ZyXEL NBG334SH1 Users Manual
Chapter 7 LAN
Figure 55 Any IP Example
The Any IP feature does not apply to a computer using either a dynamic IP address or a static
IP address that is in the same subnet as the ZyXEL Device’s IP address.
" You must enable NAT to use the Any IP feature on the ZyXEL Device.
Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP
address) to a physical machine address, also known as a Media Access Control or MAC
address, on the local area network. IP routing table is defined on IP Ethernet devices (the
ZyXEL Device) to decide which hop to use,
destination.
The following lists out the steps taken, when a computer tries to access the Internet for the first
time through the ZyXEL Device.
1 When a computer (which is in a different subnet) first attempts to access the Internet, it
sends packets to its default gateway (which is not the ZyXEL Device) by looking at the
MAC address in its ARP table.
2 When the computer cannot locate the default gateway, an ARP request is broadcast on
the LAN.
3 The ZyXEL Device receives the ARP request and replies to the computer with its own
MAC address.
4 The computer updates the MAC address for the default gateway to the ARP table. Once
the ARP table is updated, the computer is able to access the Internet through the ZyXEL
Device.
5 When the ZyXEL Device receives packets from the computer, it creates an entry in the
IP routing table so it can properly forward packets intended for the computer.
to help forward data along to its specified
After all the routing information is updated, the computer can access the ZyXEL Device and
the Internet as if it is in the same subnet as the ZyXEL Device.
ZyXEL NBG-334SH User’s Guide
101
Chapter 7 LAN
7.3 LAN IP Screen
Use this screen to change your basic LAN settings. Click Network > LAN.
Figure 56 LAN IP
The following table describes the labels in this screen.
Table 36 LAN IP
LABEL DESCRIPTION
LAN TCP/IP
IP Address Type the IP address of your ZyXEL Device in dotted decimal notation
IP Subnet Mask The subnet mask specifies the network number portion of an IP address. Your
Apply Click Apply to save your changes back to the ZyXEL Device.
Reset Click Reset to begin configuring this screen afresh.
192.168.1.1 (factory default).
ZyXEL Device will automatically calculate the subnet mask based on the IP
address that you assign. Unless you are implementing subnetting, use the
subnet mask computed by the ZyXEL Device.
7.4 LAN IP Alias
IP alias allows you to partition a physical network into different logical networks over the
same Ethernet interface. The ZyXEL Device supports three logical LAN interfaces via its
single physical Ethernet interface with the ZyXEL Device itself as the gateway for each LAN
network.
To change your ZyXEL Device’s IP alias settings, click Network > LAN > IP Alias. The
screen appears as shown.
102
ZyXEL NBG-334SH User’s Guide
Chapter 7 LAN
Figure 57 LAN IP Alias
The following table describes the labels in this screen.
Table 37 LAN IP Alias
LABEL DESCRIPTION
IP Alias 1,2 Select the check box to configure another LAN network for the ZyXEL Device.
IP Address Enter the IP address of your ZyXEL Device in dotted decimal notation.
IP Subnet Mask Your ZyXEL Device will automatically calculate the subnet mask based on the IP
address that you assign. Unless you are implementing subnetting, use the
subnet mask computed by the ZyXEL Device.
Apply Click Apply to save your changes back to the ZyXEL Device.
Reset Click Reset to begin configuring this screen afresh.
7.5 Advanced LAN Screen
To change your ZyXEL Device’s advanced IP settings, click Network > LAN > Advanced.
The screen appears as shown.
ZyXEL NBG-334SH User’s Guide
103
Chapter 7 LAN
Figure 58 Advanced LAN
The following table describes the labels in this screen.
Table 38 Advanced LAN
LABEL DESCRIPTION
Multicast Select IGMP V-1 or IGMP V-2 or None. IGMP (Internet Group Multicast
Active Select this if you want to let computers on different subnets use the ZyXEL
Windows Networking (NetBIOS over TCP/IP): NetBIOS (Network Basic Input/Output System) are TCP
or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For
some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls. However it
may sometimes be necessary to allow NetBIOS packets to pass through to the WAN in order to find a
computer on the WAN.
Allow between LAN
and WAN
Apply Click Apply to save your changes back to the ZyXEL Device.
Reset Click Reset to begin configuring this screen afresh.
Protocol) is a network-layer protocol used to establish membership in a
Multicast group - it is not used to carry user data. IGMP version 2 (RFC 2236)
is an improvement over version 1 (RFC 1112) but IGMP version 1 is still in
wide use. If you would like to read more detailed information about
interoperability between IGMP version 2 and version 1, please see sections 4
and 5 of RFC 2236.
Device.
Select this check box to forward NetBIOS packets from the LAN to the WAN
and from the WAN to the LAN. If your firewall is enabled with the default policy
set to block WAN to LAN traffic, you also need to enable the default WAN to
LAN firewall rule that forwards NetBIOS traffic.
Clear this check box to block all NetBIOS packets going from the LAN to the
WAN and from the WAN to the LAN.
104
ZyXEL NBG-334SH User’s Guide
CHAPTER 8
DHCP Server
8.1 DHCP
DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual
clients to obtain TCP/IP configuration at start-up from a server. You can configure the ZyXEL
Device as a DHCP server or disable it. When configured as a server, the ZyXEL Device
provides the TCP/IP configuration for the clients. If DHCP service is disabled, you must have
another DHCP server on your LAN, or else the computer must be manually configured.
8.2 DHCP Server General Screen
Click Network > DHCP Server. The following screen displays.
Figure 59 DHCP Server General
The following table describes the labels in this screen.
Table 39 DHCP Server General
LABEL DESCRIPTION
Enable DHCP Server DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132)
IP Pool Starting
Address
Pool Size This field specifies the size, or count of the IP address pool.
Apply Click Apply to save your changes back to the ZyXEL Device.
Reset Click Reset to begin configuring this screen afresh.
allows individual clients (computers) to obtain TCP/IP configuration at startup
from a server. Leave the Enable DHCP Server check box selected unless
your ISP instructs you to do otherwise. Clear it to disable the ZyXEL Device
acting as a DHCP server. When configured as a server, the ZyXEL Device
provides TCP/IP configuration for the clients. If not, DHCP service is disabled
and you must have another DHCP server on your LAN, or else the computers
must be manually configured. When set as a server, fill in the following four
fields.
This field specifies the first of the contiguous addresses in the IP address
pool.
ZyXEL NBG-334SH User’s Guide
105
Chapter 8 DHCP Server
8.3 DHCP Server Advanced Screen
This screen allows you to assign IP addresses on the LAN to specific individual computers
based on their MAC addresses. You can also use this screen to configure the DNS server
information that the ZyXEL Device sends to the DHCP clients.
Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address
is assigned at the factory and consists of six pairs of hexadecimal characters, for example,
00:A0:C5:00:00:02.
To change your ZyXEL Device’s static DHCP settings, click Network > DHCP Server >
Advanced. The following screen displays.
Figure 60 DHCP Server Advanced
106
The following table describes the labels in this screen.
Table 40 DHCP Server Advanced
LABEL DESCRIPTION
# This is the index number of the static IP table entry (row).
MAC Address Type the MAC address (with colons) of a computer on your LAN.
IP Address Type the LAN IP address of a computer on your LAN.
DNS Servers Assigned by DHCP Server
The ZyXEL Device passes a DNS (Domain Name System) server IP address (in the order you specify
here) to the DHCP clients. The ZyXEL Device only passes this information to the LAN DHCP clients
when you select the Enable DHCP Server check box. When you clear the Enable DHCP Server
check box, DHCP service is disabled and you must have another DHCP sever on your LAN, or else the
computers must have their DNS server addresses manually configured.
ZyXEL NBG-334SH User’s Guide
Chapter 8 DHCP Server
Table 40 DHCP Server Advanced
LABEL DESCRIPTION
First DNS Server
Second DNS
Server
Third DNS Server
Apply Click Apply to save your changes back to the ZyXEL Device.
Reset Click Reset to begin configuring this screen afresh.
Select From ISP if your ISP dynamically assigns DNS server information (and
the ZyXEL Device's WAN IP address). The field to the right displays the (readonly) DNS server IP address that the ISP assigns.
Select User-Defined if you have the IP address of a DNS server. Enter the DNS
server's IP address in the field to the right. If you chose User-Defined, but leave
the IP address set to 0.0.0.0, User-Defined changes to None after you click
Apply. If you set a second choice to User-Defined, and enter the same IP
address, the second User-Defined changes to None after you click Apply.
Select DNS Relay to have the ZyXEL Device act as a DNS proxy. The ZyXEL
Device's LAN IP address displays in the field to the right (read-only). The ZyXEL
Device tells the DHCP clients on the LAN that the ZyXEL Device itself is the
DNS server. When a computer on the LAN sends a DNS query to the ZyXEL
Device, the ZyXEL Device forwards the query to the ZyXEL Device's system
DNS server (configured in the WAN > Internet Connection screen) and relays
the response back to the computer. You can only select DNS Relay for one of
the three servers; if you select DNS Relay for a second or third DNS server, that
choice changes to None after you click Apply.
Select None if you do not want to configure DNS servers. If you do not configure
a DNS server, you must know the IP address of a computer in order to access it.
8.4 Client List Screen
The DHCP table shows current DHCP client information (including IP Address, Host Name
and MAC Address) of all network clients using the ZyXEL Device’s DHCP server.
Configure this screen to always assign an IP address to a MAC address (and host name). Click
Network > DHCP Server > Client List.
" You can also view a read-only client list by clicking the DHCP Table
(Details...) hyperlink in the Status screen.
The following screen displays.
Figure 61 Client List
ZyXEL NBG-334SH User’s Guide
107
Chapter 8 DHCP Server
The following table describes the labels in this screen.
Table 41 Client List
LABEL DESCRIPTION
# This is the index number of the host computer.
IP Address This field displays the IP address relative to the # field listed above.
Host Name This field displays the computer host name.
MAC Address The MAC (Media Access Control) or Ethernet address on a LAN (Local Area
Reserve Select this check box to have the ZyXEL Device always assign this IP address
Refresh Click Refresh to reload the DHCP table.
Network) is unique to your computer (six pairs of hexadecimal notation).
A network interface card such as an Ethernet adapter has a hardwired
address that is assigned at the factory. This address follows an industry
standard that ensures no other adapter has a similar address.
to this MAC address (and host name). After you click Apply, the MAC
address and IP address also display in the Advanced screen (where you can
edit them).
108
ZyXEL NBG-334SH User’s Guide
CHAPTER 9
Network Address Translation
(NAT)
This chapter discusses how to configure NAT on the ZyXEL Device.
9.1 NAT Overview
NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a
host in a packet. For example, the source address of an outgoing packet, used within one
network is changed to a different IP address known within another network.
9.2 Using NAT
" You must create a firewall rule in addition to setting up NAT, to allow traffic
from the WAN to be forwarded through the ZyXEL Device.
9.2.1 Port Forwarding: Services and Port Numbers
A port forwarding set is a list of inside (behind NAT on the LAN) servers, for example, web or
FTP, that you can make accessible to the outside world even though NAT makes your whole
inside network appear as a single machine to the outside world.
Use the Application screen to forward incoming service requests to the server(s) on your local
network. You may enter a single port number or a range of port numbers to be forwarded, and
the local IP address of the desired server. The port number identifies a service; for example,
web service is on port 80 and FTP on port 21. In some cases, such as for unknown services or
where one server can support more than one service (for example both FTP and web service),
it might be better to specify a range of port numbers.
In addition to the servers for specified services, NAT supports a default server. A service
request that does not have a server explicitly designated for it is forwarded to the default
server. If the default is not defined, the service request is simply discarded.
ZyXEL NBG-334SH User’s Guide
109
Chapter 9 Network Address Translation (NAT)
" Many residential broadband ISP accounts do not allow you to run any server
processes (such as a Web or FTP server) from your location. Your ISP may
periodically check for servers and may suspend your account if it discovers
any active services at your location. If you are unsure, refer to your ISP.
9.2.2 Configuring Servers Behind Port Forwarding Example
Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the
example), port 80 to another (B in the example) and assign a default server IP address of
192.168.1.35 to a third (C in the example). You assign the LAN IP addresses and the ISP
assigns the WAN IP address. The NAT network appears as a single host on the Internet
Figure 62 Multiple Servers Behind NAT Example
9.3 General NAT Screen
Click Network > NAT to open the General screen.
Figure 63 NAT General
110
ZyXEL NBG-334SH User’s Guide
The following table describes the labels in this screen.
Table 42 NAT General
LABEL DESCRIPTION
Network Address
Translation
Default Server In addition to the servers for specified services, NAT supports a default server. A
Apply Click Apply to save your changes back to the ZyXEL Device.
Reset Click Reset to begin configuring this screen afresh.
Network Address Translation (NAT) allows the translation of an Internet protocol
address used within one network (for example a private IP address used in a local
network) to a different IP address known within another network (for example a
public IP address used on the Internet).
Select the check box to enable NAT.
default server receives packets from ports that are not specified in the Application
screen.
If you do not assign a Default Server IP address, the ZyXEL Device discards all
packets received for ports that are not specified in the Application screen or
remote management.
9.4 NAT Application Screen
Chapter 9 Network Address Translation (NAT)
Port forwarding allows you to define the local servers to which the incoming services will be
forwarded. To change your ZyXEL Device’s port forwarding settings, click Network > NAT
> Application. The screen appears as shown.
" If you do not assign a Default Server IP address in the NAT > General
screen, the ZyXEL Device discards all packets received for ports that are not
specified in this screen or remote management.
Refer to Appendix I on page 257 for port numbers commonly used for particular services.
ZyXEL NBG-334SH User’s Guide
111
Chapter 9 Network Address Translation (NAT)
Figure 64 NAT Application
The following table describes the labels in this screen.
Table 43 NAT Application
LABEL DESCRIPTION
Game List Update A game list includes the pre-defined service name(s) and port number(s). You can
File Path Type in the location of the file you want to upload in this field or click Browse... to
Browse... Click Browse... to find the.txt file you want to upload. Remember that you must
Update Click Update to begin the upload process. This process may take up to two
Add Application
Rule
Active Select the check box to enable this rule and the requested service can be
Service Name Type a name (of up to 31 printable characters) to identify this rule in the first field
edit and upload it to the ZyXEL Device to replace the existing entries in the second
field next to Service Name.
find it.
decompress compressed (.zip) files before you can upload them.
minutes.
forwarded to the host with a specified internal IP address.
Clear the checkbox to disallow forwarding of these ports to an inside server
without having to delete the entry.
next to Service Name. Otherwise, select a predefined service in the second field
next to Service Name. The predefined service name and port number(s) will
display in the Service Name and Port fields.
112
ZyXEL NBG-334SH User’s Guide
Chapter 9 Network Address Translation (NAT)
Table 43 NAT Application (continued)
LABEL DESCRIPTION
Port Type a port number(s) to be forwarded.
To specify a range of ports, enter a hyphen (-) between the first port and the last
port, such as 10-20.
To specify two or more non-consecutive port numbers, separate them by a comma
without spaces, such as 123,567.
Server IP Address Type the inside IP address of the server that receives packets from the port(s)
specified in the Port field.
Apply Click Apply to save your changes to the Application Rules Summary table.
Reset Click Reset to not save and return your new changes in the Service Name and
Port fields to the previous one.
Application Rules
Summary
# This is the number of an individual port forwarding server entry.
Active This icon is turned on when the rule is enabled.
Name This field displays a name to identify this rule.
Port This field displays the port number(s).
Server IP Address This field displays the inside IP address of the server.
Modify Click the Edit icon to display and modify an existing rule setting in the fields under
Add Application Rule.
Click the Remove icon to delete a rule.
9.4.1 Game List Example
Here is an example game list text file. The index number, service name and associated port(s)
are specified by semi-colons (no spaces). Use the name=xxx (where xxx is the service name)
to create a new service. Port range can be separated with a hyphen (-) (no spaces). Multiple
(non-consecutive) ports can be separated by commas.
ZyXEL NBG-334SH User’s Guide
113
Chapter 9 Network Address Translation (NAT)
Figure 65 Game List Example
version=1
1;name=Battlefield 1942;port=14567,22000,23000-23009,27900,28900
2;name=Call of Duty;port=28960
3;name=Civilization IV;port=2056
4;name=Diablo I and II;port=6112-6119,4000
5;name=Doom 3;port=27666
6;name=F.E.A.R;port=27888
7;name=Final Fantasy XI;port=25,80,110,443,50000-65535
8;name=Guild Wars;port=6112,80
9;name=Half Life;port=6003,7002,27005,27010,27011,27015
10;name=Jedi Knight III: Jedi Academy;port=28060-28062,28070-28081
11;name=Need for Speed: Hot Pursuit 2;port=1230,8511-
8512,27900,28900,61200-61230
12;name=Neverwinter Nights;port=5120-5300,6500,27900,28900
13;name=Quake 2;port=27910
14;name=Quake 3;port=27660,27960
15;name=Rainbow Six 3: Raven Shield;port=7777-7787,8777-8787
16;name=Serious Sam II;port=25600-25605
17;name=Silent Hunter III;port=17997-18003
18;name=Soldier of Fortune II;port=20100-20112
19;name=Starcraft;port=6112-6119,4000
20;name=Star Trek: Elite Force II;port=29250,29256
21;name=SWAT 4;port=10480-10483
22;name=Warcraft II and III;port=6112-6119,4000
23;name=World of Warcraft;port=3724
9.5 Trigger Port Forwarding
Some services use a dedicated range of ports on the client side and a dedicated range of ports
on the server side. With regular port forwarding you set a forwarding port in NAT to forward a
service (coming in from the server on the WAN) to the IP address of a computer on the client
side (LAN). The problem is that port forwarding only forwards a service to a single LAN IP
address. In order to use the same service on a different LAN computer, you have to manually
replace the LAN computer's IP address in the forwarding port with another LAN computer's IP
address.
Trigger port forwarding solves this problem by allowing computers on the LAN to
dynamically take turns using the service. The ZyXEL Device records the IP address of a LAN
computer that sends traffic to the WAN to request a service with a specific port number and
protocol (a "trigger" port). When the ZyXEL Device's WAN port receives a response with a
specific port number and protocol ("incoming" port), the ZyXEL Device forwards the traffic
to the LAN IP address of the computer that sent the request. After that computer’s connection
for that service closes, another computer on the LAN can use the service in the same manner.
This way you do not need to configure a new IP address each time you want a different LAN
computer to use the application.
9.5.1 Trigger Port Forwarding Example
The following is an example of trigger port forwarding.
114
ZyXEL NBG-334SH User’s Guide
Chapter 9 Network Address Translation (NAT)
Figure 66 Trigger Port Forwarding Process: Example
1 Jane requests a file from the Real Audio server (port 7070).
2 Port 7070 is a “trigger” port and causes the ZyXEL Device to record Jane’s computer IP
address. The ZyXEL Device associates Jane's computer IP address with the "incoming"
port range of 6970-7170.
3 The Real Audio server responds using a port number ranging between 6970-7170.
4 The ZyXEL Device forwards the traffic to Jane’s computer IP address.
5 Only Jane can connect to the Real Audio server until the connection is closed or times
out. The ZyXEL Device times out in three minutes with UDP (User Datagram Protocol),
or two hours with TCP/IP (Transfer Control Protocol/Internet Protocol).
9.5.2 Two Points To Remember About Trigger Ports
1 Trigger events only happen on data that is going coming from inside the ZyXEL Device
and going to the outside.
2 If an application needs a continuous data stream, that port (range) will be tied up so that
another computer on the LAN can’t trigger it.
9.6 NAT Advanced Screen
To change your ZyXEL Device’s trigger port settings, click Network > NAT > Advanced.
The screen appears as shown.
" Only one LAN computer can use a trigger port (range) at a time.
ZyXEL NBG-334SH User’s Guide
115
Chapter 9 Network Address Translation (NAT)
Figure 67 NAT Advanced
The following table describes the labels in this screen.
Table 44 NAT Advanced
LABEL DESCRIPTION
Max NAT/Firewall
Session Per User
# This is the rule index number (read-only).
Name Type a unique name (up to 15 characters) for identification purposes. All
Incoming Incoming is a port (or a range of ports) that a server on the WAN uses when it
Start Por t Type a port number or the starting port number in a range of port numbers.
Type a number ranging from 1 to 2048 to limit the number of NAT/firewall sessions
that a host can create.
When computers use peer to peer applications, such as file sharing
applications, they may use a large number of NAT sessions.
limit the number of NAT sessions a single client can establish, this can result in all
of the available NAT sessions being used. In this case, no additional NAT
sessions can be established, and users may not be able to access the Internet.
Each NAT session establishes a corresponding firewall session. Use this field to
limit the number of NAT/firewall sessions each client computer can establish
through the ZyXEL Device.
If your network has a small number of clients using peer to peer applications, you
can raise this number to ensure that their performance is not degraded by the
number of NAT sessions they can establish. If your network has a large number of
users using peer to peer applications, you can lower this number to ensure no
single client is using all of the available NAT sessions.
characters are permitted - including spaces.
sends out a particular service. The ZyXEL Device forwards the traffic with this port
(or range of ports) to the client computer on the LAN that requested the service.
If you do not
116
ZyXEL NBG-334SH User’s Guide
Chapter 9 Network Address Translation (NAT)
Table 44 NAT Advanced
LABEL DESCRIPTION
End Port Type a port number or the ending port number in a range of port numbers.
Trigger The trigger port is a port (or a range of ports) that causes (or triggers) the ZyXEL
Start Por t Type a port number or the starting port number in a range of port numbers.
End Port Type a port number or the ending port number in a range of port numbers.
Apply Click Apply to save your changes back to the ZyXEL Device.
Reset Click Reset to begin configuring this screen afresh.
Device to record the IP address of the LAN computer that sent the traffic to a
server on the WAN.
ZyXEL NBG-334SH User’s Guide
117
Chapter 9 Network Address Translation (NAT)
118
ZyXEL NBG-334SH User’s Guide
Loading...