Local Servers (Port Forwarding)

In its default state, OpenRG blocks all external users from connecting to or communicating with your network. Therefore the system is safe from hackers who may try to intrude on the network and damage it. However, you may want to expose your network to the Internet in certain limited and controlled ways in order to enable some applications to work from the LAN (game, voice and chat applications, for example) and to enable Internet-access to servers in the home network. The Local Servers feature supports both of these functionalities. If you are familiar with networking terminology and concepts, you may have encountered this topic referred to as "Port Forwarding".

The Local Servers screen shows the most commonly used applications that require special handling by OpenRG--all you have to do is identify which of them you want to use and the local IP address of the computer that will be using the service. For example, if you wanted to use the Net2Phone voice application on one of your PCs you would simply select `Net2Phone' from the list and enter the local IP address or host name of that computer in the right-hand column. All Net2Phone-related data arriving at OpenRG from the Internet will henceforth be forwarded to the specified computer.

Similarly, if you want to grant Internet users access to servers inside your home network, you must identify each service that you want to provide and the PC that will provide it. For example, if you want to host a Web server inside the home network you must select `HTTP - Web Server' from the list and enter the local IP address or host name of the computer that will host the Web server in the right-hand column. Then when an Internet user points her browser to the external IP address of OpenRG, the Gateway will forward the incoming HTTP request to the computer that is hosting the Web server.

Additionally, Local Servers enable you to redirect traffic to a port different than the port it was designated. Lets say, that you have a web server running on your PC on port 8080 and you want to grant access to this server to anyone who accesses OpenRG via HTTP. To accomplish this, do the following:

• Define a local server for the HTTP service, with the PC's IP or host name.
• Specify 8080 in the 'Forwarded Port' field.

All incoming HTTP traffic will now be forward to the PC running the web server on port 8080.

Figure 6.6: Local Servers

Note: Some applications, such as FTP, TFTP, PPTP and H323, require the support of special specific Application Level Gateway (ALG) modules in order to work inside the home network. Data packets associated with these applications contain information that allows them to be routed correctly. An ALG is needed to handle these packets and ensure that they reach their intended destinations. OpenRG is equipped with a robust list of ALG modules in order to enable maximum functionality in the home network.
The ALG is automatically assigned based on the destination port.

Click the 'Local Servers' button to view the list of special services and local servers that are currently enabled in the home network (see figure 6.6).

• To add a new service to the active local servers:
  1. Click the 'New Entry' button. The 'Add Local Servers' screen will appear (see figure 6.7).
  2. Select the service that you would like to provide.
  3. Enter the local IP address or the host name of the computer that will provide the service (the ``server''). Note that only one LAN computer can be assigned to provide a specific service or application.
  4. Select a port to forward communications to (note that this parameter is optional). If not specified, data will be forwarded to the original port number.
  5. Define the time period during which the local server will be active. You can either select from a predefined list of schedules by selecting one from the 'Schedule' combo box, or create a new schedule by pressing the 'New' link. To learn how to create a new time schedule, see Chapter 9.11.
  6. Click the 'OK' button to save your changes and return to the 'Local Servers' screen.
  Note: To add a service that is not included in the list click the 'New User-Defined Service' link. The 'Edit Service' screen will appear. Define the service, then press the 'OK' button to save your changes (see section 6.10 for assistance). The service will then be automatically added to the top section of the 'Add Local Servers' screen. You may now select the service, just as you would a pre-defined service.

  Figure 6.7: Add Local Servers

  

• To edit an entry in the Local Servers table so that a service can be provided by a different local computer:
  1. Click the Edit button for the service. The 'Edit Service' screen will appear.
  2. Enter the IP address or the host name of the computer that you would like to provide this service.
  3. Click the 'OK' button to save your changes and return to the 'Local Servers' screen.

You may disable a service and make the service unavailable without having to remove the service from the Local Servers table. This may be useful if you wish to make the service unavailable only temporarily and expect that you will want to make it available again in the future.

How many computers can use a service or play a game simultaneously? Well, the answer may be a bit confusing. All the computers on the network can use a specific service as clients simultaneously. Being a client means that the computer within the network initiates the connection-for example, opens an FTP connection with an FTP server on the Internet. But only one computer can serve as a server, meaning responding to requests from computers on the Internet. Assigning a specific computer as a server is done in the Local Servers section of Web-based management.