Reference12r1:IP4/NAT/General: Difference between revisions

From innovaphone wiki
Jump to navigation Jump to search
No edit summary
Line 6: Line 6:
;Enable STUN: If this checkmark is set, a STUN server is started on the box. The STUN server works like a regular STUN server from external. From internal binding requests create a NAT mapping and the binding response contains the public address of the mapping.
;Enable STUN: If this checkmark is set, a STUN server is started on the box. The STUN server works like a regular STUN server from external. From internal binding requests create a NAT mapping and the binding response contains the public address of the mapping.
;Non standard port: The port that shall be used for the STUN server. If empty the well known port 3478 is used.
;Non standard port: The port that shall be used for the STUN server. If empty the well known port 3478 is used.
;STUN Changed Address: A IP address:port must be configured, which will be used as source address for replies, when the client is asking for a changed address. This is used for the classic STUN NAT detection mechanism. Basically any address/port can be used here. It could be that a IP provider does not forward packets with a wrong address, so it is safer to use an address, which is valid in the network of the device. It is also better to use an address, which is not used for something else, because it could be that the local router uses these packets to update its ARP table.  You can use 3480 as port.  
;STUN Changed Address: If the ''Enable STUN'' checkmark is ticked, an IP address:port must be configured, which will be used as source address for replies, when the client is asking for a ''changed address''. This is used for the classic STUN NAT detection mechanism. Basically any address/port can be used here. It could be that a IP provider does not forward packets with a wrong address, so it is safer to use an address, which is valid in the network of the device. It is also better to use an address, which is not used for something else, because it could be that the local router uses these packets to update its ARP table.  You can use 3480 as port.   Note that NAT detecrtion will not work properly if no ''STUN Changed Address'' is configured
;TURN: Up to four TURN accounts can be configured. If a TURN account is configured a TURN server is enabled for this account.
;TURN: Up to four TURN accounts can be configured. If a TURN account is configured a TURN server is enabled for this account.



Revision as of 12:53, 8 August 2017

If the device is used as a router, it is able to connect IP terminals from the network with a non-public address to the public Internet. For this, NAT (Network Address Translation) is necessary. Additional configuration is required on the different IP interfaces (e.g. ETH, PPP, etc.) to define on which interfaces the public and on which interfaces the private network is accessed.


Enable NAT
If this checkmark is set, NAT is enabled. Without this checkmark being set all other NAT settings are without effect.
Enable STUN
If this checkmark is set, a STUN server is started on the box. The STUN server works like a regular STUN server from external. From internal binding requests create a NAT mapping and the binding response contains the public address of the mapping.
Non standard port
The port that shall be used for the STUN server. If empty the well known port 3478 is used.
STUN Changed Address
If the Enable STUN checkmark is ticked, an IP address:port must be configured, which will be used as source address for replies, when the client is asking for a changed address. This is used for the classic STUN NAT detection mechanism. Basically any address/port can be used here. It could be that a IP provider does not forward packets with a wrong address, so it is safer to use an address, which is valid in the network of the device. It is also better to use an address, which is not used for something else, because it could be that the local router uses these packets to update its ARP table. You can use 3480 as port. Note that NAT detecrtion will not work properly if no STUN Changed Address is configured
TURN
Up to four TURN accounts can be configured. If a TURN account is configured a TURN server is enabled for this account.
Default forward destination
If all incoming data packets from the public network are to be forwarded to a particular private IP address, the destination IP address must be entered here.
Port-specific forwarding
To be able to address several internal destinations, different port numbers are assigned to IP addresses of the internal network here.

Known Issues

Note: In v12r1 and higher version it's no longer necessary to enable NAT for the STUN/TURN services be enabled. If NAT it's disable make sure the UDP-NAT port range values are also deleted / not set.

Related Articles