ZyXEL Communications ZYWALL 70 - V4.04 Podręcznik Użytkownika Pobierz pdf (Strona 93)

Appendix 2 Trigger Port

Introduction

Some routers try to get around this "one port per customer" limitation by using

"triggered" maps. Triggered maps work by having the router watch outgoing data for a

specific port number and protocol. When the router finds a match, it remembers the IP

address of the computer that sent the matching data. When the requested data wants to

come back in through the firewall, the router uses the port mapping rules that are linked

to the trigger, and the IP address of the computer that "pulled" the trigger, to get the data

back to the proper computer.

These triggered events can be timed so that they erase the port mapping as soon as

they are done with the data transfer, so that the port mapping can be triggered by another

Client computer. This gives the illusion that multiple computers can use the same port

mapping at the same time, but the computers are really just taking turns using the

mapping.

How to use it

Following table is a configuration table.

Name Incoming Trigger

Napster 6699 6699

Quicktime 4 Client 6970-32000 554

Real Audio 6970-7170 7070

User 1001-1100 1-100

How it works

For example, you are running a FTP Server on port 21 of machine A. And you

may want this server accessible from the Internet without enabling NAT-based firewall.

There are one Web Server on port 80 of machine B and another client C on the Internet.

(1) As Prestige receives a packet from a local client A destined for the outside Internet

machine B, it will check the destination port in the TCP/UDP header to see if it

matches the setting in "Trigger Port" (80). If it matches, Prestige records the source

IP of A (192.168.1.33) in its internal table.

(2) Now client C (or client B) tries to access the FTP server in machine A. When Prestige

to forward any un-requested traffic generated from Internet, it will first check the

rules in port forwarding set. When no matches are found, it will then check the

1 2 ... 88 89 90 91 92 93 94 95 96 97 98 ... 111 112

Brak uwag

ZyXEL Communications ZYWALL 70 - V4.04 Podręcznik Użytkownika Strona 93