Advanced wireless routing settings-virtual server and DMZ host

Advanced Settings of wireless routing-virtual servers and DMZ hosts this article mainly introduces the virtual servers and DMZ host functions of wireless routers, that is, allow Internet users to access the servers in the home. Therefore, if you do not have this requirement, you can skip this section. To ensure LAN security, the vro hides the IP address of the LAN host by default, so that the Internet computer cannot establish a connection with the LAN computer. Therefore, to enable Internet users to access servers in the LAN, you need to set virtual server entries. "Virtual Server" defines the relationship between the Internet Service port of the router and the IP address of the LAN server. All Internet service requests to this port are forwarded to the LAN server specified by the IP address. This ensures that Internet users can successfully access the servers in the LAN without affecting the network security in the LAN. Requirement Description: Because Internet users cannot directly access the servers in the LAN and can only access the Internet address of the router, the essence of "virtual server" is, in fact, the server in the LAN is published to a port on the Internet address of the router. When an Internet user accesses the Internet address of the router, it actually accesses the Intranet server. Next, let's look at the specific application of "virtual server" through an example. The topology is shown as follows: configuration step 1. WEB Server 1) set up a server on the Intranet to ensure that the Intranet pc can be accessed normally and that the server can access the Internet normally; 2) log on to the vro Management page and choose "forwarding rules"> "virtual server" to configure port ing. For example, you can use port 8080 to access the WEB server on port 80. ◆ Service name: enter the name of the Virtual Server rule, which can contain up to 28 characters. ◆ External port: enter the port used by the router for Wan access. In this example, port 8080 is used. ◆ Internal port: Enter the server port in the LAN. In this example, port 80 is used. ◆ Service protocol: You can select TCP or UDP or both (depending on the Intranet server ). ◆ Internal Server IP Address: Enter the IP address of the WEB server in the LAN. In this example, It is 192.168.1.100. ◆ Enable/disable a rule: "enable" indicates that the rule takes effect. "Disable" indicates that the rule does not take effect. After entering all the information, click "add" to complete the addition. The added rule information is as follows: 3) after the configuration is complete, the Internet pc can use the WAN port IP address of the router and the external port number to access the Intranet WEB server (in this example, the WAN port IP address is 1.1.1.1 and the access method is http: // 1.1.1.1: 8080 ). 4) if the WAN port IP address is obtained through PPPOE dialing or dynamic retrieval, you can apply for a dynamic domain name of the peanut shell to access the internal server through the domain name. Note: If the port opened by the server is port 80, you must change the Management port of the router before implementing port ing. The change method is as follows: choose System Service> WEB Server> service port> WEB Service port to change the default port 80 to 88 or another port. After modification, log on to the vro management interface as follows: http://LAN Port IP Address: New Port. In some special circumstances, users want to expose a computer in the LAN to the WAN completely to implement bidirectional communication. In this case, they can set the computer as a DMZ host. When an Internet user accesses the Internet address of the router, the computer in the LAN is actually accessed. After a DMZ (Demilitarized Zone) host is set in the LAN, the host is completely exposed to the WAN for Bidirectional unrestricted communication. The DMZ host is actually a virtual server that opens all ports. When the open port of the virtual server to be set is unknown, you can set it as a DMZ host. Select the menu forwarding rule> DMZ host. You can set the DMZ host on the page shown in Figure 5-28. ▲Dmz host status: Select whether to enable the DMZ host function. DMZ Host IP Address: Enter the static IP address of the LAN computer on which you want to set the DMZ host. After setting, click Save. Instance: Set the computer with the IP address 192.168.0.10 in the LAN as a DMZ host to implement bidirectional communication between the computer and another host on the Internet. Setting Method: when the host is set to a DMZ host, the computer is completely exposed to the Internet, and the firewall no longer works for the host. When an Internet user accesses the Internet address of the router, the computer is 192.168.0.10. Note: 1. Adding a DMZ host may cause insecurity to the host, so do not use this option easily. 2. The priority of the DMZ host is lower than that of the virtual server. Access from Internet users to the same port of the vro will be preferentially forwarded to the local area network server corresponding to the virtual server.