ZyXEL Communications ZYWALL 5 - V4.04 Guía de usuario descargar pdf (Pagina 167)

ZyXEL Confidential

404XD3C0.docx

167/181

Appendix 2 Trigger Port

Introduction

Some routers try to get around this "one port per customer" limitation by using

"triggered" maps. Triggered maps work by having the router watch outgoing data for a

specific port number and protocol. When the router finds a match, it remembers the IP

address of the computer that sent the matching data. When the requested data wants to

come back in through the firewall, the router uses the port mapping rules that are linked to

the trigger, and the IP address of the computer that "pulled" the trigger, to get the data back

to the proper computer.

These triggered events can be timed so that they erase the port mapping as soon as

they are done with the data transfer, so that the port mapping can be triggered by another

Client computer. This gives the illusion that multiple computers can use the same port

mapping at the same time, but the computers are really just taking turns using the mapping.

How to use it

Following table is a configuration table.

Name Incoming Trigger

Napster 6699 6699

Quicktime 4 Client 6970-32000 554

Real Audio 6970-7170 7070

User 1001-1100 1-100

How it works

For example, you are running a FTP Server on port 21 of machine A. And you may

want this server accessible from the Internet without enabling NAT-based firewall. There

are one Web Server on port 80 of machine B and another client C on the Internet.

(1) As Prestige receives a packet from a local client A destined for the outside Internet

machine B, it will check the destination port in the TCP/UDP header to see if it matches

the setting in "Trigger Port" (80). If it matches, Prestige records the source IP of A

(192.168.1.33) in its internal table.

(2) Now client C (or client B) tries to access the FTP server in machine A. When Prestige

to forward any un-requested traffic generated from Internet, it will first check the rules

in port forwarding set. When no matches are found, it will then check the "Incoming

Port". If it matches, Prestige will forward the packet to the recorded IP address in the

1 2 ... 162 163 164 165 166 167 168 169 170 171 172 ... 180 181

Sin comentarios

ZyXEL Communications ZYWALL 5 - V4.04 Guía de usuario Pagina 167