Advanced

Virtual Server
Some applications require multiple connections, such as Internet gaming, video conferencing, Internet telephony and others. These applications have difficulties working through NAT (Network Address Translation). If you need to run applications that require multiple connections, specify the port normally associated with an application in the "Trigger Port" field, select the protocol type as TCP (Transmission Control Protocol) or UDP (User Datagram Protocol), then enter the public ports associated with the trigger port to open them for inbound traffic. At the bottom of the screen, there are already defined well-known special applications. To use them, click on the edit icon and enable the service.

    Name :The name referencing the virtual service.
    Private IP :The server computer in the LAN network that will be providing the virtual services.
    Protocol Type :The protocol used for the virtual service.
    Private Port :The port number of the service used by the Private IP computer.You can input a single port or a range of ports (ex. 5001-5003).
    Public Port :The port number on the WAN side that will be used to access the virtual service.You can input a single port or a range of ports (ex. 5001-5003).
    Schedule :The schedule of time when the virtual service will be enabled.
Example: If you have a Web server that you wanted Internet users to access at all times, you would need to enable it. Web (HTTP) server is on LAN computer 192.168.0.25. HTTP uses port 80, TCP.

Name: Web Server
Private IP: 192.168.0.25
Protocol Type: TCP
Private Port: 80
Public Port: 80
Schedule: always

Click on this icon to edit the virtual service.
Click on this icon to delete the virtual service.

Special Applications
Some applications require multiple connections, like Internet games, video conferencing, Internet telephony and others. These applications have difficulties working with NAT (Network Address Translation). Special Applications allows some of these applications to work. If you need to run applications that require multiple connections, specify the port normally associated with an application in the "Trigger port" field, select the protocol type as TCP (Transmission Control Protocol) or UDP (User Datagram Protocol), then enter the public ports associated with the trigger port to open them for inbound traffic. At the bottom of the screen, there are already defined well-known special applications. To use them, click on the edit icon and enable the service.

    Name :This is the name referencing the special application.
    Trigger Port :This is the port used to trigger the application. It can be either a single port or a range of ports.
    Trigger Type :This is the protocol used to trigger the special application.
    Public Port :This is the port number on the WAN side that will be used to access the application. You may define a single port or a range of ports. You can use a comma to add multiple ports or port ranges.
    Public Type :This is the protocol used for the special application.
If the mechanism of Special Applications fails to make an application work, try using DMZ host instead.

NOTE: At any time, only one PC can use each Special Application.

Filters
Filters are used to deny or allow LAN computers from accessing the Internet. Within the local area network, the unit can be setup to deny Internet access to computers using the assigned IP or MAC addresses. The unit can also block users from accessing restricted web sites.

Filter - IP Filters
Use IP Filters to deny particular LAN IP addresses from accessing the Internet. You can deny specific port numbers or all ports for a specific IP address. The screen will display well-known ports that are defined. To use them, click on the edit icon. You will only need to input the LAN IP address(es) of the computer(s) that will be denied Internet access.

    IP :The IP address of the LAN computer that will be denied access to the Internet. You can also add a range of IP addresses.
    Port :The single port or port range that will be denied access to the Internet. If no port is specified, all ports will be denied access.
    Protocol Type :This is the protocol type that will be used with the Port that will be blocked.
    Schedule :This is the schedule of time when the IP Filter will be enabled.

Filters - MAC Filter
Use MAC Filters to deny computers within the local area network from accessing the Internet. You can either manually add a MAC address or select the MAC address from the list of clients that are currently connected to the unit.
Select Only allow MAC address listed below to access Internet from LAN (Local Area Network) if you only want selected computers to have Internet access and all other computers not to have Internet access.
Select Only deny MAC address listed below to access Internet from LAN (Local Area Network) if you want all computers to have Internet access except the computers in the list.

    Name :The name referencing the MAC filter.
    MAC Address :The MAC address of the computer in the LAN (Local Area Network) to be used in the MAC filter table.
    DHCP Client :DHCP clients will have their host name and MAC address listed here. You can select the client computer you want to add to the MAC filter and click Clone. This will automatically add that computer's MAC address to the MAC Address section

Filters - URL Blocking
URL Blocking is used to deny LAN computers from accessing specific web sites by its URL. A URL is a specially formatted text string that defines a location on the Internet. If any part of the URL contains the blocked word, the site will not be accessible. If any part of the URL contains the blocked word, the web page will not display.

Filters - IPSec Filter
Use IPSec Filters to deny computers within the local area network from establishing VPN tunnels that have been configured at VPN setting page. This filter can deny certain LAN host to transfer data via VPN tunnels. You can either manually add a MAC address or select the MAC address from the list of clients that are currently connected to the unit.
Select Only allow computers with MAC address listed below to access the IPSec Tunnel if you only want selected computers to have IPSec tunnel access and all other computers not to have IPSec tunnel access. Select Only deny computers with MAC address listed below to access the IPSec Tunnel if you want all computers to have IPSec tunnel access except the computers in the list.

    Name :The name referencing the IPSec filter.
    MAC Address :The MAC address of the computer in the LAN (Local Area Network) to be used in the IPSec filter list.
    DHCP Client :DHCP clients will have their host name and MAC address listed here. You can select the client computer you want to add to the IPSec filter and click Clone. This will automatically add that computer's MAC address to the MAC Address section

Filters - Domain Blocking
Domain Blocking is used to deny or allow computers within the LAN (Local Area Network) from accessing specific domains on the Internet. Domain blocking will deny or allow all requests such as http and ftp to a specific domain.
Select Allow users to access all domains except "Blocked Domains" if you allow users to access all domains except the domains in the Blocked Domains list.
Select Deny users to access all domains except "Permitted Domains" if you only want users to access Permitted Domains.
Example: If you want your children to only access particular sites, you would then choose Deny users to access all web sites except "Permitted Domains". Then enter in the domains you want your children to have access to.

  • Disney.com
  • Cartoons.com
  • DiscoveryChannel.com

Firewall Rules
Firewall Rules is an advance feature used to deny or allow traffic from passing through the device. It works in the same way as IP Filters with additional settings. You can create more detailed rules for the device. Please refer to the manual for more details and examples.

SNMP
SNMP (Simple Network Management Protocol) is a widely used network monitoring and control protocol that reports activity on each network device to the administrator of the network. SNMP can be used to monitor traffic and statistics of the DI-804HV. The DI-804HV supports SNMP v1.

    Get Community :Enter the password public in this field to allow "Read only" access to network administration using SNMP. You can view the network, but no configuration is possible with this setting.
    Set Community :Enter the password private in this field to gain "Read and Write" access to the network using SNMP software. The administrator can configure the network with this setting.

DDNS
Users who have a Dynamic DNS account may use this feature on the DI-804HV itself.

    Provider :Select from the list of DDNS servers available.
    Host name :Enter in your DDNS account host name.
    Username/E-mail :Enter in your DDNS account username.
    Password/Key :Enter in your DDNS account password.

Routing
Static routes can be added if you require specific routes within your internal network. These routes will not apply to the WAN (Internet) network.

    Destination :Enter in the IP of the specified network that you want to access using the static route.
    Subnet Mask :Enter in the subnet mask to be used for the specified network.
    Gateway :Enter in the gateway IP address to the specified network.
    Hop :Enter in the amount of hops it will take to the specified network.
    Enable :Select this option for the specified static route to take effect.

DMZ
If you have a computer that cannot run Internet applications properly from behind the DI-804HV, then you can allow that computer to have unrestricted Internet access. Enter the IP address of that computer as a DMZ (Demilitarized Zone) host with unrestricted Internet access. Adding a client to the DMZ may expose that computer to a variety of security risks; so only use this option as a last resort.