Chapter 9 Network

network connectivity between devices. UPnP can automatically configure the Internet gateway’s firewall and Network Address Translation (NAT) to allow access to the NSA from the Internet.

Figure 95 UPnP for FTP Access

192.168.1.20

a.b.c.d
TCP: 21

TCP: 21

In the above example, UPnP creates a firewall rule and NAT port forwarding mapping to send FTP traffic (using TCP port number 21) from the public IP address a.b.c.d to the NSA’s private IP address of 192.168.1.20.

Use the NSA’s UPnP Port Mapping screen to configure the UPnP settings your Internet gateway uses to allow access from the WAN (Internet) to services you select on the NSA. You can also set which port Internet users need to use in order to access a specific service on the NSA.

Note: To use UPnP port mapping, your Internet gateway must have UPnP enabled.

If your Internet gateway supports Port Address Translation (PAT is sometimes included with a port forwarding feature), you can have the Internet users use a different TCP port number from the one the NSA uses for the service.

Figure 96 UPnP Port Address Translation for FTP Example

192.168.1.20

a.b.c.d

TCP: 21

TCP: 2100

In the above example, the Internet gateway uses PAT to accept Internet user FTP sessions on port 2100, translate them to port 21, and forward them to the NSA.

9.5.1 UPnP and the NSA’s IP Address

It is recommended that the NSA use a static IP address (or a static DHCP IP address) if you will allow access to the NSA from the Internet. The UPnP-created NAT mappings keep the IP address the NSA had when you applied your settings in the UPnP Port Mapping screen. They do not automatically update if the NSA’s IP address changes.

Note: WAN access stops working if the NSA’s IP address changes.

For example, if the NSA’s IP address was 192.168.1.33 when you applied the UPnP Port Mapping screen’s settings and the NSA later gets a new IP address of 192.168.1.34 through DHCP, WAN access stops working because the Internet gateway still tries to forward traffic to IP address 192.168.1.33. Since you can no longer access the NSA from the WAN, you would have to access

 

179

Media Server User’s Guide