>> Netopia >> Support >> International Broadband Equipment Support >> Eircom 3300 Series Support Page >> IEQG_025
Pinholes (Port Forwarding) IEQG_025
Pinholes let you pass specific types of network traffic through the Netopia's NAT interfaces. Once configured, selected types of network traffic, such as FTP requests or HTTP (Web) connections, will be forwarded to a specific host or server behind your gateway device.
PLEASE NOTE: From the LAN (Local Area Network), you will also be able to access these servers, but only using the internal private IP address. Access via the public IP address is not supported from a local ethernet connection.

CAUTION: If you are configuring a pinhole for HTTP port 80 (a web server) on your network, or if you need to forward telnet to a local server, you must change the Default Internal Server in the Netopia router. Click Here for instructions.

This technote will guide you through the setup process for Pinholes in your Netopia.

Related documents: Address Forwarding   |  Software Hosting
Firmware Reference v7.2 (and later) -- Netopia 3300 Series

Browse into the Netopia's web interface at http://192.168.1.254 (if using the default IP setting). If your network has a different IP addressing scheme, modify this accordingly.

Once logged in, click on the Expert Mode link in the left-hand side menu (if that link is visible). In the Expert Mode Confirmation screen click on Ok to continue. This menu bar will be visible at the top of your screen if you are in Expert Mode.

Before you start

Remember to click the button to save any entries. Hitting the back button without clicking will undo any changes.

Once you have completed your configuration, click on the symbol in your upper right hand corner to validate the changes. Then click on Save and Restart.

The Netopia Web GUI Home Page in Expert Mode (Firmware v7.2 and later)

Configuration
  1. Click on Configure in the upper Menu bar.
  2. Click on Advanced.

  3. Under the NAT heading in the Network Configuration box,
    click on the Pinhole selection.
  4. Click on the Add button.
  5. In the Pinhole Entry box, enter the parameters for your pinhole. For example, to add a mail server:
    1. In the Pinhole Entries table, in the first line, type the name you would like associated with the pinhole. For this example you might call it SMTP for a mail server.
      PLEASE NOTE: Each pinhole you configure must have a unique name associated with it. If you should duplicate the pinhole name in a subsequent entry, it will overwrite the first entry.
    2. Protocol Select is TCP by default. Different protocols can be selected from the drop-down menu when appropriate.
    3. External Port Start is 25 for this example.
    4. External Port End is also 25 for this example.
    5. Enter the Internal IP Address of your mail server.
    6. The Internal Port is 25.
    7. Click on Submit to save the changes.
    8. Click on the Add More Pinholes link. This takes you back to the Pinholes "menu" screen.

  6. Again, click on Add in the Pinholes box and repeat the previous steps to add,
    if needed, POP3, and substitute port 110 in the 3 corresponding fields.

Configure a PPTP VPN Pass Through:
If you have a PPTP VPN client, such as Microsoft Dial-Up Networking, on a remote computer, and you wish to tunnel into a server (NT or Win2K typically) running VPN services on your LAN, you would create a pinhole for this. This would allow "telecommuters" to access resources on the network.

  1. From the main Pinhole Configuration page, click on the Add button.

  2. This will require two pinhole entries. For the first:
    1. We'll name this one VPN-1.
    2. The Protocol is TCP.
    3. External Port Start and End is 1723.
    4. Enter the Internal IP Address of the server. (192.168.1.20 for our example)
    5. The Internal Port is also 1723.
    6. Click on the Submit button.
    7. Click on the Add More Pinholes link.

  3. Again, click on the Add button.
    1. Name this pinhole VPN-2.
    2. Select PPTP from the drop down Protocol menu.
    3. Leave internal and external ports at 0.
    4. Enter the same IP Address that was added above.
    5. Click on Submit.
    6. Click on Add More Pinholes.

  1. The router will now forward the PPTP traffic to the local server on the network.
Configure a Timbuktu Host:
Timbuktu, manufactured by Netopia, is a popular remote control software application that allows you to control a remote PC or MacIntosh.

PLEASE NOTE: Timbuktu uses a range of ports for the control features of this application. If you have a model 3341/3346 and wish to configure pinholes for this or any application using a range of ports, Please Click Here for specific instructions that pertain to these models ONLY!

  1. Following the previous example, again click on Add, and name this one Timbuktu-1.
    1. Protocol Select is still TCP.
    2. External Port Start is 1417.
    3. External Port End is 1420.
    4. Enter the Internal IP Address of the workstation you wish to control remotely. (Example 192.168.1.15).
    5. Enter 1417 for the Internal Port.
    6. Click Submit for this entry.
    7. Click on the Add More Pinholes link.

  2. Click on Add.
    1. Give this entry a unique name such as Timbuktu-2 to prevent overwriting the first entry.
    2. Change each of the port numbers to 407 in the corresponding three fields.
    3. Click on the Protocol drop-down box and select UDP.
    4. Enter the IP address of the workstation again in the Internal IP Address field.
    5. Click on Submit to save the changes for this entry.
    6. Click on the Add More Pinholes link.

  3. Here you can again click Add for a new pinhole, or you can highlight an existing pinhole entry to Edit the configuration or Delete the entry altogether.

  4. Once you have finished with the configuration of the pinholes, click on the in the upper right hand corner. This will validate that the settings are legal for your network.
  5. Click Save and Restart. This will restart the Netopia and retain the pinhole configuration.
Special Configuration for the 3341/3346
Pinhole configuration in the 3341/3346 models running firmware 6.3.0 R9 are the same with the exception of applications using a range of ports. This platform supports individual port assignments only per entry. For example, the external port start and end, as well as the internal port, must be the same value per unique entry. Using the Timbuktu configuration as an example, the first pinhole would be TCP port 1417, the second pinhole would be TCP port 1418, the third would be TCP port 1419 and the fourth would be TCP port 1420. The fifth entry would then be UDP port 407. Finally, for the purposes of this illustration, there is a mail server on the same computer with the pinhole name SMTP. The first image below illustrates the entry for the first pinhole in the Timbuktu range of ports, and the next image shows the list of pinholes after the configuration is complete as per this example.




  • Click on the in the upper right hand corner. This will validate that the settings are legal for your network.
  • If you get Validation Passed, click Save and Restart in the menu. If it doesn't validate the change, a message will indicate the reason. It must be corrected before the configuration change can be applied.
  • This completes the configuration of the Netopia for IP Maps.
  • The router will reboot and is now set to share the Public IP Address with the computer which has been specified to receive that address.

    • Conclusion
    You've now configured your Netopia Router for port forwarding Pinholes.
    Be sure to restart the router for these changes to take effect.

    Related Links
    Getting Started; TCP/IP Properties
    Installing a Feature Key for the 3300 Series
    Copyright © 2003-2005 Netopia, Inc. All rights reserved.