http://192.168.0.1/h-adv.

htm#smap

Advanced
Virtual Server
Some applications require multiple connections, such as Internet gaming, video conferencing, Internet
telephony and others. These applications have difficulties working through NAT (Network Address
Translation). If you need to run applications that require multiple connections, specify the port normally
associatedwith an application in the "Trigger Port" field, select the protocol type as TCP (Transmission
Control Protocol) or UDP (User Datagram Protocol), then enter the public ports associated with the
trigger port to open them for inbound traffic. At the bottom of the screen, there are already defined
well-known special applications. To use them, click on the edit icon and enable the service.

Name :The name referencing the virtual service.

Private IP :The server computer in the LAN network that will be providing the virtual services.
Private Port :The port number of the service used by the Private IP computer. You can input a
single port or a range of ports (ex. 5001-5003).
Protocol Type :The protocol used for the virtual service.
Public Port :The port number on the WAN side that will be used to access the virtual service.
You can input a single port or a range of ports (ex. 5001-5003).
Schedule :The schedule of time when the virtual service will be enabled.

Example : If you have a Web server that you wanted Internet users to access at all times, you would
need to enable it. Web (HTTP) server is on LAN computer 192.168.0.25. HTTP uses port 80, TCP.

Name: Web Server

Private IP: 192.168.0.25
Protocol Type: TCP
Private Port: 80
Public Port: 80
Schedule: always

Click on this icon to edit the virtual service.

Click on this icon to delete the virtual service.

Special Applications
Some applications require multiple connections, like Internet games, video conferencing, Internet
telephony and others. These applications have difficulties working with NAT (Network Address
Translation). Special Applications allows some of these applications to work. If you need to run
applications that require multiple connections,specify the port normally associated with an application in
the "Trigger Port" field, select the protocol type as TCP (Transmission Control Protocol) or UDP (User
Datagram Protocol), then enter the public ports associated with the trigger port to open them for inbound
traffic. At the bottom of the screen, there are already defined well-known special applications. To use
them, click on the edit icon and enable the service.

Name :This is the name referencing the special application.

Trigger Port :This is the port used to trigger the application. It can be either a single port or a
range of ports.
Trigger Type :This is the protocol used to trigger the special application.
Public Port :This is the port number on the WAN side that will be used to access the application.
You may define a single port or a range of ports. You can use a comma to addmultiple ports or
port ranges.
Public Type :This is the protocol used for the special application.

If the mechanism of Special Applications fails to make an application work, try using DMZ host instead.

NOTE: At any time, only one PC can use each Special Application. .

1 of 3 3/14/2009 10:51 AM
 http://192.168.0.1/h-adv.htm#smap

Filters
Filters are used to deny or allow LAN computers from accessing the Internet. Within the local area
network, the unit can be setup to deny Internet access to computers using the assigned IP or MAC
addresses. The unit can also block users from accessing restricted web sites.

Filter - IP Filters
Use IP Filters to deny particular LAN IP addresses from accessing the Internet. You can deny specific
port numbers or all ports for a specific IP address. The screen will display well-known ports that are
defined. To use them, click on the edit icon. You will only need to input the LAN IP address(es) of the
computer(s) that will be denied Internet access.

IP :The IP address of the LAN computer that will be denied access to the Internet. You can also
add a range of IP addresses.
Port :The single port or port range that will be denied access to the Internet. If no port is
specified, all ports will be denied access.
Protocol Type :This is the protocol type that will be used with the Port that will be blocked.
Schedule :This is the schedule of time when the IP Filter will be enabled.

Filters - MAC Filter

Use MAC Filters to deny computers within the local area network from accessing the Internet. You can
either manually add a MAC address or select the MAC address from the list of clients that are currently
connected to the unit.
Select Only allow MAC address listed below to access Internet from LAN (Local Area Network) if
youonly want selected computers to have Internet access and all other computers not to have Internet
access.
Select Only deny MAC address listed below to access Internet from LAN (Local Area Network) if you
want all computers to have Internet access except the computers in the list.

Name :The name referencing the MAC filter.

MAC Address :The MAC address of the computer in the LAN (Local Area Network) to be used in
the MAC filter table.
DHCP Client :DHCP clients will have their host name and MAC address listed here. You can
select the client computer you want to add to the MAC filter and click Clone. This will
automatically add that computer's MAC address to the MAC Address section

Filters - URL Blocking

URL Blocking is used to deny LAN computers from accessing specific web sites by its URL. A URL is a
specially formatted text string that defines a location on the Internet. If any part of the URL contains the
blocked word, the site will not be accessible. If any part of the URL contains the blocked word, the web
page will not display.

Filters - Domain Blocking

Domain Blocking is used to deny or allow computers within the LAN (LocalArea Network) from accessing
specific domains on the Internet. Domain blocking will deny or allow all requests such as http and ftp to a
specific domain.
Select Allow users to access all domains except "Blocked Domains" if you allow users to access all
domains except the domains in the Blocked Domains list.
Select Deny users to access all domains except "Permitted Domains" if you only want users to access
Permitted Domains.
Example : If you want your children to only access particular sites, you would then choose Deny users
to access all web sites except "Permitted Domains". Then enter in the domains you want your children to
have access to.

Disney.com
Cartoons.com
DiscoveryChannel.com

Firewall Rules

2 of 3 3/14/2009 10:51 AM
 http://192.168.0.1/h-adv.htm#smap

Firewall Rules is an advance feature used to deny or allow traffic from passing through the device. It
works in the same way as IP Filters with additional settings. You can create more detailed rules for the
device. Please refer to the manual for more details and examples.

DDNS
Users who have a Dynamic DNS account may use this feature on the DI-524 itself.

Provider :Select from the list of DDNS servers available.

Host name :Enter in your DDNS account host name.
Username/E-mail :Enter in your DDNS account username.
Password/Key :Enter in your DDNS account password.

DMZ
If you have a computer that cannot run Internet applications properly from behind the DI-524, then you
can allow that computer to have unrestricted Internet access. Enter the IP address of that computer as a
DMZ (Demilitarized Zone) host with unrestricted Internet access. Adding a client to the DMZ may expose
that computer to a variety of security risks; so only use this option as a last resort.

Wireless Performance
You are able to change wireless performance settings. This is for advance users and it is not
recommended to adjust these settings.

Beacon Interval :Beacons are packets sent by an Access Point to synchronize a wireless
network. Specify a Beacon interval value between 1 and 65535. The default value is set to 100
milliseconds.
RTS Threshold :This value should remain at its default setting of 2432. If you encounter
inconsistent data flow, only minor modifications to the value range between 256 and 2432 are
recommended. The default value for RTS Threshold is set to 2432.
Fragmentation :This value should remain at its default setting of 2346. If you experience a high
packet error rate, you mayslightly increase your "Fragmentation" value within the value range of
256 to 2346. Setting the Fragmentation value too low may result in poor performance.
DTIM interval (beacon rate) :Enter a value between 1 and 255 for the Delivery Traffic Indication
Message (DTIM). A DTIM is a countdown informing clients of the next window for listening to
broadcast and multicast messages. When the Access Point has buffered broadcast or multicast
messages for associated clients, it sends the next DTIM with a DTIM Interval value. AP clients
hear the beacons and awaken to receive the broadcast and multicast messages. The default
value for DTIM interval is set to 3.
Transmission (TX) Rates :Select the basic transfer rates based on the speed of wireless
adapters on the WLAN (wireless local area network).
Preamble Type :The Preamble Type defines the length of the CRC (Cyclic Redundancy Check)
block for communication between the Access Point and roaming wireless adapters. Make sure to
select the appropriate preamble type and click the Apply button.
NoteHigh network traffic areas should use the shorter preamble type. CRC is a common
technique for detecting data transmission errors.
Authentication Type :For added security on the wireless network, when enabling Encryption, the
Authentication type can also be selected. If Shared Key is selected, the Access Point will not be
seen on the wireless network except to the wireless clients that share the same WEP key with
MAC Addresses allowed access as specified in Filter List. If Open System is chosen, only the
wireless clients with the same WEP key will be able to communicate on the wireless network, but
the Access Point will be visible to all devices on the network. The default value for Authentication
is set to "Auto".

3 of 3 3/14/2009 10:51 AM