2 application level gateways, 3 port forwarding – Ericsson W21 User Manual

Page 45

Advertising
background image

Configuration and Management

applications and the local network. When UPnP IGD is enabled, programs
like MSN Messenger

®

and most network enabled games are allowed to

pass the NAT service.

UPnP IGD is enabled by default, but if you want to disable the feature, clear
the “Enable UPnP IGD” check box and click

Apply

to save the setting.

2.7.2

Application Level Gateways

From a security perspective, certain Internet applications, for example FTP
applications that open additional ports upon transfer, are especially
problematic to handle. An Application Level Gateway (ALG) provides a
translation and transportation service for such a specific application.
Incoming data packets are checked against existing NAT and packet
filtering rules, IP addresses are evaluated and a detailed packet analysis is
performed. If necessary, the contents of a packet are modified and if a
secondary port is required, the ALG will open one. The Ericsson W21
includes ALG support for the following applications:

Table 14 - ALG Supported applications

Application Protocol

Port
number

File Transfer Protocol (FTP)

TCP

21

Trivial File Transfer Protocol (TFTP)

UDP

69


The ALG for each application does not require additional configuration. The
supported ALGs can be enabled and disabled individually.

To disable an ALG, clear the corresponding check box and click

Apply

to

save the settings.

2.7.3 Port

Forwarding

Port forwarding is used to allow an external user to access a service
residing on a server connected to the LAN (to cross the NAT border). It
enables access to servers on the LAN from the Internet (e.g. Web server)
and also enables applications to work from the LAN (e.g. games, voice and
chat) to the Internet.

Note: Port

forwarding

requires a public IP address of the Ericsson

W21. This IP address is displayed on the Overview page as the
“Internet: IP address”. A private IP address usually begins with 10,
172

, or 192. In this case, no incoming access from the Internet is

1/1551-CRH 102 167 Uen Rev D 2007-11-16

43

Advertising
Popular Brands
Popular manuals