Frequently
Asked Question |
Question:
What's the difference between the DMZ Host, Virtual Server and Special Application features?
|
Reference ID: MIH00D0016
Modified on: 05/10/2001
Product Area:
Internet Sharing Device
Model: MIH-130 XRouter Pro
|
Solution:
The NAT firewall stands between your private LAN and the public WAN. Requests for data or services (ie: requesting a web page) that originate on the
LAN-side and therefore are recognized by NAT and are allowed back through.
But requests that originate from the WAN-side of the XRouter or certain Internet Services and Applications need to have
holes opened in the firewall for the request to tunnel through the firewall. In the case of individual ports, such as port 21 for FTP or 5003 for FileMaker Pro 5.0, the Virtual Server can
open these virtual ports to one computer with a Manual IP. There are ten fields provided to open these individual ports. Some ports need to be opened to a
specific protocol such as either TCP or UDP. For example, FileMaker Pro 5.0 must be opened to port 5003 for TCP only or it will not work.
Note: To redirect a port to a computer, it is advised to give it a Manual IP as shown in the User Manual. There are 65535 virtual ports for data to travel
over on the Internet. You must obtain the correct ports to open from the software manufacturer. Typically this information is located in the manual or on
their website.
For those Internet services that require a range of ports to be opened , the Special Application page was developed. Here you give a name to the service or
application, name the trigger port which begins the session and name the port range to be opened.
When a particular computer is hosting a number of services which would consume too many ports in the Virtual Server and Special Application page, the DMZ
Host can be used. Although this opens all ports to one particular computer, this can pose a serious security risk. We advise against using the DMZ Host if
possible or do so with security on that particular machine.
Supporting Information
Related Documents
@Copyright 1998-2001
Xsense Connectivity, Inc. All rights reserved |