Manualshelf

User`s manual

ManualsBrandsZyXEL Communications ManualsNetwork CardADSL2+ Ethernet Gateway P-660R-T Series
12345678910
P-660R-F1 Support Notes
6
All contents copyright © 2011 ZyXEL Communications Corporation.
single user account.
When P-660R-F1 acting as SUA receives a packet from a local client destined for
the outside Internet, it replaces the source address in the IP packet header with
its own address and the source port in the TCP or UDP header with another
value chosen out of a local pool. It then recomputed the appropriate header
checksums and forwards the packet to the Internet as if it is originated from
P-660R-F1 using the IP address assigned by ISP. When reply packets from the
external Internet are received by P-660R-F1, the original IP source address and
TCP/UDP source port numbers are written into the destination fields of the
packet (since it is now moving in the opposite direction), the checksums are
recomputed, and the packet is delivered to its true destination. This is because
SUA keeps a table of the IP addresses and port numbers of the local systems
currently using it.
9. Is it possible to access a server running behind SUA from the outside
Internet? How can I do it?
Yes, it is possible because P-660R-F1 delivers the packet to the local server by
looking up to a SUA server table. Therefore, to make a local server accessible to
the outside users, the port number and the inside IP address of the server must
be configured. (You can configure it in Web Configurator, Advanced Setup,
Network -> NAT -> Port Forwarding.
10. How many network users can the SUA/NAT support?
The P-660R-F1 does not limit the number of the users but the number of the NAT
sessions. The P-660R-F1 supports 1024 sessions.
11. What are Device filters and Protocol filters?
In ZyNOS, the filters have been separated into two groups. One group is called
'device filter group', and the other is called 'protocol filter group'. Generic filters
belong to the 'device filter group', TCP/IP and IPX filters belong to the 'protocol
filter group'. You can configure the filter rule in CLI.
Note: In ZyNOS, you can not mix different filter groups in the same filter set.
12. How can I protect against IP spoofing attacks?
The P-660R-F1's filter sets provide a means to protect against IP spoofing
attacks. The basic scheme is according to your need to set different filter type.
There are two types of filter: Protocol Filter and Generic Filter.
For the rule setup: