Return to the product page

Port Mapping (advanced topic)

Port mapping allows you to redirect any user requests sent to specific remote ports to local ports instead. Choose Tools - Port mapping from the main menu to access this feature. Port mapping can be used for transparent proxying, access control, etc. This feature can also redirect new network users, who are not currently configured in the bandwidth manager, to a "Welcome" web-page with your own content. This should be particularly useful for wireless ISPs (WISP).

While the port mapping feature has many useful applications, the current implementation has a limitation: it does not process outgoing traffic.

Here are further details of how transparent proxying and unknown user redirect are implemented using port mapping:

Transparent proxying is a complex technical task. You will need to have a thorough understanding of what you are doing as well as a good understanding of the TCP layer, the HTTP protocol and what is happening in the connection. Basically, you will need a Windows based computer to act as a gateway. Bandwidth Manager and a proxy server should be installed on this computer as shown in the example below.

Here is a brief explanation using this example: You want the users having network addresses 192.168.0.2 and 192.168.0.3 to access the WWW through the proxy server. Currently, the users are able to access the WWW directly through the gateway. The proxy server runs on port 3128. First define a mapping which redirects data packets to local port 3128. Then define a rule for 192.168.0.2. and associate it with the mapping that was just defined. It looks like this

The rule for 192.168.0.3 will be similar. Now, if you have done everything correctly and the proxy server is properly configured, any HTTP request from 192.168.0.2 will be intercepted by the bandwidth manager and forwarded to the local proxy server through port 3128. The proxy server then analyzes the request, downloads the requested information from the Internet, returns it to the bandwidth manager which, in turn, returns it to the user who initiated the request.

Please note: Configuring the proxy server is a separate task and is out of the scope of this document.

Unknown user redirect This technique is very useful for wireless internet service providers where new users can appear on the network at any time. You need a network configured like the one described above for transparent proxying. The workstations can be wired, wireless or a mixture. Here is an example using the same network configuration as before. You want any new users who join your network to be redirected to a "Welcome" page where they can read how to pay for the Internet services you provide. You should run a local DHCP and Web-server. Your current rule set should look like this

Rules 1 and 2 are associated with the existing workstations. Rule 3 must be associated with a port redirect to the specific local URL where your "Welcome" page is located. If, for example, the page is on host http://192.168.0.1/welcome.php then define a mapping with this URL and associate it with the third rule. Any new user who is not listed in rules 1 and 2 will be allocated an address in the range 192.168.0.0 - 192.168.0.255 by the DHCP server. They will then be caught by the third rule and redirected to your "Welcome" web-page. Obviously this procedure works for HTTP requests only.