Masthead
Basic Advanced Tools Status Help

Virtual Server

The Virtual Server option gives Internet users access to services on your LAN. This feature is useful for hosting online services such as FTP, Web, or game servers. For each Virtual Server, you define a public port on your router for redirection to an internal LAN IP Address and LAN port.

Example:
You are hosting a Web Server on a PC that has LAN IP Address of 192.168.0.50 and your ISP is blocking Port 80.
  1. Name the Virtual Server (for example: Web Server)
  2. Enter the IP Address of the machine on your LAN (for example: 192.168.0.50
  3. Enter the Private Port as [80]
  4. Enter the Public Port as [8888]
  5. Select the Protocol - TCP
  6. Ensure the schedule is set to Always
  7. Click Save to add the settings to the Virtual Servers List
  8. Repeat these steps for each Virtual Server Rule you wish to add. After the list is complete, click Save Settings at the top of the page.
With this Virtual Server entry, all Internet traffic on Port 8888 will be redirected to your internal web server on port 80 at IP Address 192.168.0.50.
Add/Edit Virtual Server
In this section you can add an entry to the Vertual Servers List below or edit an existing entry.
Enable
Entries in the list can be either active (enabled) or inactive (disabled).
Name
Assign a meaningful name to the virtual server, for example Web Server. Several well-known types of virtual server are available from the "Select Virtual Server" list. Selecting one of these entries fills some of the remaining parameters with standard values for that type of server.
IP Address
The IP address of the system on your internal network that will provide the virtual service, for example 192.168.0.50.
Protocol
Select the protocol used by the service.
Private Port
The port that will be used on your internal network.
Public Port
The port that will be accessed from the Internet.
Inbound Filter
Select a filter that controls access as needed for this virtual server. If you do not see the filter you need in the list of filters, go to the Advanced -> Inbound Filter screen and create a new filter.
Schedule
Select a schedule for when the service will be enabled. If you do not see the schedule you need in the list of schedules, go to the Tools -> Schedules screen and create a new schedule.
Save
Saves the new or edited virtual server entry in the following list. When finished updating the virtual server entries, you must still click the Save Settings button at the top of the page to make the changes effective and permanent.
Virtual Servers List
The section shows the currently defined virtual servers. A Virtual Server can be changed by clicking the Edit icon, or deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Edit Virtual Server" section is activated for editing.

Note: You might have trouble accessing a virtual server using its public identity (WAN-side IP-address of the gateway or its dynamic DNS name) from a machine on the LAN. Your requests may not be looped back or you may be redirected to the "Forbidden" page.

This will happen if you have an Access Control Rule configured for this LAN machine.

The requests from the LAN machine will not be looped back if Internet access is blocked at the time of access. To work around this problem, access the LAN machine using its LAN-side identity.

Requests may be redirected to the "Forbidden" page if web access for the LAN machine is restricted by an Access Control Rule. Add the WAN-side identity (WAN-side IP-address of the router or its dynamic DNS name) on the Advanced -> Web Filter screen to work around this problem.

Special Applications

Application Level Gateway (ALG) Configurations
Here you can enable or disable ALGs. Some protocols and applications require special handling of the IP payload to make them work with network address translation (NAT). Each ALG provides special handling for a specific protocol or application. A number of ALGs for common applications are enabled by default.
PPTP
Allows multiple machines on the LAN to connect to their corporate network using PPTP protocol.
IPSec VPN
Allows multiple VPN clients to connect to their corporate network using IPSec. Some VPN clients support traversal of IPSec through NAT. This ALG may interfere with the operation of such VPN clients. If you are having trouble connecting with your corporate network, try turning this ALG off.

Please check with the system adminstrator of your corporate network whether your VPN client supports NAT traversal.

RTSP
Allows applications that use Real Time Streaming Protocol to receive streaming media from the internet. QuickTime and Real Player are some of the common applications using this protocol.
Windows Messenger
Supports use of Microsoft Windows Messenger (the Internet messaging client that ships with Microsoft Windows) on LAN computers. The SIP ALG must also be enabled when the Windows Messenger ALG is enabled.
FTP
Allows FTP clients and servers to transfer data across NAT. Refer to the Advanced -> Virtual Server page if you want to host an FTP server.
NetMeeting
Allows Microsoft NetMeeting clients to communicate across NAT. Note that if you want your buddies to call you, you should also set up a virtual server for NetMeeting. Refer to the Advanced -> Virtual Server page for information on how to set up a virtual server.
SIP
Allows devices and applications using VoIP (Voice over IP) to communicate across NAT. Some VoIP applications and devices have the ability to discover NAT devices and work around them. This ALG may interfere with the operation of such devices. If you are having trouble making VoIP calls, try turning this ALG off.
Wake-On-LAN
This feature enables forwarding of "magic packets" (that is, specially formatted wake-up packets) from the WAN to a LAN computer or other device that is "Wake on LAN" (WOL) capable. The WOL device must be defined as such on the Advanced -> Virtual Server page. The LAN IP address for the virtual server is typically set to the broadcast address 192.168.0.255. The computer on the LAN whose MAC address is contained in the magic packet will be awakened.
AOL
Use this ALG if you are experiencing frequent disconnects from the AOL server due to inactivity.
MMS
Allows Windows Media Player, using MMS protocol, to receive streaming media from the internet.
L2TP
Allows multiple machines on the LAN to connect to their corporate network using the L2TP protocol.
Add/Edit Special Applications Rule

The Special Application section is used to open single or multiple ports on your router when the router senses data sent to the Internet on a "trigger" port or port range. Special Applications rules apply to all computers on your internal network.

Example:
You need to configure your router to allow a software application running on any computer on your network to connect to a web-based server or another user on the Internet.
Name
Enter a name for the Special Application Rule, for example Game App, which will help you identify the rule in the future. You can also select from a list of common applications, and the remaining configuration values will be filled in accordingly.
Trigger Port Range
Enter the outgoing port range used by your application. [6500-6700]
Trigger Protocol
Select the outbound protocol used by your application. [Both]
Input Port Range
Enter the port range that you want to open up to Internet traffic. [6000-6200]
Input Protocol
Select the protocol used by the Internet traffic coming back into the router through the opened port range. [Both]
Schedule
Select a schedule for when this rule is in effect. If you do not see the schedule you need in the list of schedules, go to the Tools -> Schedules screen and create a new schedule.
Save
Saves the new or edited Special Applications Rule in the following list. When finished updating the special applications rules, you must still click the Save Settings button at the top of the page to make the changes effective and permanent.

With this Special Application Rule enabled, the router will open up a range of ports from 6000-6200 for incoming traffic from the Internet, whenever any computer on the internal network opens up an application that sends data to the Internet using a port in the range of 6500-6700.

Special Applications Rules List
The section shows the currently defined special applications rules. A special applications rule can be changed by clicking the Edit icon, or deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Edit Special Applications Rule" section is activated for editing.

Gaming

Multiple connections are required by some applications, such as internet games, video conferencing, Internet telephony, and others. These applications have difficulties working through NAT (Network Address Translation). The Gaming section is used to open multiple ports or a range of ports in your router and redirect data through those ports to a single PC on your network. This feature allows you to enter ports in various formats:

Range (50-100)
Individual (80, 68, 888)
Mixed (1020-5000, 689)

Edit/Add Game Rule
Here you can add entries to the Game Rules List below, or edit existing entries.
Example:
You are hosting an online game server that is running on a PC with a Private IP Address of 192.168.0.50. This game requires that you open multiple ports (6159-6180, 99) on the router so Internet users can connect.
Enable
Each entry in Game Rules List can be active (enabled) or inactive (disabled)
Name
Give the Gaming Rule a name that is meaningful to you, for example Game Server. You can also select from a list of popular games, and many of the remaining configuration values will be filled in accordingly. However, you should check whether the port values have changed since this list was created, and you must fill in the IP address field.
IP Address
Enter the local network IP address of the system hosting the game server, for example 192.168.0.50.
TCP Ports To Open
Enter the TCP ports to open. [6159-6180, 99]
UDP Ports To Open
Enter the UDP ports to open. [6159-6180, 99]
Inbound Filter
Select a filter that controls access as needed for this game rule. If you do not see the filter you need in the list of filters, go to the Advanced -> Inbound Filter screen and create a new filter.
Schedule
Select a schedule for the times when this rule is in effect. If you do not see the schedule you need in the list of schedules, go to the Tools -> Schedules screen and create a new schedule.
Save
Saves the new or edited Game Rule in the following list. When finished updating the game rules, you must still click the Save Settings button at the top of the page to make the changes effective and permanent.

With this Gaming Rule enabled, all TCP and UDP traffic on ports 6159 through 6180 and port 99 is passed through the router and redirected to the Internal Private IP Address of your Game Server at 192.168.0.50.

Game Rules List
The section shows the currently defined game rules. A game rule can be changed by clicking the Edit icon, or deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Edit Game Rule" section is activated for editing.

Traffic Shaping

The Traffic Shaping feature helps improve your network gaming performance by prioritizing applications. By default, the Traffic Shaping settings are disabled.

Traffic Shaping Setup
Enable Traffic Shaping
This option is disabled by default. Enable it for better performance and experience with online games and other interactive applications, such as VoIP.
Automatic Classification
This option is enabled by default so that your router will automatically determine which programs should have network priority.
Dynamic Fragmentation
This option should be enabled when you have a slow Internet uplink. It helps to reduce the impact that large low priority network packets can have on more urgent ones by breaking the large packets into several smaller packets.
Automatic Uplink Speed
When enabled, this option causes the router to automatically measure the useful uplink bandwidth each time the WAN interface is re-established (after a reboot, for example).
Measured Uplink Speed
This is the uplink speed measured when the WAN interface was last re-established. The value may be lower than that reported by your ISP as it does not include all of the network protocol overheads associated with your ISP's network. Typically, this figure will be between 87% and 91% of the stated uplink speed for xDSL connections and around 5 kbps lower for cable network connections.
Uplink Speed
If Automatic Uplink Speed is disabled, this options allows you to set the uplink speed manually. Uplink speed is the speed at which data can be transferred from the router to your ISP. This is determined by your ISP. ISPs often specify speed as a downlink/uplink pair; for example, 1.5Mbits/284Kbits. For this example, you would enter "284". Alternatively you can test your uplink speed with a service such as http://www.dslreports.com/. Note however that sites such as DSL Reports, because they do not consider as many network protocol overheads, will generally note speeds slightly lower than the Measured Uplink Speed or the ISP rated speed.
Connection Type
By default, the router automatically determines whether the underlying connection is an xDSL/Frame-relay network or some other connection type (such as cable modem or Ethernet), and it displays the result as Detected xDSL or Frame Relay Network. If you have an unusual network connection in which you are actually connected via xDSL but for which you configure either "Static" or "DHCP" in the WAN settings, setting this option to xDSL or Other Frame Relay Network ensures that the router will recognize that it needs to shape traffic slightly differently in order to give the best performance. Choosing xDSL or Other Frame Relay Network causes the measured uplink speed to be reported slightly lower than before on such connections, but gives much better results.
Detected xDSL or Frame Relay Network
When Connection Type is set to Auto-detect, the automatically detected connection type is displayed here.
Add/Edit Traffic Shaping Rule
Automatic classification will be adequate for most applications, and specific Traffic Shaping Rules will not be required. A Traffic Shaping Rule identifies a specific message flow and assigns a priority to that flow.
Enable
Each entry in Traffic Shaping Rules List can be active (enabled) or inactive (disabled)
Name
Create a name for the rule that is meaningful to you.
Priority
The priority of the message flow is entered here. 0 receives the highest priority (most urgent) and 255 receives the lowest priority (least urgent).
Protocol
The protocol used by the messages.
Source IP Range
The rule applies to a flow of messages whose LAN-side IP address falls within the range set here.
Source Port Range
The rule applies to a flow of messages whose LAN-side port number is within the range set here.
Destination IP Range
The rule applies to a flow of messages whose WAN-side IP address falls within the range set here.
Destination Port Range
The rule applies to a flow of messages whose WAN-side port number is within the range set here.
Save
Saves the new or edited Traffic Shaping Rule in the following list. When finished updating the Traffic Shaping rules, you must still click the Save Settings button at the top of the page to make the changes effective and permanent.
Traffic Shaping Rules List
The section shows the currently defined Traffic Shaping rules. A Traffic Shaping rule can be changed by clicking the Edit icon, or deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Edit Traffic Shaping Rule" section is activated for editing.

Routing

Add/Edit Route
Adds a new route to the IP routing table or edits an existing route.

Enable: Specifies whether the entry will be enabled or disabled.

Destination IP: The IP address of packets that will take this route.

Netmask: One bits in the mask specify which bits of the IP address must match.

Gateway: Specifies the next hop to be taken if this route is used. A gateway of 0.0.0.0 implies there is no next hop, and the IP address matched is directly connected to the router on the interface specified: LAN or WAN.

Interface: Specifies the interface -- LAN or WAN -- that the IP packet must use to transit out of the router, when this route is used.

Metric: The relative cost of using this route.

Save: Saves the new or edited route in the following list. When finished updating the routing table, you must still click the Save Settings button at the top of the page to make the changes effective and permanent.

Routes List
The section shows the current routing table entries. Certain required routes are predefined and cannot be changed. Routes that you add can be changed by clicking the Edit icon, or deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Edit Route" section is activated for editing.

Access Control

The Access Control section allows you to control access in and out of devices on your network. Use this feature as Parental Controls to only grant access to approved sites, limit web access based on time or dates, and/or block access from applications such as peer-to-peer utilities or games.

Enable
By default, the Access Control feature is disabled. If you need Access Control, check this option, and you will see the following configuration sections.

Note: When Access Control is disabled, every device on the LAN has unrestricted access to the Internet. However, if you enable Access Control, Internet access is restricted for those devices that have an Access Control Rule configured for them. All other devices will have unrestricted access to the Internet.

Add/Edit Access Control Rule
Access Control Rules specify what a LAN device is allowed to access. Here you can add entries to the Access Control Rules List or edit existing entries.
Enable
Each entry in Access Control Rules List can be active (enabled) or inactive (disabled)
Policy Name
Create a name for this access control policy (rule) that is meaningful to you. Typically this would be a system name or user name; for example "Casey's PC".
Address Type
Select the type of address on which you want to base the rule.

IP Address: Enter the IP Address of the machine that you want the access control rule to apply to. Make sure that the device on the LAN either has a static IP address (that is, one that is not in the DHCP range) or is in the Static DHCP Client List (see Basic -> DHCP).

Machine Address: Enter the MAC Address of the machine that you want the access control rule to apply to. If you want to enter the MAC Address of the computer you are using, click the Copy Your PC's MAC Address button.

Others: If you want to restrict access for all devices that do not have an explicit rule configured for them, then select "Others" for the Address Type.

Schedule
Select a schedule of the times when you want the policy to apply. If you do not see the schedule you need in the list of schedules, go to the Tools -> Schedules screen and create a new schedule.
Apply Web Filter
With this option enabled, the specified system will only have access to the Web sites listed in the Web Filter section.
Log Internet Access
If this option is enabled, all of the Web sites visited by the specified machine will be logged.
Filter Ports
By clicking the Filter Ports >> button you can specify that the rule prohibits access to specific IP addresses and ports.
Save
Saves the new or edited access control rule in the following list. Repeat the process, creating an Access Control Rule for each of the devices on your LAN that needs access to the Internet. When finished updating the Access Control Rules, you must still click the Save Settings button at the top of the page to make the changes effective and permanent.
Access Control Rules List
This section shows the current access control rules. Rules can be changed by clicking the Edit icon, or deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Edit Access Control Rule" section is activated for editing.

Web Filter

The Web Filter section is where you add the Web sites to be used for Access Control.

Add/Edit Web Site
This is where you can add Web sites to the Allowed Web Site List or change entries in the Allowed Web Site List. The Allowed Web Site List is used for systems that have the Web filter option enabled in Access Control.
Enable
Entries in the Allowed Web Site List can be activated or deactivated with this checkbox. New entries are activated by default.
Web Site
Enter the URL (address) of the Web Site that you want to allow; for example: google.com. Do not enter the http:// preceding the URL. Enter the most inclusive domain; for example, enter trendware.com and access will be permitted to both www.trendware.com and support.trendware.com.

Note: Many web sites construct pages with images and content from other web sites. Access will be forbidden if you do not enable all the web sites used to construct a page. For example, to access my.yahoo.com, you need to enable access to yahoo.com, yimg.com, and doubleclick.net.

Save
Saves the new or edited Allowed Web Site in the following list. When finished updating the Allowed Web Site List, you must still click the Save Settings button at the top of the page to make the changes effective and permanent.
Allowed Web Site List
The section lists the currently allowed web sites. An allowed web site can be changed by clicking the Edit icon, or deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Edit Web Site" section is activated for editing.

MAC Address Filter

The MAC address filter section can be used to filter network access by machines based on the unique MAC addresses of their network adapter(s). It is most useful to prevent unauthorized wireless devices from connecting to your network. A MAC address is a unique ID assigned by the manufacturer of the network adapter.

Enable MAC Address Filter
When this is enabled, computers are granted or denied network access depending on the mode of the filter.

Note: Misconfiguration of this feature can prevent any machine from accessing the network. In such a situation, you can regain access by activating the factory defaults button on the router itself.

Filter Settings
Mode
When "only allow listed machines" is selected, only computers with MAC addresses listed in the MAC Address List are granted network access. When "only deny listed machines" is selected, any computer with a MAC address listed in the MAC Address List is refused access to the network.
Filter Wireless Clients
When this is selected, the MAC address filters will be applied to wireless network clients.
Filter Wired Clients
When this is selected, the MAC address filters will be applied to wired network clients.
Add/Edit MAC Address
In this section, you can add entries to the MAC Address List below, or edit existing entries.
Enable
MAC address entries can be activated or deactivated with this checkbox.
MAC Address
Enter the MAC address of the desired computer or connect to the router from the desired computer and click the Copy Your PC's MAC Address button.
Save
Saves the new or edited MAC Address entry in the following list. When finished updating the MAC Address List, you must still click the Save Settings button at the top of the page to make the changes effective and permanent.
MAC Address List
The section lists the current MAC Address filters. A MAC Address entry can be changed by clicking the Edit icon, or deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Edit MAC Address" section is activated for editing.

Firewall

Enable SPI
SPI ("stateful packet inspection" also known as "dynamic packet filtering") helps to prevent cyberattacks by tracking more state per session. It validates that the traffic passing through that session conforms to the protocol. When SPI is enabled, the extra state information will be reported on the Status -> Active Sessions page.
Enable DMZ
DMZ means "Demilitarized Zone." If an application has trouble working from behind the router, you can expose one computer to the Internet and run the application on that computer.

Note: Putting a computer in the DMZ may expose that computer to a variety of security risks. Use of this option is only recommended as a last resort.

DMZ IP Address
Specify the IP address of the computer on the LAN that you want to have unrestricted Internet communication. If this computer obtains its address Automatically using DHCP, then you may want to make a static reservation on the Basic -> DHCP page so that the IP address of the DMZ machine does not change.

Inbound Filter

The Inbound Filter option is an advanced method of controlling data received from the Internet. With this feature you can configure inbound data filtering rules that control data based on IP Address.

Inbound Filters can be used for limiting access to a server on your network to a system or group of systems. Filter rules can be used with Virtual Server, Gaming, or Remote Administration features. Each filter can be used for several functions; for example a "Game Clan" filter might allow all of the members of a particular gaming group to play several different games for which gaming entries have been created. At the same time an "Admin" filter might only allows systems from your office network to access the WAN admin pages and an FTP server you use at home. If you add an IP address to a filter, the change is effected in all of the places where the filter is used.

Add/Edit Inbound Filter Rule
Here you can add entries to the Inbound Filter Rules List below, or edit existing entries.
Name
Enter a name for the rule that is meaningful to you.
Action
The rule can either Allow or Deny messages.
Source IP Range
Define the ranges of Internet addresses this rule applies to. For a single IP address, enter the same address in both the Start and End boxes. Up to eight ranges can be entered. The Enable checkbox allows you to turn on or off specific entries in the list of ranges.
Save
Saves the new or edited Inbound Filter Rule in the following list. When finished updating the Inbound Filter Rules List, you must still click the Save Settings button at the top of the page to make the changes effective and permanent.
Inbound Filter Rules List
The section lists the current Inbound Filter Rules. An Inbound Filter Rule can be changed by clicking the Edit icon, or deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Edit Inbound Filter Rule" section is activated for editing.

In addition to the filters listed here, two predefined filters are available wherever inbound filters can be applied:

Allow All
Permit any WAN user to access the related capability.
Deny All
Prevent all WAN users from accessing the related capability. (LAN users are not affected by Inbound Filter Rules.)

Advanced Wireless

Fragmentation Threshold
This setting should remain at its default value of 2346. Setting the Fragmentation value too low may result in poor performance.
RTS Threshold
This setting should remain at its default value of 2346. If you encounter inconsistent data flow, only minor modifications to the value are recommended.
Beacon Period
Beacons are packets sent by a wireless router to synchronize wireless devices. Specify a Beacon Period value between 20 and 1000. The default value is set to 100 milliseconds.
DTIM Interval
A DTIM is a countdown informing clients of the next window for listening to broadcast and multicast messages. When the wireless router has buffered broadcast or multicast messages for associated clients, it sends the next DTIM with a DTIM Interval value. Wireless clients detect the beacons and awaken to receive the broadcast and multicast messages. The default value is 1. Valid settings are between 1 and 255.
802.11d Enable
Enables 802.11d operation. 802.11d is a wireless specification for operation in additional regulatory domains. This supplement to the 802.11 specifications defines the physical layer requirements (channelization, hopping patterns, new values for current MIB attributes, and other requirements to extend the operation of 802.11 WLANs to new regulatory domains (countries). The current 802.11 standard defines operation in only a few regulatory domains (countries). This supplement adds the requirements and definitions necessary to allow 802.11 WLAN equipment to operate in markets not served by the current standard. Enable this option if you are operating in one of these "additional regulatory domains".
Transmit Power
Normally the wireless transmitter operates at 100% power. In some circumstances, however, there might be a need to isolate specific frequencies to a smaller area. By reducing the power of the radio, you can prevent transmissions from reaching beyond your corporate/home office or designated wireless area.
WDS Enable
When WDS is enabled, this access point functions as a wireless repeater and is able to wirelessly communicate with other APs via WDS links. Note that WDS is incompatible with WPA -- both features cannot be used at the same time. A WDS link is bidirectional; so this AP must know the MAC Address (creates the WDS link) of the other AP, and the other AP must have a WDS link back to this AP.
WDS AP MAC Address
Specifies one-half of the WDS link. The other AP must also have the MAC address of this AP to create the WDS link back to this AP.

Schedules

Schedules can be created for use with enforcing rules. For example, if you want to restrict web access to Mon-Fri from 3pm to 8pm, you could create a schedule selecting Mon, Tue, Wed, Thu, and Fri and enter a Start Time of 3pm and End Time of 8pm.

Add/Edit Schedule Rule
In this section you can add entries to the Schedule Rules List below or edit existing entries.
Name
Give the schedule a name that is meaningful to you, such as "Weekday rule".
Day(s)
Place a checkmark in the boxes for the desired days or select the All Week radio button to select all seven days of the week.
All Day - 24 hrs
Select this option if you want this schedule in effect all day for the selected day(s).
Start Time
If you don't use the All Day option, then you enter the time here. The start time is entered in two fields. The first box is for the hour and the second box is for the minute. Email events are triggered only by the start time.
End Time
The end time is entered in the same format as the start time. The hour in the first box and the minutes in the second box. The end time is used for most other rules, but is not used for email events.
Save
Saves the new or edited Schedule Rule in the following list. When finished updating the Schedule Rules, you must still click the Save Settings button at the top of the page to make the changes effective and permanent.
Schedule Rules List
The section shows the currently defined Schedule Rules. A Schedule Rule can be changed by clicking the Edit icon, or deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Edit Schedule Rule" section is activated for editing.