144 | Draytek 2750 guide

zEnhance security of the internal network by obscuring the IP address. There are many attacks aiming victims based on the IP address. Since the attacker cannot be aware of any private IP addresses, the NAT function can protect the internal network.

On NAT page, you will see the private IP address defined in RFC-1918. Usually we use the 192.168.1.0/24 subnet for the router. As stated before, the NAT facility can map one or more IP addresses and/or service ports into different specified services. In other words, the NAT function can be achieved by using port mapping methods.

Below shows the menu items for NAT.

4.4.1 Hardware NAT

Hardware-base Acceleration Engine, also named Protocol Processing Engine API is the function that Draytek provides to extremely speed up the NAT performance.

While the hardware acceleration mechanism is activated, most of the bandwidth usage will be concentrated on the specific sessions which increase transmission speed to get ultimately accelerated.

4.4.2 Open Ports

Open Ports allows you to open a range of ports for the traffic of special applications.

Common application of Open Ports includes P2P application (e.g., BT, KaZaA, Gnutella, WinMX, eMule and others), Internet Camera etc. Ensure that you keep the application involved up-to-date to avoid falling victim to any security exploits.

To add a new open port, click Add new entry.

144	Vigor2750 Series User’s Guide

Image 154

Draytek 2750 manual 144

Contents

Page Vigor2750 Series High Speed VDSL2 Router User’s Guide Safety Instructions and Approval Copyright Information European Community Declarations Regulatory Information Table of Contents 101 119 243 249 259 Page Web Configuration Buttons Explanation Preface LED Indicators and Connectors For Vigor2750 PWR For Vigor2750n Wlan Interface Description For Vigor2750Vn Interface ON/OFF Hardware Installation Stand Installation Printer Installation Open Start-Settings- Printer and Faxes Vigor2750 Series User’s Guide Vigor2750 Series User’s Guide Vigor2750 Series User’s Guide Vigor2750 Series User’s Guide Accessing Web Two-Level Management Changing Password Main screen for admin mode operation full configuration Vigor2750 Series User’s Guide Quick Start Wizard Setting up the Password Setting up the Time Zone Setting up the Internet Connection Static IP Primary DNS Server EnableGateway Secondary DNS Server PPPoE MTU Size PPTP/L2TP IP Address Ssid Broadcast Setting up the Wireless ConnectionEnable Wireless LAN Encryption Authentication Mode Key1 to Key4 WPA Pre-shared Key TypeWPA Algorithm Key you wish to use Destination Port Server IP AddressShared Secret WPS Saving the Wizard Configuration Online Status Saving Configuration User Mode Operation Vdsl VDSL2 Profile Vdsl SetupVdsl Status Hs Carrier Set What are Public IP Address and Private IP Address WANBasics of Internet Protocol IP Network Get Your Public IP Address from ISP Internet Access Static IP mode Gateway IP Address Router Name Ping IPDomain Name Username Enable/DisableAlways On. Otherwise, choose Connect on Demand PPTP/L2TP 3G USB Modem Modem Initial String1/2 PPP PasswordSIM PIN code APN Name Multi-VLAN LAN/NAT VoIP WAN Setting for V model only Bridge 1/2/3 3 3G Backup LAN Basics of LAN What is Routing Information Protocol RIP What are Virtual LANs and Rate Control Vigor2750 Series User’s Guide General Setup Ports ActiPHY Link down power savings enabled Power ControlDisabled All power savings mechanisms disabled PerfectReach Link up power savings enabled MAC Address Table Disable Automatic AgingStatic MAC Table Config Age Time Vlan Monitor Port Enable Monitor PortMonitor Port Monitor ingress port Static Route Add Static Routes to Private and Public Networks Bind IP to MAC ARP Table DisableStrict Bind Add and Edit Hardware NAT NATDelete End Port optional Open PortsStart Port Local Host Local Port optional Enable Check to enable the DMZ Host functionDMZ Host PC to select one Session Limit Default Session LimitBandwidth Management Limitation List End IP Bandwidth LimitStart IP Sessions Limit User-defined Bandwidth Smart Bandwidth LimitLimit Port Rate Control QoS Control List Vigor2750 Series User’s Guide Type Value Adding a New QCEQCE Type Traffic Class TCP/UDP Port Vigor2750 Series User’s Guide Moving Up/Down a QCE Ports PriorityEditing a QCE Deleting a QCE QoS Statistics Rx Broadcast Rx OctetsRx Unicast Rx Pause Rx Medium Rx LowRx Normal Rx High Tx High ApplicationsDynamic DNS Tx Drops Schedule Acts Weekday Igmp Igmp Status Enable Upnp UPnP ConfigurationGroups Cant work with Firewall Software Wake On LANSecurity Considerations Wake by Wireless LANBasic Concepts MAC Address Security Overview Show/Hide Wireless ModeIsolate Member Enable Green AP Wireless Security ConfigurationTx Power Channel WEP Default KeyNone Key1-Key4 Hexadecimal digits leading by 0x, such as WPA ModeDefault value is 1812, based on RFC 0x321253abcde WPS Access Control Filter Type Add a New Entry Station ListDisplay the Ssid that the stations connected through Signal Access Point DiscoveryWMM Configuration Security Aifsn WMM CapableApsd Capable CWMin/CWMax 7 WDS AckPolicy Choose the mode for WDS setting. Disable mode will not USB Application USB General SettingsPhy Mode Key FTP User Management Disk Shares Access RuleDisk Status Safely Remove Disk Comment Access RightsShare Name Path IPv6 1 IPv6 WAN SetupLink-Local Only DHCPv6 Client Iapd Static IPv6DHCPv6 Client Iana Prefix Length Tspc Tunnel Broker 2 IPv6 LAN Setup Configuration Type Enable AutoconfigurationDHCPv6 Server Stateful 3 IPv6 Firewall Setup Name Display the name of the rule Protocol Source IP Adding a New RuleIP Type 4 IPv6 Routing 6 IPv6 Tspc Status 5 IPv6 NeighbourAuto-refresh Tunnel Status Connection StatusTunnel Information Activity 104 7 IPv6 Management Ping/FTP/TELNET User User ConfigurationAdding a New User Editing/Deleting User Settings System MaintenanceSystem Status System Device Type ACS Settings11.2 TR-069 Display the Ssid of the router User Password Configuration Backup Backup the Configuration Restore Configuration Syslog / Mail Alert Enable E-mail Alert Time and Date Access List Enable SnmpManagement Reboot System Firmware Upgrade This page is left blank Admin Mode Operation 120 121 122 Apply default DNS Server IP address 198.95.1.1 to this field Type in a name for the router e.g., Vigor2750. It must be 125 126 WAN IP Network Settings 128 Transmitted by NAT through WAN port VoIP WAN Setting SIM PIN code 132 133 What is Static Route Router will resolve the domain name immediately. Otherwise Current Auto 137 138 139 Go to LAN to open setting page and choose Static Route 141 142 List Remove 144 145 PC to specify a suitable one DoS Defense Denial of Service DoS DefenseFirewall Basics for Firewall Rate Limiter ID Ports ConfigurationRate Counter Rate Limiter ID Adding a New Access Control Profile Access Control ListACE Configuration Detailed Explanation for Frame Type Ethernet Type Filter Defined in Sender IP Address and Sender IP Mask Request/ReplySender IP Filter Sender IP Address ARP Smac Match Target IP AddressTarget IP Mask IP/Ethernet Length Source IP Address EthernetSource IP Mask Icmp Type Filter Dest IP AddressDest IP Mask Icmp Type Value Dest IP Source Port Filter Source Port Range Source Port NoDest. Port Filter Dest IP Filter Dest. Port No Dest. Port Range TCP SYN IP Protocol Value When you choose Network as destination IP filter Default Sessions Limit Click this button to close the function of limit bandwidth Represent LAN or WAN interface 166 Display the class of the data transmission for the QCE 168 169 Wireless Port Queuing Mode Use the drop down list to choose suitable mode 172 Display the the counting number of the packet transmitted Enable Dynamic DNS Interval set here WiFi UP/DOWN Wireless Wi-Fi connection will be This page display current Igmp status Download Speed Port MembersUpload Speed 179 Type any one of the MAC address of the binded PCs VPN and Remote Access Remote Access Control Your LAN Pptp Remote Dial-inIPSec Remote Dial-in Mobile VPN Type Authentication Advanced Settings Remote Dial-in Status Name LAN to LANTx /Rx Adding a VPN Tunnel EnabledIKE phase 1 mode Always On Local Identity IKE Phase 1 proposalConfirm Pre-Shared key Remote Identity 188 189 Choose the wireless mode for this router. At present, only 191 192 UDP port number that the Radius server is using 194 195 Allow List all the MAC address of wireless clients listed Index Display the number of the connecting client IP Address Refresh Click this button to refresh current 198 199 200 201 Htmix If 802.11b/g/n wireless mode is used, please Check this box to share the information on USB disk Check this box and then you can remove the USB diskette Update Click this button to refresh the disk status 11.1 IPv6 WAN Setup 11 IPv6 207 208 Tunnel Mode 11.2 IPv6 LAN Setup 11.3 IPv6 Firewall Setup 212 Open IPv6 IPv6 Firewall Setup and press Add New Rule Example Welcome to the IPv6 Information You are using IPv4 from 11.4 IPv6 Routing 11.5 IPv6 Neighbour 11.6 IPv6 Tspc Status 216 217 11.7 IPv6 Management Delete User Allow PptpAdd a New User 220 221 CPU Usage 13.2 TR-069 Http//IP address System Password 225 226 Syslog/Mail Alert Check Enable to activate function of mail alert 229 230 231 Ping Size DiagnosticsPing Start Routing Table System Log Traffic Overview Detailed Statistics Display the counting number of the received unicast Bad packets transmitted Vlan Computer Name Dhcp TableExpire Time RX rate kbps Data Flow MonitorTX rate kbps Hardware NAT rate Ports State 242 Application and Examples Application for Multi-VLAN 244 How to use QoS function in Vigor2750? 246 247 248 Trouble Shooting Checking If the Hardware Status Is OK or Not For Windows For Mac OS Pinging the Router from Your Computer For Mac OS Terminal Checking If the ISP Settings are OK or Not Run Router Tools Firmware Upgrade Utility 255 256 Software Reset Backing to Factory Default Setting If NecessaryHardware Reset Contacting Your Dealer Appendix Basic Commands Below shows several examples for your reference 260