Choosing the Advanced option displays the screen shown in
Figure 11-10 The Advanced Settings Screen for a Home Use Router
The Operation Mode allows you to set the device to either act as only a Wi-Fi access point—sometimes called bridge mode—or as a router and Wi-Fi AP. Choose bridge mode if you have separate routing and Wi-Fi support devices, as shown in Figure 11-3 options A and B. Not all routers have built-in Wi-Fi APs like the one shown here, so this option may not be available.
Use the MAC Clone option when the provider only connects to a device with a specific physical interface (MAC) address. The MAC clone option allows you to replace a combined router/MODEM device supplied by a provider with a separate router and MODEM.
The DHCP Server option allows you to split the home network IP address space into two parts using this option:
• The Dynamic Host Configuration Protocol (DHCP) gives addresses to hosts requesting an address.
• Addresses reserved for manual configuration on devices like network-attached storage (NAS), gaming, and media streaming servers.
For instance, if you know you will never need to connect more than 25 devices to the network, you can set the DHCP pool to 30 addresses (leaving some room for mistakes, overlapping assignments, etc.) and reserve the remaining addresses on the subnet for manually configuring devices.
The LAN IP option, in this case, opens a separate screen that allows you to manually configure the router’s IP address on the internal interface. Figure 11-11 illustrates the LAN IP screen from the TP-Link application.
Figure 11-11 LAN IP Configuration
The default IP address/subnet mask for most routers designed for home use is 192.168.0.1/24, part of the private IPv4 address space. You can set the LAN IP to just about any IPv4 address— although you should stick with one of the private addresses described in Chapter 2, “Addresses.” The subnet mask is often not configurable on this class of devices.
NAT Forwarding
The NAT Forwarding option allows you to relate a specific port number on the outside (provider-facing) interface to a specific IP address on the internal network. Figure 11-12 illustrates using NAT forwarding to allow external access to a server connected to a home network.
Figure 11-12 NAT Forwarding in a Home Router
The NAT Forwarding option creates a permanent (or static) Network Address Translation (NAT) entry mapping an external address and port number outside the network to a single port number on a host inside the network.
Host A might know what IP address to use to reach B but cannot know what port number to use to reach a specific service running on B. The router translates the addresses and port numbers on traffic traveling between these two hosts using Network Address Translation.
Host A cannot send packets to the web server running on server C. C’s owner, however, might want A—or any other host connected to the Internet—to reach this web server. To allow this access, C’s owner can configure a permanent NAT mapping from some port on the external IP address—in this case, port 80 —to some port on server C.
When A connects to 203.0.113.101:80, the router translates this to 192.168.0.10:80, so A is really connecting to C.
Creating this kind of permanent mapping is sometimes called punching a hole through the firewall.
Static NAT traversal might not always make a server connected to a home network reachable from the Internet. Many providers now use Commercial Grade Network Address
Translation (cgNAT) to translate addresses assigned to customers to external, publicly reachable addresses on the Internet. Figure 11-13 illustrates cgNAT.
Figure 11-13 Carrier Grade Network Address Translation
In Figure 11-13, if host F sends packets to 203.0.113.101:80, router D translates the address and port number to 192.168.0.10:80 and forwards the packet to host C. However, because router E translates IP addresses and port numbers using 198.51.100.50, there is again no way for A to know what IP address and port number to use when sending packets to host C.