TRENDware MIMO Wireless Router : Help / Advanced

Virtual Server

The Virtual Server option gives Internet users access to services on your LAN. This feature is useful for hosting online services such as FTP, Web, or game servers. For each Virtual Server, you define a public port on your router for redirection to an internal LAN IP Address and LAN port.

Example:

You are hosting a Web Server on a PC that has LAN IP Address of 192.168.0.50 and your ISP is blocking Port 80.

Name the Virtual Server (for example: Web Server)
Enter the IP Address of the machine on your LAN (for example: 192.168.0.50
Enter the Private Port as [80]
Enter the Public Port as [8888]
Select the Protocol - TCP
Ensure the schedule is set to Always
Click Save to add the settings to the Virtual Servers List
Repeat these steps for each Virtual Server Rule you wish to add. After the list is complete, click Save Settings at the top of the page.

With this Virtual Server entry, all Internet traffic on Port 8888 will be redirected to your internal web server on port 80 at IP Address 192.168.0.50.

Add/Edit Virtual Server

In this section you can add an entry to the Vertual Servers List below or edit an existing entry.

Enable: Entries in the list can be either active (enabled) or inactive (disabled).
Name: Assign a meaningful name to the virtual server, for example Web Server. Several well-known types of virtual server are available from the "Select Virtual Server" list. Selecting one of these entries fills some of the remaining parameters with standard values for that type of server.
IP Address: The IP address of the system on your internal network that will provide the virtual service, for example 192.168.0.50.
Protocol: Select the protocol used by the service.
Private Port: The port that will be used on your internal network.
Public Port: The port that will be accessed from the Internet.
Inbound Filter: Select a filter that controls access as needed for this virtual server. If you do not see the filter you need in the list of filters, go to the Advanced -> Inbound Filter screen and create a new filter.
Schedule: Select a schedule for when the service will be enabled. If you do not see the schedule you need in the list of schedules, go to the Tools -> Schedules screen and create a new schedule.
Save: Saves the new or edited virtual server entry in the following list. When finished updating the virtual server entries, you must still click the Save Settings button at the top of the page to make the changes effective and permanent.

Virtual Servers List

The section shows the currently defined virtual servers. A Virtual Server can be changed by clicking the Edit icon, or deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Edit Virtual Server" section is activated for editing.

Note: You might have trouble accessing a virtual server using its public identity (WAN-side IP-address of the gateway or its dynamic DNS name) from a machine on the LAN. Your requests may not be looped back or you may be redirected to the "Forbidden" page.

This will happen if you have an Access Control Rule configured for this LAN machine.

The requests from the LAN machine will not be looped back if Internet access is blocked at the time of access. To work around this problem, access the LAN machine using its LAN-side identity.

Requests may be redirected to the "Forbidden" page if web access for the LAN machine is restricted by an Access Control Rule. Add the WAN-side identity (WAN-side IP-address of the router or its dynamic DNS name) on the Advanced -> Web Filter screen to work around this problem.

Special Applications

Application Level Gateway (ALG) Configurations

Here you can enable or disable ALGs. Some protocols and applications require special handling of the IP payload to make them work with network address translation (NAT). Each ALG provides special handling for a specific protocol or application. A number of ALGs for common applications are enabled by default.

PPTP: Allows multiple machines on the LAN to connect to their corporate network using PPTP protocol.
IPSec VPN: Allows multiple VPN clients to connect to their corporate network using IPSec. Some VPN clients support traversal of IPSec through NAT. This ALG may interfere with the operation of such VPN clients. If you are having trouble connecting with your corporate network, try turning this ALG off.
Please check with the system adminstrator of your corporate network whether your VPN client supports NAT traversal.
RTSP: Allows applications that use Real Time Streaming Protocol to receive streaming media from the internet. QuickTime and Real Player are some of the common applications using this protocol.
Windows Messenger: Supports use of Microsoft Windows Messenger (the Internet messaging client that ships with Microsoft Windows) on LAN computers. The SIP ALG must also be enabled when the Windows Messenger ALG is enabled.
FTP: Allows FTP clients and servers to transfer data across NAT. Refer to the Advanced -> Virtual Server page if you want to host an FTP server.
NetMeeting: Allows Microsoft NetMeeting clients to communicate across NAT. Note that if you want your buddies to call you, you should also set up a virtual server for NetMeeting. Refer to the Advanced -> Virtual Server page for information on how to set up a virtual server.
SIP: Allows devices and applications using VoIP (Voice over IP) to communicate across NAT. Some VoIP applications and devices have the ability to discover NAT devices and work around them. This ALG may interfere with the operation of such devices. If you are having trouble making VoIP calls, try turning this ALG off.
Wake-On-LAN: This feature enables forwarding of "magic packets" (that is, specially formatted wake-up packets) from the WAN to a LAN computer or other device that is "Wake on LAN" (WOL) capable. The WOL device must be defined as such on the Advanced -> Virtual Server page. The LAN IP address for the virtual server is typically set to the broadcast address 192.168.0.255. The computer on the LAN whose MAC address is contained in the magic packet will be awakened.
AOL: Use this ALG if you are experiencing frequent disconnects from the AOL server due to inactivity.
MMS: Allows Windows Media Player, using MMS protocol, to receive streaming media from the internet.
L2TP: Allows multiple machines on the LAN to connect to their corporate network using the L2TP protocol.

Add/Edit Special Applications Rule

The Special Application section is used to open single or multiple ports on your router when the router senses data sent to the Internet on a "trigger" port or port range. Special Applications rules apply to all computers on your internal network.

Example:: You need to configure your router to allow a software application running on any computer on your network to connect to a web-based server or another user on the Internet.

Name: Enter a name for the Special Application Rule, for example Game App, which will help you identify the rule in the future. You can also select from a list of common applications, and the remaining configuration values will be filled in accordingly.
Trigger Port Range: Enter the outgoing port range used by your application. [6500-6700]
Trigger Protocol: Select the outbound protocol used by your application. [Both]
Input Port Range: Enter the port range that you want to open up to Internet traffic. [6000-6200]
Input Protocol: Select the protocol used by the Internet traffic coming back into the router through the opened port range. [Both]
Schedule: Select a schedule for when this rule is in effect. If you do not see the schedule you need in the list of schedules, go to the Tools -> Schedules screen and create a new schedule.
Save: Saves the new or edited Special Applications Rule in the following list. When finished updating the special applications rules, you must still click the Save Settings button at the top of the page to make the changes effective and permanent.

With this Special Application Rule enabled, the router will open up a range of ports from 6000-6200 for incoming traffic from the Internet, whenever any computer on the internal network opens up an application that sends data to the Internet using a port in the range of 6500-6700.

Special Applications Rules List

The section shows the currently defined special applications rules. A special applications rule can be changed by clicking the Edit icon, or deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Edit Special Applications Rule" section is activated for editing.

Gaming

Multiple connections are required by some applications, such as internet games, video conferencing, Internet telephony, and others. These applications have difficulties working through NAT (Network Address Translation). The Gaming section is used to open multiple ports or a range of ports in your router and redirect data through those ports to a single PC on your network. This feature allows you to enter ports in various formats:

Range (50-100)
Individual (80, 68, 888)
Mixed (1020-5000, 689)

Edit/Add Game Rule

Here you can add entries to the Game Rules List below, or edit existing entries.

Example:: You are hosting an online game server that is running on a PC with a Private IP Address of 192.168.0.50. This game requires that you open multiple ports (6159-6180, 99) on the router so Internet users can connect.

Enable: Each entry in Game Rules List can be active (enabled) or inactive (disabled)
Name: Give the Gaming Rule a name that is meaningful to you, for example Game Server. You can also select from a list of popular games, and many of the remaining configuration values will be filled in accordingly. However, you should check whether the port values have changed since this list was created, and you must fill in the IP address field.
IP Address: Enter the local network IP address of the system hosting the game server, for example 192.168.0.50.
TCP Ports To Open: Enter the TCP ports to open. [6159-6180, 99]
UDP Ports To Open: Enter the UDP ports to open. [6159-6180, 99]
Inbound Filter: Select a filter that controls access as needed for this game rule. If you do not see the filter you need in the list of filters, go to the Advanced -> Inbound Filter screen and create a new filter.
Schedule: Select a schedule for the times when this rule is in effect. If you do not see the schedule you need in the list of schedules, go to the Tools -> Schedules screen and create a new schedule.
Save: Saves the new or edited Game Rule in the following list. When finished updating the game rules, you must still click the Save Settings button at the top of the page to make the changes effective and permanent.

With this Gaming Rule enabled, all TCP and UDP traffic on ports 6159 through 6180 and port 99 is passed through the router and redirected to the Internal Private IP Address of your Game Server at 192.168.0.50.

Game Rules List

The section shows the currently defined game rules. A game rule can be changed by clicking the Edit icon, or deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Edit Game Rule" section is activated for editing.

Traffic Shaping

The Traffic Shaping feature helps improve your network gaming performance by prioritizing applications. By default, the Traffic Shaping settings are disabled.

Traffic Shaping Setup

Enable Traffic Shaping: This option is disabled by default. Enable it for better performance and experience with online games and other interactive applications, such as VoIP.
Automatic Classification: This option is enabled by default so that your router will automatically determine which programs should have network priority.
Dynamic Fragmentation: This option should be enabled when you have a slow Internet uplink. It helps to reduce the impact that large low priority network packets can have on more urgent ones by breaking the large packets into several smaller packets.
Automatic Uplink Speed: When enabled, this option causes the router to automatically measure the useful uplink bandwidth each time the WAN interface is re-established (after a reboot, for example).
Measured Uplink Speed: This is the uplink speed measured when the WAN interface was last re-established. The value may be lower than that reported by your ISP as it does not include all of the network protocol overheads associated with your ISP's network. Typically, this figure will be between 87% and 91% of the stated uplink speed for xDSL connections and around 5 kbps lower for cable network connections.
Uplink Speed: If Automatic Uplink Speed is disabled, this options allows you to set the uplink speed manually. Uplink speed is the speed at which data can be transferred from the router to your ISP. This is determined by your ISP. ISPs often specify speed as a downlink/uplink pair; for example, 1.5Mbits/284Kbits. For this example, you would enter "284". Alternatively you can test your uplink speed with a service such as http://www.dslreports.com/. Note however that sites such as DSL Reports, because they do not consider as many network protocol overheads, will generally note speeds slightly lower than the Measured Uplink Speed or the ISP rated speed.
Connection Type: By default, the router automatically determines whether the underlying connection is an xDSL/Frame-relay network or some other connection type (such as cable modem or Ethernet), and it displays the result as Detected xDSL or Frame Relay Network. If you have an unusual network connection in which you are actually connected via xDSL but for which you configure either "Static" or "DHCP" in the WAN settings, setting this option to xDSL or Other Frame Relay Network ensures that the router will recognize that it needs to shape traffic slightly differently in order to give the best performance. Choosing xDSL or Other Frame Relay Network causes the measured uplink speed to be reported slightly lower than before on such connections, but gives much better results.
Detected xDSL or Frame Relay Network: When Connection Type is set to Auto-detect, the automatically detected connection type is displayed here.

Add/Edit Traffic Shaping Rule

Automatic classification will be adequate for most applications, and specific Traffic Shaping Rules will not be required. A Traffic Shaping Rule identifies a specific message flow and assigns a priority to that flow.

Enable: Each entry in Traffic Shaping Rules List can be active (enabled) or inactive (disabled)
Name: Create a name for the rule that is meaningful to you.
Priority: The priority of the message flow is entered here. 0 receives the highest priority (most urgent) and 255 receives the lowest priority (least urgent).
Protocol: The protocol used by the messages.
Source IP Range: The rule applies to a flow of messages whose LAN-side IP address falls within the range set here.
Source Port Range: The rule applies to a flow of messages whose LAN-side port number is within the range set here.
Destination IP Range: The rule applies to a flow of messages whose WAN-side IP address falls within the range set here.
Destination Port Range: The rule applies to a flow of messages whose WAN-side port number is within the range set here.
Save: Saves the new or edited Traffic Shaping Rule in the following list. When finished updating the Traffic Shaping rules, you must still click the Save Settings button at the top of the page to make the changes effective and permanent.

Traffic Shaping Rules List

The section shows the currently defined Traffic Shaping rules. A Traffic Shaping rule can be changed by clicking the Edit icon, or deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Edit Traffic Shaping Rule" section is activated for editing.

Routing

Add/Edit Route

Adds a new route to the IP routing table or edits an existing route.

Enable: Specifies whether the entry will be enabled or disabled.

Destination IP: The IP address of packets that will take this route.

Netmask: One bits in the mask specify which bits of the IP address must match.

Gateway: Specifies the next hop to be taken if this route is used. A gateway of 0.0.0.0 implies there is no next hop, and the IP address matched is directly connected to the router on the interface specified: LAN or WAN.

Interface: Specifies the interface -- LAN or WAN -- that the IP packet must use to transit out of the router, when this route is used.

Metric: The relative cost of using this route.

Save: Saves the new or edited route in the following list. When finished updating the routing table, you must still click the Save Settings button at the top of the page to make the changes effective and permanent.

Routes List

The section shows the current routing table entries. Certain required routes are predefined and cannot be changed. Routes that you add can be changed by clicking the Edit icon, or deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Edit Route" section is activated for editing.

Access Control

The Access Control section allows you to control access in and out of devices on your network. Use this feature as Parental Controls to only grant access to approved sites, limit web access based on time or dates, and/or block access from applications such as peer-to-peer utilities or games.

Enable

By default, the Access Control feature is disabled. If you need Access Control, check this option, and you will see the following configuration sections.

Note: When Access Control is disabled, every device on the LAN has unrestricted access to the Internet. However, if you enable Access Control, Internet access is restricted for those devices that have an Access Control Rule configured for them. All other devices will have unrestricted access to the Internet.

Add/Edit Access Control Rule

Access Control Rules specify what a LAN device is allowed to access. Here you can add entries to the Access Control Rules List or edit existing entries.

Enable

Each entry in Access Control Rules List can be active (enabled) or inactive (disabled)

Policy Name

Create a name for this access control policy (rule) that is meaningful to you. Typically this would be a system name or user name; for example "Casey's PC".

Address Type

Select the type of address on which you want to base the rule.

IP Address: Enter the IP Address of the machine that you want the access control rule to apply to. Make sure that the device on the LAN either has a static IP address (that is, one that is not in the DHCP range) or is in the Static DHCP Client List (see Basic -> DHCP).

Machine Address: Enter the MAC Address of the machine that you want the access control rule to apply to. If you want to enter the MAC Address of the computer you are using, click the Copy Your PC's MAC Address button.

Others: If you want to restrict access for all devices that do not have an explicit rule configured for them, then select "Others" for the Address Type.

Schedule

Select a schedule of the times when you want the policy to apply. If you do not see the schedule you need in the list of schedules, go to the Tools -> Schedules screen and create a new schedule.

Apply Web Filter

With this option enabled, the specified system will only have access to the Web sites listed in the Web Filter section.

Log Internet Access

If this option is enabled, all of the Web sites visited by the specified machine will be logged.

Filter Ports

By clicking the Filter Ports >> button you can specify that the rule prohibits access to specific IP addresses and ports.

Save

Saves the new or edited access control rule in the following list. Repeat the process, creating an Access Control Rule for each of the devices on your LAN that needs access to the Internet. When finished updating the Access Control Rules, you must still click the Save Settings button at the top of the page to make the changes effective and permanent.

Access Control Rules List

This section shows the current access control rules. Rules can be changed by clicking the Edit icon, or deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Edit Access Control Rule" section is activated for editing.

Web Filter

The Web Filter section is where you add the Web sites to be used for Access Control.

Add/Edit Web Site

This is where you can add Web sites to the Allowed Web Site List or change entries in the Allowed Web Site List. The Allowed Web Site List is used for systems that have the Web filter option enabled in Access Control.

Enable: Entries in the Allowed Web Site List can be activated or deactivated with this checkbox. New entries are activated by default.
Web Site: Enter the URL (address) of the Web Site that you want to allow; for example: google.com. Do not enter the http:// preceding the URL. Enter the most inclusive domain; for example, enter trendware.com and access will be permitted to both www.trendware.com and support.trendware.com.
Note: Many web sites construct pages with images and content from other web sites. Access will be forbidden if you do not enable all the web sites used to construct a page. For example, to access my.yahoo.com, you need to enable access to yahoo.com, yimg.com, and doubleclick.net.
Save: Saves the new or edited Allowed Web Site in the following list. When finished updating the Allowed Web Site List, you must still click the Save Settings button at the top of the page to make the changes effective and permanent.

Allowed Web Site List

The section lists the currently allowed web sites. An allowed web site can be changed by clicking the Edit icon, or deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Edit Web Site" section is activated for editing.

MAC Address Filter

The MAC address filter section can be used to filter network access by machines based on the unique MAC addresses of their network adapter(s). It is most useful to prevent unauthorized wireless devices from connecting to your network. A MAC address is a unique ID assigned by the manufacturer of the network adapter.

Enable MAC Address Filter

When this is enabled, computers are granted or denied network access depending on the mode of the filter.

Note: Misconfiguration of this feature can prevent any machine from accessing the network. In such a situation, you can regain access by activating the factory defaults button on the router itself.

Filter Settings

Mode: When "only allow listed machines" is selected, only computers with MAC addresses listed in the MAC Address List are granted network access. When "only deny listed machines" is selected, any computer with a MAC address listed in the MAC Address List is refused access to the network.
Filter Wireless Clients: When this is selected, the MAC address filters will be applied to wireless network clients.
Filter Wired Clients: When this is selected, the MAC address filters will be applied to wired network clients.

Add/Edit MAC Address

In this section, you can add entries to the MAC Address List below, or edit existing entries.

Enable: MAC address entries can be activated or deactivated with this checkbox.
MAC Address: Enter the MAC address of the desired computer or connect to the router from the desired computer and click the Copy Your PC's MAC Address button.
Save: Saves the new or edited MAC Address entry in the following list. When finished updating the MAC Address List, you must still click the Save Settings button at the top of the page to make the changes effective and permanent.

MAC Address List

The section lists the current MAC Address filters. A MAC Address entry can be changed by clicking the Edit icon, or deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Edit MAC Address" section is activated for editing.

Firewall

Enable SPI: SPI ("stateful packet inspection" also known as "dynamic packet filtering") helps to prevent cyberattacks by tracking more state per session. It validates that the traffic passing through that session conforms to the protocol. When SPI is enabled, the extra state information will be reported on the Status -> Active Sessions page.
Enable DMZ: DMZ means "Demilitarized Zone." If an application has trouble working from behind the router, you can expose one computer to the Internet and run the application on that computer.
Note: Putting a computer in the DMZ may expose that computer to a variety of security risks. Use of this option is only recommended as a last resort.
DMZ IP Address: Specify the IP address of the computer on the LAN that you want to have unrestricted Internet communication. If this computer obtains its address Automatically using DHCP, then you may want to make a static reservation on the Basic -> DHCP page so that the IP address of the DMZ machine does not change.

Inbound Filter

The Inbound Filter option is an advanced method of controlling data received from the Internet. With this feature you can configure inbound data filtering rules that control data based on IP Address.

Inbound Filters can be used for limiting access to a server on your network to a system or group of systems. Filter rules can be used with Virtual Server, Gaming, or Remote Administration features. Each filter can be used for several functions; for example a "Game Clan" filter might allow all of the members of a particular gaming group to play several different games for which gaming entries have been created. At the same time an "Admin" filter might only allows systems from your office network to access the WAN admin pages and an FTP server you use at home. If you add an IP address to a filter, the change is effected in all of the places where the filter is used.

Add/Edit Inbound Filter Rule

Here you can add entries to the Inbound Filter Rules List below, or edit existing entries.

Name: Enter a name for the rule that is meaningful to you.
Action: The rule can either Allow or Deny messages.
Source IP Range: Define the ranges of Internet addresses this rule applies to. For a single IP address, enter the same address in both the Start and End boxes. Up to eight ranges can be entered. The Enable checkbox allows you to turn on or off specific entries in the list of ranges.
Save: Saves the new or edited Inbound Filter Rule in the following list. When finished updating the Inbound Filter Rules List, you must still click the Save Settings button at the top of the page to make the changes effective and permanent.

Inbound Filter Rules List

The section lists the current Inbound Filter Rules. An Inbound Filter Rule can be changed by clicking the Edit icon, or deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Edit Inbound Filter Rule" section is activated for editing.

In addition to the filters listed here, two predefined filters are available wherever inbound filters can be applied:

Allow All: Permit any WAN user to access the related capability.
Deny All: Prevent all WAN users from accessing the related capability. (LAN users are not affected by Inbound Filter Rules.)

Advanced Wireless

Fragmentation Threshold: This setting should remain at its default value of 2346. Setting the Fragmentation value too low may result in poor performance.
RTS Threshold: This setting should remain at its default value of 2346. If you encounter inconsistent data flow, only minor modifications to the value are recommended.
Beacon Period: Beacons are packets sent by a wireless router to synchronize wireless devices. Specify a Beacon Period value between 20 and 1000. The default value is set to 100 milliseconds.
DTIM Interval: A DTIM is a countdown informing clients of the next window for listening to broadcast and multicast messages. When the wireless router has buffered broadcast or multicast messages for associated clients, it sends the next DTIM with a DTIM Interval value. Wireless clients detect the beacons and awaken to receive the broadcast and multicast messages. The default value is 1. Valid settings are between 1 and 255.
802.11d Enable: Enables 802.11d operation. 802.11d is a wireless specification for operation in additional regulatory domains. This supplement to the 802.11 specifications defines the physical layer requirements (channelization, hopping patterns, new values for current MIB attributes, and other requirements to extend the operation of 802.11 WLANs to new regulatory domains (countries). The current 802.11 standard defines operation in only a few regulatory domains (countries). This supplement adds the requirements and definitions necessary to allow 802.11 WLAN equipment to operate in markets not served by the current standard. Enable this option if you are operating in one of these "additional regulatory domains".
Transmit Power: Normally the wireless transmitter operates at 100% power. In some circumstances, however, there might be a need to isolate specific frequencies to a smaller area. By reducing the power of the radio, you can prevent transmissions from reaching beyond your corporate/home office or designated wireless area.
WDS Enable: When WDS is enabled, this access point functions as a wireless repeater and is able to wirelessly communicate with other APs via WDS links. Note that WDS is incompatible with WPA -- both features cannot be used at the same time. A WDS link is bidirectional; so this AP must know the MAC Address (creates the WDS link) of the other AP, and the other AP must have a WDS link back to this AP.
WDS AP MAC Address: Specifies one-half of the WDS link. The other AP must also have the MAC address of this AP to create the WDS link back to this AP.

Schedules

Schedules can be created for use with enforcing rules. For example, if you want to restrict web access to Mon-Fri from 3pm to 8pm, you could create a schedule selecting Mon, Tue, Wed, Thu, and Fri and enter a Start Time of 3pm and End Time of 8pm.

Add/Edit Schedule Rule

In this section you can add entries to the Schedule Rules List below or edit existing entries.

Name: Give the schedule a name that is meaningful to you, such as "Weekday rule".
Day(s): Place a checkmark in the boxes for the desired days or select the All Week radio button to select all seven days of the week.
All Day - 24 hrs: Select this option if you want this schedule in effect all day for the selected day(s).
Start Time: If you don't use the All Day option, then you enter the time here. The start time is entered in two fields. The first box is for the hour and the second box is for the minute. Email events are triggered only by the start time.
End Time: The end time is entered in the same format as the start time. The hour in the first box and the minutes in the second box. The end time is used for most other rules, but is not used for email events.
Save: Saves the new or edited Schedule Rule in the following list. When finished updating the Schedule Rules, you must still click the Save Settings button at the top of the page to make the changes effective and permanent.

Schedule Rules List

The section shows the currently defined Schedule Rules. A Schedule Rule can be changed by clicking the Edit icon, or deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the "Edit Schedule Rule" section is activated for editing.

Help

Advanced Help