DMZ IP Address
NAT may conflict with certain interactive applications such as video conferencing or playing Internet video games. For these applications, a NAT bypass can be set up using a DMZ IP address. The DMZ IP address is a “visible” address and does not benefit from the full protection of the NAT function. Therefore it is advisable that other security precautions be enabled to protect the other computers and devices on the LAN. It may be wise to isolate the device with the DMZ IP address from the rest of the LAN.
For example, if you want to use video conferencing and still use NAT, you can use the DMZ IP address function. In this case, you must have a PC or server through which video conferencing will take place. The IP address of this PC or server will then be the DMZ IP address. You can designate the server’s IP address as the DMZ by typing in the IP address in the DMZ IP Address space provided and clicking the OK button.
For the system that uses the DMZ IP address, you may want to manually assign an IP address to it and adjust your DHCP server addresses so that the DMZ IP address is not included in the DHCP server range. This way you avoid possible IP address problems if you reboot the DMZ system.
IP Masquerade Pass Through
Since certain protocols have difficulty operating in conjunction with NAT, the Router can forward these packets without subjecting them to NAT address mapping. In particular, IPsec (a special network security protocol) and PPTP (a tunneling protocol used for virtual private networks) are not compatible with NAT. For this reason, the Router is configured to allow them to pass by default. You may disable this using the IP Masquerade Pass Through menu. To block in effect either packet type while NAT is running you must deselect the type here and click the OK button.
IP Masquerade Pass Through
26
