireless N Gigabit Router

server is deﬁned as a service port, and all requests from the Internet to this service port will be redirected to the computer speciﬁed by the server IP. Any PC that was used for a virtual server must have a static or reserved IP Address because its IP Address may be changed when using the DHCP function.

Figure 4-34 Virtual Servers

Service Port - The numbers of External Ports. You can type a service port or a range of service ports (in XXX – YYY format, XXX is the start port number, YYY is the end port number).

IP Address - The IP Address of the PC providing the service application.

Internal Port - The Internal Service Port number of the PC running the service application. You can leave it blank if the Internal Port is the same as the Service Port, or enter a speciﬁc port number when Service Port is a single one.

Protocol - The protocol used for this application, either TCP, UDP, or All (all protocols supported by the router).

Status - This ﬁeld displays either Enabled or Disabled, as the current status for the device.

Nexxt Solutions - ACRUX - Wireless N Gigabit Router

To setup a virtual server entry:

Click the “Add New…” button (as in Figure 4-35).

Select the service you want to use from the Common Service Port list. If the Common Service Port list does not have the service that you want to use, type the number of the service port or service port range in the Service Port box.

Type the IP Address of the computer in the IP Address box.

Select the protocol used for this application, either TCP or UDP, or All.

Click on the check box to Enable the virtual server.

Click the Save button.

Figure 4-35 Add or Modify a Virtual Server Entry

Note:

If your computer or server has more than one type of service available, please select a different service, and enter the same IP Address for that computer or server.

To modify or delete an existing entry:

Click the Modify button next to in the entry you want to change. If you want to erase this entry, click on Delete.

Proceed with the changes you want to make.

Click the Save button.

Nexxt Solutions - ACRUX - Wireless N Gigabit Router

Click the Enable All button to activate all entries Click the Disabled All button to cancel all entries. Click the Delete All button to erase all entries Click the Next button to go to the following page Click the Previous button to return to the last page.

Note:

If you set the service port of the virtual server as 80, you must set the Web management port on System Tools –> Remote Management page to be any other value except 80, such as 8080. Otherwise, there will be a conﬂict to disable the virtual server.

4.9.2 Port Triggering

Go to “Forwarding Port Triggering” in the menu,



in order to visualize and add port triggering, as shown in the next screen (Figure 4-36). Some applications require multiple connections, like Internet games, video conferencing, Internet calling, and so on. These applications cannot work with a pure NAT router. Port Triggering is used for some of these applications to let them work with a NAT router.

Figure 4-36 Port Triggering

Nexxt Solutions - ACRUX - Wireless N Gigabit Router

Once the Router is conﬁgured, the operation is as follows:

A local host makes an outgoing connection using a destination port number deﬁned in the Trigger Port ﬁeld.

The Router records this connection, opens the incoming port or ports associated with this entry in the Port Triggering table, and associates them with the local host.

When necessary the external host will be able to connect to the local host using one of the ports deﬁned in the Incoming Ports ﬁeld. Trigger Port - The port for outgoing trafﬁc. An outgoing connection using this port will “Trigger” this rule. Trigger Protocol - The protocol used for Trigger Ports, either TCP, UDP, or All (all protocols supported by the router). Incoming Ports Range - The port or port range used by the remote system when it responds to the outgoing request. A response using one of these ports will be forwarded to the PC that triggered this rule. You can input at most 5 groups of ports (or port section). Every group of ports must be set apart with “,”. For example, 2000-2038, 2050-2051, 2085, 3010-3030. Incoming Protocol - The protocol used for Incoming Ports Range, either TCP or UDP, or

ALL (all protocols supported by the router). Status - It displays the current status of this

entry, either Enabled or Disabled.

Nexxt Solutions - ACRUX - Wireless N Gigabit Router

To add a new rule, follow the steps below.

Click the “Add New…” button. The following screen will be displayed, as shown in Figure 4-37.

Select a common application from the Common Applications drop-down list, then the Trigger Port ﬁeld and the Incoming Ports ﬁeld will be automatically ﬁlled. If the Common Applications do not have the application you need, enter the Trigger Port and the Incoming Ports manually.

Select the protocol used for Trigger Port from the Trigger Protocol drop-down list, either TCP, UDP, or All.

Select the protocol used for Incoming Ports from the Incoming Protocol drop-down list, either TCP or UDP, or All.

Select Enable in Status ﬁeld.

Click the Save button to store the new rule.

Figure 4-37 Add or Modify a Triggering Entry

To modify or delete an existing entry:

Click the Modify button next to in the entry you want to change. If you want to erase this entry, click on Delete.

Proceed with the changes you want to make.

Click the Save button.

Nexxt Solutions - ACRUX - Wireless N Gigabit Router

Click the Enable All button to activate all entries. Click the Disabled All button to cancel all entries. Click the Delete All button to erase all entries.

Note:

When the trigger connection is released, the corresponding opened ports will be closed.

Each rule allows only to be used by a single host on LAN synchronously. The trigger connection of other hosts on LAN will be refused.

Incoming Port Range cannot overlap each other.

4.9.3 DMZ (Demilitarized Zone)

Go to “Forwarding DMZ”, in order to visualize and



conﬁgure the DMZ host, as shown in the screen below (Figure 4-38). The DMZ host feature allows one local host to be exposed to the Internet so as to gain access to certain applications, such as Internet gaming or videoconferencing. DMZ host forwards all the ports at the same time. Any PC whose port is being forwarded must have its DHCP client function disabled, and should also have a new static IP Address assigned to it, because its IP Address may be changed when using the DHCP function.

Figure 4-38 DMZ

Nexxt Solutions - ACRUX - Wireless N Gigabit Router

To assign a computer or server to be a DMZ server:

Click the Enable radio button

Enter the local host IP Address in the DMZ Host IP Address ﬁeld.

Click the Save button.

Note:

Once you set the DMZ host, the ﬁrewall protection for that host will be disabled.

4.9.4 UPnP

Go to “Forwarding UPnP” in the menu, in order



to visualize the information related to the UPnP (Universal Plug and Play) feature, as shown in the screen below (Figure 4-39). The UPnP architecture allows any compatible device, such as Internet computers, to access the local host resources or other networking equipment, as needed. UPnP devices on the LAN can be automatically discovered using the UPnP application.

Figure 4-39 UPnP Setting

Nexxt Solutions - ACRUX - Wireless N Gigabit Router

Current UPnP Status - UPnP can be enabled or disabled by clicking the Enable or Disable button. Please note that since this feature is enabled by default, it may present a risk to security.

Current UPnP Settings List - This table displays the current UPnP information.

App Description - The description provided by the application in the UPnP request.

External Port - External port, which the router opened for the application.

Protocol - Shows which type of protocol is opened.

Internal Port - Internal port, which the router opened for local host.

IP Address - The UPnP device that is currently accessing the router. Status - The port status is displayed in this ﬁeld.

“Enabled” means that the port is still active. Otherwise, the port is inactive.

Click Refresh to update the Current UPnP Settings List.

4.10 Security

Figure 4-40 Security menu

Nexxt Solutions - ACRUX - Wireless N Gigabit Router

There are four submenus under the Security (shown in Figure 4-40): Basic Security, Advanced Security, Local Management and Remote Management. Click on any of these items in order to conﬁgure the corresponding function.

4.10.1 Basic Security

Go to “Security Basic Security”, in order to



conﬁgure the basic security settings, as shown in the screen below (Figure 4-37).

Figure 4-41 Basic Security

Firewall - A ﬁrewall protects your network from the outside world. In this page, the user can enable or disable the router ﬁrewall.

SPI Firewall - SPI (Stateful Packet Inspection, also known as dynamic packet ﬁltering) helps to prevent cyber attacks by tracking more state per session. It validates that the trafﬁc passing through the session conforms to the protocol. SPI Firewall is enabled by factory default. If you

Nexxt Solutions - ACRUX - Wireless N Gigabit Router

want all the computers on the LAN exposed to the outside world, you can disable it. enable or disable the router ﬁrewall.

VNP - VPN Passthrough must be enabled if you want to allow VPN tunnels using IPSec, PPTP, or L2TP protocols to pass through the Router’s ﬁrewall.

PPTP Passthrough - Point-to-Point Tunneling Protocol (PPTP) allows the Point-to-Point Protocol (PPP) to be tunneled through an IP network. To allow PPTP tunnels to pass through the router, keep its default conﬁguration: Enabled.

L2TP Passthrough - Layer 2 Tunneling Protocol (L2TP) is the method used to enable Point-to-Point sessions via the Internet on the Layer 2 level. To allow L2TP tunnels to pass through the router, keep its default conﬁguration:

Enabled. IPSec Passthrough - Internet Protocol

Security (IPSec) is a suite of protocols for ensuring private, secure communications over Internet Protocol (IP) networks, through the use of cryptographic security services. To allow IPSec tunnels to pass through the router, keep its default conﬁguration: Enabled.

ALG - It is recommended to enable Application Layer Gateway (ALG) because it allows customized Network Address Translation (NAT) traversal ﬁlters to be plugged into the gateway, so as to support address and port translation for certain application layer “control/data” protocols, such as FTP, TFTP, H323 etc.

Nexxt Solutions - ACRUX - Wireless N Gigabit Router

FTP ALG - To allow FTP clients and servers to transfer data across NAT, keep its default conﬁguration: Enabled.

TFTP ALG - To allow TFTP clients and servers to transfer data across NAT, keep its default conﬁguration: Enabled.

H323 ALG - To allow Microsoft NetMeeting clients to communicate across NAT, keep its default conﬁguration: Enabled.

Click the Save button to store your settings.

4.10.2 Advanced Security

Go to “Security Advanced Security” in the menu,



in order to protect the router from being attacked by TCP-SYN Flood, UDP Flood and ICMP-Flood, as shown in the following screen (Figure 4-42).

Figure 4-42 Advanced Security

Nexxt Solutions - ACRUX - Wireless N Gigabit Router

Packets Statistics Interval (5~60) - The default

value is 10. Select the desired setting between 5 and 60 seconds from the drop-down list. This value determines the time interval between packets. The result of the statistics is used for analysis by SYN Flood, UDP Flood and ICMP-Flood. DoS Protection - Denial of Service protection.

Check the corresponding box to Enable or Disable this function. Only when DoS is enabled, ﬂood ﬁlters will be effective.

Note: You must ﬁrst enable Trafﬁc Statistics in “System Tool Trafﬁc Statistics” for the DoS Protection



feature to work. Enable ICMP-FLOOD Attack Filtering – Check this

box to Enable or Disable the ICMP-FLOOD Attack Filtering. ICMP-FLOOD Packets Threshold (5~3600) - The

default value is 50. Select the desired setting 5 ~ 3600. When the current ICMP-FLOOD Packets number exceeds the set value, the router will immediately startup the blocking feature. Enable UDP-FLOOD Filtering - Enable or Disable

the UDP-FLOOD Filtering. UDP-FLOOD Packets Threshold (5~3600) - The

default value is 500. Select the desired setting between 5 ~ 3600. When the current UPD-FLOOD Packets number exceeds the set value, the router will immediately startup the blocking feature. Enable TCP-SYN-FLOOD Attack Filtering - Check

this box to Enable or Disable the TCP-SYN-FLOOD Attack Filtering.

Nexxt Solutions - ACRUX - Wireless N Gigabit Router

TCP-SYN-FLOOD Packets Threshold (5~3600) -

The default value is 50. Select the desired setting between 5 ~ 3600. When the current TCP-SYNFLOOD Packets number exceeds the set value, the router will immediate startup the blocking feature. Ignore Ping Packet From WAN Port - Check this

box to Enable or Disable this option. The default setting is disabled. If enabled, the ping packet from the Internet cannot access the router. Forbid Ping Packet From LAN Port - Check this

box to Enable or Disable this option. The default setting is disabled. If enabled, the ping packet from LAN cannot access the router. This function can be used to defend the network against some viruses.

Click the Save button to store the settings. Click the DoS Host Block List button to display the DoS host table with the items excluded.

4.10.3 Local Management

Go to “Security Local Management” in the menu,



in order to conﬁgure the management rule as shown in the screen below (Figure 4-43). The management feature allows you to deny computers in the LAN from accessing the Router.

Nexxt Solutions - ACRUX - Wireless N Gigabit Router

Figure 4-43 Local Management

By default, the radio button “All the PCs on the

LAN are allowed to access the Router’s WebBased Utility” is checked. If you want to allow PCs

with speciﬁc MAC Addresses to access the Setup page of the Router’s Web-Based Utility locally from inside the network, check the radio button “Only the

PCs listed can browse the built-in web pages to perform Administrator tasks”, and then enter each

MAC Address in a separate ﬁeld. The format for the MAC Address is XX-XX-XX-XX-XX-XX (where X is any hexadecimal digit). Only the PCs with a MAC address listed can use the password to browse the built-in web pages to perform Administrator tasks while all the others will be blocked. After clicking the Add button, your PC’s MAC Address will be placed in the above list. Click the Save button to store your settings.

Note:

If your PC is blocked but you want to access the router again, use a pin to press and hold the Reset Button (hole) on the back panel for about 5 seconds,

Nexxt Solutions - ACRUX - Wireless N Gigabit Router

to reset the router to its factory default values on the Web-Based Utility.

4.10.4 Remote Management

Go to “Security Remote Management” in the



menu, in order to conﬁgure the Remote Management feature, as shown in the screen below (Figure 4-44). This feature allows you to manage your router from a remote location via the Internet.

Figure 4-44 Remote Management

Web Management Port - Web browser normally

uses the standard HTTP port 80 for access. This router’s default remote management web port number is 80. For greater security, you can change the remote management web port to a custom port by entering that number in the box provided. Choose a number between 1 and 65534, but do not use the number of any common service port. Remote Management IP Address - This is the

current address you will use when accessing your Router from the Internet. This function is disabled when the IP address is set to the default value of

0.0.0.0. To enable this function change 0.0.0.0 to a valid IP address. If set to 255.255.255.255, then all the hosts can access the Router from internet.

Nexxt Solutions - ACRUX - Wireless N Gigabit Router

Note:

1)2)To access the Router, you should type your Router’s WAN IP address into your browser’s address (in IE) or Location (in Navigator) box, followed by a colon and the custom port number. For example, if your Router’s WAN address is 202.96.12.8, and the port number used is 8080, please enter http://202.96.12.8:8080 in your browser. Later, you may be asked to type the Router’s password. After successfully entering the username and password, you will be able to access the router’s web-based utility. Be sure to change the router’s default password to a more secure password.

4.11 Parental Control

Go to “Parental Control” in order to conﬁgure this monitoring feature, as shown it the screen below. (Figure 4-45). Parental Control can be used to monitor the internet activities of a child, limit his/ her access to certain websites and to restrict the amount of time they spend surﬁng.

Figure 4-45 Parental Control Settings

Nexxt Solutions - ACRUX - Wireless N Gigabit Router

Parental Control - Check Enable if you want to activate this function; otherwise, check Disable.

MAC Address of Parental PC - In this ﬁeld, enter the MAC address of the monitoring PC, or you can make use of the Copy To Above button below.

MAC Address of Your PC - This ﬁeld displays the MAC address of the PC that is managing this router. If the MAC Address of your adapter is registered, you can click the Copy To Above button to enter this address into the MAC Address of Parental PC ﬁeld above.

Website Description - Description of the allowed website for the monitored PC.

Schedule - The time period allowed for the monitored PC to have access to the Internet. For detailed information, please go to “Access Control Schedule”.

Modify – Use this link to edit or delete an existing



entry.

To add a new entry, please follow the steps below.

Click the Add New button. The screen shown in

1. ﬁgure 4-46 below will appear. In the MAC Address of Child PC ﬁeld, enter the

2. MAC address of the PC (e.g. 00-11-22-33-44AA) you want to control. Or you can choose the MAC address from the All Address in Current LAN drop-down list. Give a description (e.g. Allow Google) for the

3. website allowed to be accessed in the Website Description ﬁeld. Enter the allowed domain name of the website,

4. either the full name or the keywords (e.g. google) in the Allowed Domain Name ﬁeld. Any domain

Nexxt Solutions - ACRUX - Wireless N Gigabit Router

name with keywords in it (www.google.com.cn) will be allowed. Select from the Effective Time drop-down list the

5. schedule (e.g. Schedule_1) you want the entry to take effect. If there are not suitable schedules for you, click the Schedule in red below to open the Advanced Schedule Settings page, and create the schedule you need. In the Status ﬁeld, select the Enabled or Disabled

6. condition for that entry. Click the Save button.

Click the Enable All button to activate all entries. Click the Disabled All button to cancel all entries. Click the Delete All button to erase all entries. Click the Next button to go to the following page Click the Previous button to return to the last page.

Figure 4-46 Add or Modify Parental Control Entry

+ 52 hidden pages