This article continues an overview of the functionality provided by the DD-WRT OpenSource router firmware. The previous article can be found at: DD-WRT Firmware on the Asus RT-N16 Router – Part 4, Security and Access Restrictions.
The previous article dealt with the different Security and Access Restriction options available, whereas this article will detail the NAT and QoS configuration options available.
The goal is to understand the different options provided by the DD-WRT OpenSource router firmware and compare it with the firmware provided by Asus when you purchase the RT-N16 device. Also, another popular OpenSource router firmware distribution from the Tomato Firmware group will be reviewed.
NAT / QoS – Port Forwarding
Port forwarding opens a port in your routers firewall which allows a site on the Internet (WAN) to access one of your home network computers specified using the IP address. A specific port must be entered for both the source computer on the WAN and the internal computer in your LAN.
Additionally the IP address you specify here for the home computer should already have been defined as a static IP address in the DHCP Service. Otherwise the next time the DHCP server assigns a new IP address to this computer it has a good chance of being wrong.
NAT / QoS – Port Range Forwarding
This is similar to the previous Port Forwarding option only now you have the ability to specify a range of ports.
Both of these configuration options should be used with caution, and disabled when no longer needed. They do expose your home network to external sites on the Internet (WAN).
NAT / QoS – Port Triggering
Port Triggering is very similar to port forwarding as far as the end result is concerned – it allows a computer on the WAN to access one of your computers in your home network. How it does this though is different.
When you create a port forwarding rule, it permanently opens that port. This is the reason for needing a static IP address for your home computer, the port is forever opened unless you disable or delete the rule.
With port triggering the difference is that the port is not always open. Instead, it opens only when your home computer initiates a request to the external Internet site. The router keeps track of this, along with the current IP address of the home computer so that when the remote site initiates contact it knows to let it through.
It’s still a security risk, but with more protection than simply keeping a port open continuously.
NAT / QoS – Universal Plug and Play (UPnP)
The UPnP allows applications on your home network to configure port forwarding for you. This keeps inexperienced users from having to manually configure the router themselves.
Versions of Windows Home Server required this to be enabled so that from within the servers control panel you could simply click a button to have it automatically configure the router for you – to allow remote connections.
NAT / QoS – Demilitarized Zone (DMZ)
Rather than opening specific ports in your routers NAT database you may have need to open all ports for a specific home computer. This can be done simply by entering the IP address of that computer on this screen. The computer would need a static IP address assigned to it.
Be careful when using this option as it exposes this computer completely to the Internet. Proper firewalls will need to be configured on this computer as the router firewall will pass everything through.
NAT / QoS – Quality of Service (QoS)
QoS is a method of bandwidth management by giving you an option to prioritize the traffic on your router. Typically, the interactive traffic including VoIP/telephony, games and web browsing would get priority over file downloads. The goal is to allow both kinds of traffic to work together, without the unimportant tasks interrupting the more important ones.
When enabling the Quality of Service option, you must decide whether to apply the bandwidth limits to either the WAN device or the LAN and wireless LAN (WLAN) device. The wired LAN ports and the wireless LAN are considered as one single, virtual device.
QoS is divided into four bandwidth classes called Premium, Express, Standard, and Bulk. Unclassified services will use the Standard bandwidth class.
Next Step
DD-WRT Firmware on the Asus RT-N16 Router – Part 6, Administration.
Return to the Firmware Overview: Asus RT-N16 Router Firmware Overview
