This article continues an overview of the standard functionality provided by the ASUS supplied firmware. The previous article can be found at: The Asus RT-N16 Router Firmware – Part 3, Advanced LAN Settings.
The previous article dealt with the Advanced LAN Settings, whereas this article will detail the advanced WAN configuration options available.
The goal is to understand the router firmware provided by Asus and compare this with OpenSource firmware options provided by both DD-WRT and Tomato Firmware groups – two popular router OpenSource firmware groups.
The WAN (Wide Area Network) is a computer network which covers a broader area than a LAN. Generally, the LAN is inside your home and the WAN is the rest of the world outside your home. This might be overly simplistic, but basically your home router connects to a WAN which is your entry point to the rest of the world.
WAN – Internet Connection
There are a number of different ways your home network can connect to your internet service provider but in most cases making the physical connection, by plugging your DSL or Cable modem into the WAN port on the Asus RT-N16, should be enough for the router firmware to automatically determine and configure the WAN settings.
In the event you have special configuration instructions from your ISP, these settings may be configured on this screen.
WAN – Port Trigger
Port triggering allows a service outside your home LAN network, on the WAN, to connect to one of your computers inside, on your LAN. You would not want to allow anyone access like this, as it would certainly enable hackers. However, there may be instances when you want to allow outside access to one of your inside computers.
Typically this is done from gaming or audio/video streaming services. Port forwarding can also be used for this but there are differences between the way forwarding and triggering works.
Port triggering is a temporary port opening to your LAN. As the name would imply, it is triggered by one of your LAN computers initiating the connection with the outside service. This connection would be on the port defined in your trigger definition.
Your router remembers the IP address from your LAN computer which initiated the request and allows the destination WAN IP address to make the reverse connection to your home computer. It’s only open for a limited period of time. Additionally, only one connection can be made at a time through this trigger port.
WAN – Virtual Server/Port Forwarding
As already discussed with port triggering, port forwarding is similar in that it allows an outside computer service to connect to one of your home computers using the local IP address and port number specified in this setting.
The difference with port forwarding is that the port is always open and does not require a “trigger” from the internal LAN PC to open the port. It does require that your home computer have a static IP address which matches the one you specify in this setting.
An FTP server is an example of port forwarding as typically port 20 and/or 21 are permanently opened. A range of ports can also be opened along with specifying a certain protocol.
WAN – DMZ
In some cases, exposing specific IP and port addresses from you home LAN to the outside world may not be enough. In these cases you can expose an entire computer to the outside world by specifying the IP address of this one computer using this setting.
Be careful with this setting though as it exposes this entire computer to anyone on the internet.
WAN – DDNS
Most home networks do not have a static IP address which connects them to the internet. Their IP address is dynamic, and automatically assigned by their internet service provider (ISP). This allows the ISP to make more efficient use of IP addresses by having a pool of them and only assigning it when one of their clients makes a connection to the internet.
This works great for outgoing connections from your home network, as you really don’t care what your outside IP address is. However, if you’re somewhere other than your home and want to remotely connect back into your home computer network it makes this difficult as you really do not know what IP address to use for the connection.
Many router manufacturers are making these kinds of remote connections easier by providing a dynamic DNS (Domain Name System) which is abbreviated as DDNS.
In the case of the Asus RT-N16 router, the domain name exposed to the outside world is a subdomain of asuscomm.com. You specify the subdomain name on this configuration screen. You have to first sign up for the service on their website, as it does also require some authentication credentials.
Once configured, the router takes care of automatically updating the DDNS service so that it always knows the correct IP address for your LAN. All you need to remember when connecting remotely is the subdomain host name.
WAN – NAT Passthrough
NAT (network address translation) is a standard router feature that allows your home network to use only one connection to access the internet from multiple computers. It does this by translating your home computer’s private IP address to your ISP’s public IP address for accessing the internet, and then back again.
VPN Passthrough is a router feature which allows an outbound VPN (Virtual Private Network) connection to “pass through” your router’s NAT process. Popular VPN protocols such as PPTP and IPsec do not work with NAT directly, since VPN traffic is encrypted.
NAT Passthrough allows the VPN data to pass without any changes by the NAT process. It only does this though, for certain VPN protocols only which you can specify on this screen.
Next Step
The Asus RT-N16 Router Firmware – Part 5; Advanced IPv6, VPN Server and Firewall Settings.
Return to the Firmware Overview: Asus RT-N16 Router Firmware Overview
