|
Advanced configuration section allows you to
configure various NAT 1:1 related settings and other advanced features (ie :
Dynamic DNS, Multi DMZ, UpnP..) of your Octolinks SW88 Series Load Balancer.
Network Address Translation (NAT, which is also
known as Native Address Translation, IP Masquerading or Network Masquerading)
is a technique used to translate network traffic passing through a router by
rewriting the source and destination IP addresses of IP packets. NAT enables
many users on a local area network (LAN) to share an Internet (WAN) access.
Sometimes the TCP/UDP port numbers of IP packets are also translated as they
pass through (PAT - Port Address Translation).
The following advanced
configration settings are covered in this section.
·
Host IP
·
Routing
·
Virtual Servers
·
Special Applications
·
Dynamic DNS
·
Multi DMZ
·
UPnP
·
NAT Setup
·
ARP Status
·
Advanced Features
This feature is
used in the following situations:
·
If you have Multi-Session PPPoE and wish to bind
each session to a particular PC on your LAN.
·
You wish to use the Access Filter feature.
This requires that each PC be identified with its MAC address by using the Host
IP Setup screen.
·
If you wish to have different URL Filter settings for different PCs. This requires that each
PC be identified with its MAC address by using the Host IP Setup screen. You
do not have to use the Host IP feature to apply the same URL Filter settings to all PCs on your network.
·
If you wish to reserve a particular (LAN) IP address
for a particular PC on your LAN. This allows the PC to still use DHCP (Windows
calls this "Obtain an IP address automatically") while gaining the
benefits of a fixed IP address. The PC's IP address will never change as it
will be reserved in DHCP.
Host
IP Setup Page
This section defines
hosts on your LAN and you can assign them to groups. These group can be applied
to Access Filter and Block URL features. You can also bind
multiple PPPoE link sessions to individual hosts on the LAN.
Host Name:
This should be an unique name for the host to be associated to the list.
MAC Address:
This is your host's network adapter address.
Select Group:
Select a group to assign the host to.
Reserve in DHCP:
If this is enabled, the DHCP Server will always assign the Reserved IP Address
to this host on request.
Reserved IP Address:
The IP address you wish to assign to this host.
This is used only if you
have multiple WAN ports or PPPoE sessions. Use this to ensure that a particular
host always uses the same WAN port or PPPoE session.
Host & Group List:
This list displays all the entries you have made. Click on the desired entry in
the list, the host's data will show up in the editing area. Then you may update
or delete the entry.
|
Host Network Identity |
This section
identifies each Host (PC) ·
Host name (Required) – Enter a suitable name. Generally, you should use
the "Hostname" (computer name) defined on the Host itself. ·
MAC Address ( Required) – Also called Physical
Address or Network Adapter Address.
Enter the MAC address of this host. MAC Button – Check ARP list for
entering MAC Address. ·
Select Group – Select the group you wish to put this host
into. ·
Reserve in DHCP – Select Enable
to reserve a particular (LAN) IP address for a particular PC on your LAN.
This allows the PC to use DHCP (Windows calls this "obtain an IP address
automatically") while having an IP address which never changes. ·
Reserved IP – Enter the IP address you wish to reserve, if
the setting above is Enable.
Otherwise, ignore this field. DHCP List – Check DHCP list for entering DHCP IP Address. |
|
Host Network Binding |
·
Bind WAN
port/Session – Select Enable if you wish to associate this
PC with a particular PPPoE Session. All traffic for that PC will then use the
selected PPPoE port and session. ·
Binding Method – Suppose your PC is bound to WAN1 port, now you are selecting “Strict Binding”. If WAN1 port is disconnected, your
packets cannot go out through WAN2 port, if WAN2 port is still alive. If you are selecting “Loose Binding” then when WAN1 port is disconnected, your packets will automatically
go to WAN2, if WAN2 is alive. ·
Select WAN
Port/Select PPPoE session – If the setting above is Enable, select the desired Port and Session. Otherwise, ignore
these settings. Note: Multiple PPPoE sessions are defined on the Advanced PPPoE screen. |
|
Host & Group List |
This table
shows the current bindings. |
This section is only relevant if your LAN has other
routers or gateways.
·
If you do not have other routers or gateways on your
LAN, you can skip the Routing configuration page.
·
If your LAN has other gateways and routers, you must
configure the Static Routing screen as described below. You also need to
configure the other Routers.
Routing
Page
Please refer to
the Advanced LAN Configuration section of this user guide for more
details.
This feature allows you to define Servers on your
network (LAN) that will be accessible to users from the Internet. Without these
settings, Internet users would not be able to access a server on your LAN
because:
·
Your Server's IP address is only valid on your LAN,
not on the Internet.
·
Attempts to connect to devices on your LAN are
automatically blocked by the SPI firewall in the Octolinks SW88 Series Load
Balancer.
The "Virtual Server" feature allows
Internet users to connect to servers that you assign as servers that are
visible to users from the Internet, as illustrated below.
Virtual Servers
Note that, in
this illustration, both Internet users are connecting to the same public IP
Address, but are using two different protocols (ftp and http) to connect to two
different servers on your network.
Once configured,
anyone on the Internet can connect to your defined Virtual Servers. They must
use the Octolinks SW88 Series Load Balancer's Internet IP Address (the IP
Address allocated by your ISP) to access the Virtual Servers.
Example: http://72.167.0.118 or ftp://72.167.0.118
·
To Internet users, all virtual Servers on your LAN
have the same IP Address. This public IP Address is allocated by your ISP.
·
This public IP address should be static, rather than
dynamic, to make it easier for Internet users to connect to your Servers.
However, you can use the Dynamic DNS
feature (explained later in this chapter) to allow users to connect to your
Virtual Servers using a FQDN (URL), instead of an IP Address.
Example: http://mydomain.dyndns.org or
ftp://mydomain.dyndns.org
Virtual
Server Page
The provided list covers
all common server settings. Click on the required Server Name to Enable the
server and to indicate the Server’s IP address on your network.
You may add your own
Virtual Server by defining a new name and indicating the Protocol, the required
Server’s IP on your network, the WAN Port Range and the Interface Binding
settings.
Example :
To enable your HTTP server which has 192.168.1.100 as LAN IP address :
1. Select the Server Name “HTTP”
2. Click on Enabled check box
3. Enter 192.168.1.100 in IP address box and click Update
New servers can
be added to the list using the same procedure and by clicking the Add
button.
|
Virtual Server Configuration |
·
Enable – To activate or deactivate the current entry. ·
Server Name – A unique name for identifying the virtual server. ·
Protocol – Select the protocol (either TCP or UDP) used by
the server software. ·
IP Address – LAN: Enter the IP address of the server on the device's
LAN side. The hosts used as Virtual Servers need static IP addresses or
reserved IP addresses. WAN: The WAN port that the virtual server is bound on. ·
Port Range – LAN: The range of port numbers used by the server. If
only one port number is used, fill the same number in both starting and
ending fields. WAN: The range of
port numbers for users in public to access the virtual server. If only one
port number is used, fill the same number in both starting and ending fields. ·
Allowed Remote IP – The range of IP addresses that are allowed to
access the virtual server. |
|
|
The Virtual Server List shows details of all Virtual Servers which have been defined. |
||
If you use Internet applications which have
non-standard connections or port numbers, you may find that they do not operate
correctly because they are blocked by the firewall of the Octolinks SW88 Series
Load Balancer. To overcome this problem, you can define the application as a
"Special Application" to make it to work.
Note that the terms "Incoming" and
"Outgoing" on the following screen refer to traffic from the client
(PC) viewpoint :
Incoming - From Internet server to LAN PC
Outgoing - From LAN PC to Internet server
|
Special Application Configuration |
·
Enable – Use this to
Enable or Disable this Special Application as required. ·
Name – Enter a descriptive name to identify this Special
Application. ·
Outgoing
Protocol – Select the protocol used by this application,
when sending data to the remote server or PC. ·
Outgoing Port
Range – Enter the beginning and end of the range of port
numbers used by the application server, for data you send. If the application
uses a single port number, enter it in both fields ·
Incoming
Protocol – Select the protocol used by this application, when
receiving data from the remote server or PC. · Incoming Port Range – Enter the beginning and end of the range of port numbers used by the application server, for data you receive. If the application uses a single port number, enter it in both fields. |
|
Special Application List |
This shows
details of all Special Applications which are currently defined. |
·
Once the Special
Applications screen is correctly configured, you can start using the
defined application on your PC. Only one (1) PC within your network can use a
specific Special Application at any given time.
·
When a PC has finished using a specific Special Application,
there may be a need for a "Time-out" period before another PC can
effectivly use the same Special Application.
·
You may be required to use the DMZ feature if a
defined specific application does not work on your PC after configuration. The
reason would be that your PC requires a full and non NATed Internet access for
the specific application to work correctly.
Note: Adding a PC to the DMZ feature requires that basic
security requirements are met on that PC as DMZ devices are totally exposed to
the Internet and are not protected by your Octolinks SW88 Series Load
Balancer’s firewall.
Please refer to the Multi DMZ section of the user
guide for detailed information on setting up and securing DMZ hosts.
Dynamic DNS is very useful when combined with the Virtual Server feature. It allows Internet
users to connect to your Virtual Servers using a Fully Qualified Domain Name
(FQDN or URL address), rather than an IP Address.
This also solves the problem of having a dynamic IP
address. With a dynamic IP address, your IP address may change whenever you
connect to your ISP or at least once in every 24 hours.
If you wish to use this feature, first you must
register for the Dynamic DNS services with a Dynamic DNS service provider (ie
http://www.dyndns.org). The Octolinks SW88 Series Load Balancer supports
several types of service providers:
·
Standard client or DYNDNS (http://www.dyndns.org)
·
TZO (http://www.tzo.com)
·
3322 is a service available only in China (http://www.3322.org)
Other sites may offer Dynamic DNS facilities that
you may implement using the “User Defined DDNS Server” option. Note that
compatibility and functionality can not be guaranteed.
1.
Register for the service from your preferred service
provider.
2. Follow the
service provider's procedure to have a Domain Name (Host name) allocated to
you.
3. Configure the Dynamic
DNS screen, as described below.
4. The Octolinks
SW88 Series Load Balancer will then automatically update your IP Address
recorded by the Dynamic DNS service provider.
5. From the
Internet, users will now be able to connect to your Virtual Servers (or DMZ PC)
using your Domain name.
Dynamic DNS Page
|
Dynamic DNS Service |
Use this to
Enable/Disable the Dynamic DNS feature, and select the required service
provider. ·
Disable – Dynamic DNS is not used. ·
TZO – Select this to use the TZO service
(www.tzo.com). You must configure the TZO
section of this screen. ·
Standard Client – Select this to use the standard service (from
www.dyndns.org or other provider). You must configure the Standard Client section of this
screen. ·
3322 – 3322 is available in China. It is similar to
“Standard client” · User Defined DDNS Server – This is the user define DDNS server. If the DDNS other than TZO, dyndns.org and 3322. |
|
Additional Settings |
These options
are available if using the standard client. ·
Enable Wildcard – If selected, traffic sent to sub-domains (of
your Domain name) will also be forwarded to you. ·
Enable backup
MX – If enabled,
you must enter the Mail Exchanger
address below. · Mail Exchanger – If the setting above is enabled, enter the address of the backup Mail Exchanger. |
|
WAN Port Binding |
