ZyXEL NSA325 User Manual
Chapter 9 Network
Media Server User’s Guide
176
If your Internet gateway supports Port Address Translation (PAT is sometimes included with a port
forwarding feature), you can have the Internet users use a different TCP port number from the one
the NSA uses for the service.
forwarding feature), you can have the Internet users use a different TCP port number from the one
the NSA uses for the service.
Figure 82
UPnP Port Address Translation for FTP Example
In the above example, the Internet gateway uses PAT to accept Internet user FTP sessions on port
2100, translate them to port 21, and forward them to the NSA.
2100, translate them to port 21, and forward them to the NSA.
9.5.1 UPnP and the NSA’s IP Address
It is recommended that the NSA use a static IP address (or a static DHCP IP address) if you will
allow access to the NSA from the Internet. The UPnP-created NAT mappings keep the IP address
the NSA had when you applied your settings in the UPnP Port Mapping screen. They do not
automatically update if the NSA’s IP address changes.
allow access to the NSA from the Internet. The UPnP-created NAT mappings keep the IP address
the NSA had when you applied your settings in the UPnP Port Mapping screen. They do not
automatically update if the NSA’s IP address changes.
Note: WAN access stops working if the NSA’s IP address changes.
For example, if the NSA’s IP address was 192.168.1.33 when you applied the UPnP Port Mapping
screen’s settings and the NSA later gets a new IP address of 192.168.1.34 through DHCP, WAN
access stops working because the Internet gateway still tries to forward traffic to IP address
192.168.1.33. Since you can no longer access the NSA from the WAN, you would have to access
the NSA from the LAN and re-apply your UPnP Port Mapping screen settings to update the
Internet gateway’s UPnP port mappings.
screen’s settings and the NSA later gets a new IP address of 192.168.1.34 through DHCP, WAN
access stops working because the Internet gateway still tries to forward traffic to IP address
192.168.1.33. Since you can no longer access the NSA from the WAN, you would have to access
the NSA from the LAN and re-apply your UPnP Port Mapping screen settings to update the
Internet gateway’s UPnP port mappings.
Figure 83
UPnP Using the Wrong IP Address
9.5.2 UPnP and Security
UPnP’s automated nature makes it easier to use than manually configuring firewall and NAT rules,
but it is also less secure. Using UPnP may make your network more susceptible to snooping and
hacking attacks.
but it is also less secure. Using UPnP may make your network more susceptible to snooping and
hacking attacks.
TCP: 2100
TCP: 21
192.168.1.20
a.b.c.d
192.168.1.34
a.b.c.d
192.168.1.33