ZyXEL NSA325 User Guide - Page 176
UPnP and the NSA’s IP Address, 9.5.2 UPnP and Security, TCP: 2100, a.b.c.d - hack
View all ZyXEL NSA325 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 176 highlights
Chapter 9 Network If your Internet gateway supports Port Address Translation (PAT is sometimes included with a port forwarding feature), you can have the Internet users use a different TCP port number from the one the NSA uses for the service. Figure 82 UPnP Port Address Translation for FTP Example 192.168.1.20 a.b.c.d TCP: 21 TCP: 2100 In the above example, the Internet gateway uses PAT to accept Internet user FTP sessions on port 2100, translate them to port 21, and forward them to the NSA. 9.5.1 UPnP and the NSA's IP Address It is recommended that the NSA use a static IP address (or a static DHCP IP address) if you will allow access to the NSA from the Internet. The UPnP-created NAT mappings keep the IP address the NSA had when you applied your settings in the UPnP Port Mapping screen. They do not automatically update if the NSA's IP address changes. Note: WAN access stops working if the NSA's IP address changes. For example, if the NSA's IP address was 192.168.1.33 when you applied the UPnP Port Mapping screen's settings and the NSA later gets a new IP address of 192.168.1.34 through DHCP, WAN access stops working because the Internet gateway still tries to forward traffic to IP address 192.168.1.33. Since you can no longer access the NSA from the WAN, you would have to access the NSA from the LAN and re-apply your UPnP Port Mapping screen settings to update the Internet gateway's UPnP port mappings. Figure 83 UPnP Using the Wrong IP Address 192.168.1.34 a.b.c.d 192.168.1.33 9.5.2 UPnP and Security UPnP's automated nature makes it easier to use than manually configuring firewall and NAT rules, but it is also less secure. Using UPnP may make your network more susceptible to snooping and hacking attacks. 176 Media Server User's Guide