Jumbo Frames
9.5 UPnP Port Mapping Screen
Use UPnP (Universal Plug and Play) port mapping to allow access from the WAN to services you select on the NAS. It is recommended that you place the NAS behind an Internet gateway firewall device to protect the NAS from attacks from the Internet. Many such Internet gateways use UPnP to simplify peer-to-peer network connectivity between devices. UPnP can automatically configure the Internet gateway’s firewall and Network Address Translation (NAT) to allow access to the NAS from the Internet.
Figure 82 UPnP for FTP Access
In the above example, UPnP creates a firewall rule and NAT port forwarding mapping to send FTP traffic (using TCP port number 21) from the public IP address a.b.c.d to the NAS’s private IP address of 192.168.1.20.
Use the NAS’s UPnP Port Mapping screen to configure the UPnP settings your Internet gateway uses to allow access from the WAN (Internet) to services you select on the NAS. You can also set which port Internet users need to use in order to access a specific service on the NAS.
Enable Another Web
Configuration Port Select this to configure an additional HTTP port for accessing the web configurator.
Specify a number in the Port Number field.
Jumbo Frames Jumbo frames improve network performance. You must have a 1 Gbps (Gigabit Ethernet) network that supports jumbo frames. Select the largest size of frame that all of your network devices (including computer Ethernet cards and switches, hubs, or routers) support.
When enabled, you can choose between 4 KB, 8 KB, and 9 KB frame sizes.
Note: If you enable jumbo frames on the NAS in a network that does not support them, you will lose access to the NAS. If this occurs, you will have to restore the factory default configuration. Push the RESET button on the NAS’s rear panel and release it after you hear a beep.
Network Diagnostic
Tool Use this section to test the network connection to a particular IP address or domain name. Select an address or type it into the field. Then click Ping to have the NAS send a packet to test the network connection.
• Successfully pinged host - The NAS is able to “ping” the host, the network connection is OK.
• Unable to ping host - The NAS is able to “ping” the selected host.
Apply Click this to save your TCP/IP configurations. After you click Apply, the NAS restarts.
Wait until you see the Login screen or until the NAS fully boots and then use the NAS Starter Utility to rediscover it.
Reset Click this to restore your previously saved settings.
Table 46 Network > TCP/IP (continued)
LABEL DESCRIPTION
TCP: 21 TCP: 21
192.168.1.20
a.b.c.d
Note: To use UPnP port mapping, your Internet gateway must have UPnP enabled.
If your Internet gateway supports Port Address Translation (PAT is sometimes included with a port forwarding feature), you can have the Internet users use a different TCP port number from the one the NAS uses for the service.
Figure 83 UPnP Port Address Translation for FTP Example
In the above example, the Internet gateway uses PAT to accept Internet user FTP sessions on port 2100, translate them to port 21, and forward them to the NAS.
9.5.1 UPnP and the NAS’s IP Address
It is recommended that the NAS use a static IP address (or a static DHCP IP address) if you will allow access to the NAS from the Internet. The UPnP-created NAT mappings keep the IP address the NAS had when you applied your settings in the UPnP Port Mapping screen. They do not automatically update if the NAS’s IP address changes.
Note: WAN access stops working if the NAS’s IP address changes.
For example, if the NAS’s IP address was 192.168.1.33 when you applied the UPnP Port Mapping screen’s settings and the NAS later gets a new IP address of 192.168.1.34 through DHCP, WAN access stops working because the Internet gateway still tries to forward traffic to IP address 192.168.1.33. Since you can no longer access the NAS from the WAN, you would have to access the NAS from the LAN and re-apply your UPnP Port Mapping screen settings to update the Internet gateway’s UPnP port mappings.
Figure 84 UPnP Using the Wrong IP Address
9.5.2 UPnP and Security
UPnP’s automated nature makes it easier to use than manually configuring firewall and NAT rules,
TCP: 2100
NAS540 User’s Guide
184
9.5.3 The NAS’s Services and UPnP
This section introduces the NAS’s services which an Internet gateway can use UPnP to allow access to from the Internet.
CIFS (Windows File Sharing)
Common Internet File System (CIFS) is a standard protocol supported by most operating systems in order to share files across the network. Using UPnP port mapping for CIFS allows users to connect from the Internet and use programs like Windows Explorer to access the NAS’s shares to copy files from the NAS, delete files on the NAS, or upload files to the NAS from the Internet.
If you configure UPnP port mapping to allow CIFS access from the WAN but cannot get it to work, you may also have to configure the Internet gateway to also allow NetBIOS traffic. See Section 7.3 on page 163 for more on CIFS.
FTP
File Transfer Protocol is a standard file transfer service used on the Internet. Using UPnP port mapping for FTP allows remote users to use FTP from the Internet to access the NAS’s shares. A user with read and write access to a share can copy files from the share, delete files from the share, or upload files to the share. See Section 10.4 on page 194 for more on FTP. If you use UPnP to allow FTP access from the WAN, you may want to use a different WAN port number (instead of the default of port 21) to make it more secure. Remember to tell the remote users to use the custom port number when using FTP to access the NAS.
HTTP (Web Configurator)
You can use UPnP port mapping to allow access to the NAS’s management screens. If you use UPnP to allow web configurator access from the WAN, you may want to use a different WAN port number (instead of the default of port 80) to make it more secure. Remember to use the custom port number when accessing the NAS’s web configurator from the Internet.
HTTP (Web Published Shares)
This is the NAS’s web publishing feature that lets people access files using a web browser without having to log into the Web Configurator. Use UPnP port mapping to allow access to these files from the Internet without having to enter a user name or password. See Section 10.8 on page 210 for more on web publishing.
9.5.4 Configuring UPnP Port Mapping
Click Network > UPnP > Port Mapping to display the UPnP Port Mapping screen.
Use this screen to set how the Internet gateway’s UPnP feature configure’s the Internet gateway’s NAT IP address mapping and port mapping settings. These settings allow Internet users connected to the Internet gateway’s WAN interface to access services on the NAS. You can set which port Internet users need to use to access a specific service on the NAS.
Note: Some Internet gateways will delete all UPnP mappings after reboot. So if the Internet gateway reboots, you may need to use this screen again to re-apply the UPnP port mapping.
Figure 85 Network > UPnP > Port Mapping
The following table describes the labels in this screen.
Table 47 Network > UPnP > Port Mapping
LABEL DESCRIPTION
LAN Use these fields to specify what port the Internet gateway uses to connect from its LAN port to the service on the NAS.
Service Name This read-only field identifies a service on the NAS.
LAN Port Specify the port number (1~65,536) the Internet gateway needs to use to connect from its LAN port to the service on the NAS. This is the NAS’s internal port number for the service. Changing a service’s port number in this screen also changes it in other NAS screens that display it. Similarly, changing a service’s port number in another NAS screen also changes it here.
The number below this icon is your Internet gateway’s WAN IP address (the IP address your Internet gateway uses for connecting to the Internet).
WAN Use these fields to specify what port Internet users must use to connect to the Internet gateway’s WAN port in order to connect to the service on the NAS.
Service Name This read-only field identifies a service on the NAS.
Enable WAN
Access Select this check box to have UPnP configure your Internet gateway to allow access from the Internet to the NAS’s service.
If you clear this check box, people will not be able to access the NAS’s service from the Internet unless you manually configure the Internet gateway’s firewall and NAT rules to allow access.
NAS540 User’s Guide