Rosewill RNX-N4 User Manual

Wireless Adapter

RNX-N4 User Manual

61

Internet.

2.

Address Restricted The NAT forwards incoming connection requests to a LAN-side

host only when they come from the same IP address with which a connection was
established. This allows the remote application to send data back through a port
different from the one used when the outgoing session was created.

3.

Port And Address Restricted The NAT does not forward any incoming connection

requests with the same port address as an already establish connection.

• Note: Some of these options can interact with other port restrictions. Endpoint

Independent Filtering takes priority over inbound filters or schedules, so it is possible for
an incoming session request related to an outgoing session to enter through a port in
spite of an active inbound filter on that port. However, packets will be rejected as
expected when sent to blocked ports (whether blocked by schedule or by inbound filter)
for which there are no active sessions. Port and Address Restricted Filtering ensures
that inbound filters and schedules work precisely, but prevents some level of
connectivity, and therefore might require the use of port triggers, virtual servers, or port
forwarding to open the ports needed by the application. Address Restricted Filtering
gives a compromise position, which avoids problems when communicating with certain
other types of NAT router (symmetric NATs in particular) but leaves inbound filters and
scheduled access working as expected.

• Enable Port Preservation: Place a check in this box to enable Port Preservation. NAT

Port preservation (on by default) tries to ensure that, when a LAN host makes an Internet
connection, the same LAN port is also used as the Internet visible port. This ensures
best compatibility for internet communications. Under some circumstances it may be
desirable to turn off this feature.

• Enable anti-spoof checking: Place a check in this box to enable anti-spoof checking.

Enabling this option can provide protection from certain kinds of "spoofing" attacks.
However, enble this option with care. With some modems, the WAN connection may be
lost when this option is enabled. In that case, it may be necessary to change the LAN
subnet to something other than 192.168.0.x (192.168.2.x, for example), to re-establish
the WAN connection.

• Enable DMZ Host: Place check in this box to enable DMZ host. DMZ host is a

demilitarized zone used to provide Internet services without sacrificing unauthorized
access to its local private network. Typically, the DMZ host contains devices
accessible to Internet traffic, such as web, FTP, email and DNS servers.

• DMZ IP Address: Specify the IP address of the DMZ host.

• Non-UDP/TCP/ICMP LAN Sessions: Place a check in this box to enable this feature.