hello......i have a ZTE ZXDSL 531B modem from dataone broadband and it has two options enable nat and enable firewall...but no firewall settings....so
1.Is there a general guide to setup firewall configuration in nat router?
2.Is a router firewall effective without tweaking any settings i.e. at default level?
thanks...........

First, it seems you are using xDSL modem. For xDSL modems, NAT can be enabled only if your ISP is running the service on IPoX ( IPoE or IPoA).

ISP can run broadband using PPPoX or IPoX. If they choose later, you will have an option to do NAT. Incase, the ISP chooses PPP based protection no NAT is possible since NAT needs IP.
If I remember correctly BSNL DataOne uses PPPoA/E ( depends on area, some places have full PPPoE support. Others are still running PPPoA legacy ). So I think the modem provided, is also a something that can't fully support NAT.

Please check and get back if your ISP is using IPoX. If possible provide some details of it. Then maybe, I could guide you. ( My xDSL CPE skill set is rusty. Its been a long time, since I left that product set. So Sorry, in advance ).

hey vijay.....
1.maybe these screen shots would explain my router status better....
2. router firewall is stealthing the ports( i pressume) for kis2009 does not do that and at grc sheilds up my ports come stealthed.

thathagat, looks like you are running PPPoE on CPE with NAT enabled.

Looks like, NAT is enabled. Now your WAN IP = IP Given by ISP via PPPoE. But since it uses PPP for obtaining IP, I am not sure if NAT will work. You need some pretty intelligent software, to take the IP info obtained from PPP and then route effectively.
PS: This modem uses same broadcom chipset as Comtrend (which is much more popular. And has english manuals available). Hence you will find the exact same GUI also there, I suggest you download Comtrend user manual (like CT 5372, or any other ADSL2+ cpe from the Comtrend) for reference.

Most CPE has a very basic firewall with default minimal ruleset. Most of them just operate on the first 3 layers only and that too handle very few scenarios. Only in High-end models you can find a full configurable firewall ( since a dedicated firewall needs a powerful network processor, which most cheap ones don't carry).

With these routers, you get NAT+SPI and essentially the firewall drops all unsolicited inbound packets. Usually you can configure exceptions - such as port forwarding and DMZ - in separate sections, and that's all.

As already suggested above, download the manual/documentation and explore the GUI to see what's available there. If you connect multiple boxes to it, do NOT disable NAT.

-{ Quote: "But since it uses PPP for obtaining IP, I am not sure if NAT will work." }-

Why not? PPP is designed specificaly for this.

-{ Quote: "With these routers, you get NAT+SPI and essentially the firewall drops all unsolicited inbound packets. Usually you can configure exceptions - such as port forwarding and DMZ - in separate sections, and that's all." }-

Yes.

In most, if not all home routers the term "firewall" will refer to a state table. It is a simple IP/port check mechanism which will ensure that only requested inbound packets are forwarded to your IP (based on what has been requested by outbound). Many vendors will refer to it as "SPI". Some may find this type of check insufficient so there is an option to untick the "Firewall" option in a router and use a software firewall of your choice.

If you untick "Enable NAT" then your router will run in "bridged" mode. Your PC/NIC will then get an external (WAN) IP assigned to you by your ISP and no LAN is available. If you untick "Enable Firewall" as well, then state table will not be kept for that IP and all inbound packets will be sent directly to your TCP/IP stack (or to a software firewall of your choice).

State table will be kept for stateful (TCP) and stateless (UDP, ICMP) protocols. For that reason, there is no need for additional filtering except for PortMapping (from a screenshot) when you wish to omit certain ports (or a range of ports) from filtering. PortMapping is valid/available only in NAT "mode".

Nick, if you look up NAT ( RFC 3439 ), you will find that its designed for the DL as ETH.
Here the OP, is using a xDSL CPE with ISP using PPPoE for authentication.

Now if CPE is used as PPPoE dialer. Then WAN side uses PPPoE, while LAN side uses ETH. Hence your CPE is already acting as router and doing translation between ETH packets with LAN IP to PPPoE packets on WAN side. So ineffect, you have a partial NAT like behavior. ( Not fully NAT, since its PPP ). So enable/disable NAT will probably do nothing here.

Suppose CPE is not PPPoE dialer and PC is used to dial PPPoE connection. Here CPE will NOT ACT AS ROUTER, since the LAN side has active PPPoE connection and IP, while WAN side is basically bridged.

In summary, in both cases you can have at best routing. But not NAT. Although some vendors have custom NAT-like-implementation, these as per my knowledge died off, due to an array of vendor conflict issues.

-{ Quote: "With these routers, you get NAT+SPI and essentially the firewall drops all unsolicited inbound packets. Usually you can configure exceptions - such as port forwarding and DMZ - in separate sections, and that's all.

As already suggested above, download the manual/documentation and explore the GUI to see what's available there. If you connect multiple boxes to it, do NOT disable NAT." }-
If I remember correctly, these chipsets/lines of CPE don't have SPI support. And their firewall is basic and covers at most the first 3 layers. Which basically protects users from floods and does some IP-based filtering (like you mentioned unsolicited packet drop is key here ).

Man....now i am confused.............:doubt:
1.does this router firewall in its present status add a layer of protection to firewall of kis2009 or vice-versa ?
2.two of my other pc's have avast pro and no firewall with this xDSL nat router are they safe or do i need a software firewall....though i use returnil on virtually each of my pc/laptop ?
3.This is supposedly the best xDSL nat router provided by bsnl/dataone my isp provider should i move to netgear or something better for my home connection or this is just fine...?
4.wow...and i thought software firewalls were difficult to configure...:wacko:

-{ Quote: "
In summary, in both cases you can have at best routing. But not NAT. Although some vendors have custom NAT-like-implementation, these as per my knowledge died off, due to an array of vendor conflict issues." }-

Eh? What on earth are you talking about?

1/ PPPoE is a standard ADSL technology.
2/ No, they won't have just routing unless their ISP has gone completely mad. The router will receive the public IP and will assign IPs from the reserved private range to its DHCP clients on the local LAN.

Please, stop confusing the OP with completely nonsensical information.

thathagat, maybe this http://gujarat.bsnl.co.in/ZTE1.PDF ZXDSL 531B User Manual will help you.

-{ Quote: "thathagat, maybe this http://gujarat.bsnl.co.in/ZTE1.PDF ZXDSL 531B User Manual will help you." }-

thanks for the link....but
1.no configuration of firewall/routing/nat/port etc is provided in the manual i already have a copy of it, it came with the ZXDSL 531B .
2.guys.....are you saying
(a) nat/routing/firewall is there but cannot work?
(b)the firewall works but is basic at the most?
(c)firewall/nat/routing works fine as in most cases?
(d0 nat/routing/firewall not present?

Thatagat,
In WAN settings, make sure MTU is set to 1452 as thats the default MTU BSNL runs on, then make sure that you change the MTU in your LAN via utilities like TCP Optimizer if you are running XP, for Vista, the procedure is different. No need to add a extra layer of firewall in your system to slow down already slow BB. Just use common sense, good AV and a HIPS, thats all. The NAT will hide your IP and the base firewall in the router will protect you from DDoS etc. Apart from that, the only reason for you to upgrade your existing router would be if you face slowdowns with P2P, downloads and frequent disconnections. Then a Netgear or DLink will do better. For routers with Firewall, you need to get the high end and in your case, that extra added cost is not really justified.

-{ Quote: "Eh? What on earth are you talking about?

1/ PPPoE is a standard ADSL technology.
2/ No, they won't have just routing unless their ISP has gone completely mad. The router will receive the public IP and will assign IPs from the reserved private range to its DHCP clients on the local LAN.

Please, stop confusing the OP with completely nonsensical information." }-
With all due respect, DN I have the same set of questions for you...
ADSL/VDSL is a physical layer technology. PPP is Data Link Layer. Please refer OSI model for reference. PPPoX is used only by ISPs which have not moved to pure IP/ETH backbone. Most VDSL providers provide IPoE only.

Of course they will route !! Your LAN side is in public subnet like 192.168.1.x and your ISP will provide you a private IP which is obtained by the WAN side (via PPPoE in this case). It has to be routed ....

Again, if you feel to refute me please give me the specs, RFC, IEEE, ITU standard you are referring to. Because although I have not worked on DSLAMs for a while, I am sure the standards have not changed.

Ok, since everything is running amok here. Please let me lay down info straight.

xDSL is physical layer technology. Now over it a user can connect to the ISP network and then the internet. Now there are multiple technologies and methods for the user to connect to the NOC of the ISP. Each of the following depends on the implementation used at NOC and the ISP preference.

1. PPPoA : PPP packets are encapsulated on ATM cells. Typically CHAP authentication in PPP is used by ISP for authentication. In this case, the NOC has a ADSL DSLAM and backbone based on ATM.
The CPE in this case, will act as router. Since WAN side (connected to ISP) works on PPPoA and the LAN side (user side) works on ETH. Since user side is on ETH, the CPE has to act as a PPPoA dialer.

2. IPoA : IP encapsulated in ATM. same as last case, the NOC still has some parts of legacy ATM equipment. Since its ATM, DHCP can't be used (as ATM has no broadcast only MC VC). So mostly DSLAM or other ISP equipment will act as proxy to obtain IP via DHCP from the part of the NOC which as ETH and then it will relay it back to the CPE.

Again due same as last case the CPE will have to act as router .

3. PPPoE: Here the NOC is ETH based, but still uses legacy PPP for user billing and management. Now as we can see ISP uses ETH , which is same as User PC (ETH as stated earlier).
So we can have 2 scenarios:
a) We let User PC start PPPoE session. In this case CPE acts just as a DSL modem nothing more. Packet received from user, just needs to be sent over xDSL to NOC. No need to alter packet in any way.
b) CPE starts PPPoE session. In this case, LAN side remains same ( its have public subnet IPs). But WAN side will dial via PPPoE and start a session. Now we see both sides have IPs in different subnet. For ex: User PC = 192.168.1.100 & IP given by ISP (WAN) = 44.33.22.11
Now xDSL CPE has to route between the 2 interfaces.

4. IPoE : In this the complete NOC to user architecture is based on IP/ETH. So here the NOC will allocate IP using DHCP. So there again 2 cases (just like the last case)
a) User PC sends DHCP directly to NOC : In this case xDSL CPE just acts like modem.
b) CPE's WAN sends DHCP to NOC : In this case, WAN side will get private IP from ISP, while LAN side will be in public subnet. So CPE will route between the two.

NOTES:
1) NAT as per RFC is designed for IP stack. Hence NAT can be done only with IPoA or IPoX. Not with PPPoX, where you will have general routing only.
2) User PC will use DHCP for getting IP from CPE: In cases 1,2,3.b,4.b PC send DHCP and its responded to by CPE. The IP given can be configured on CPE itself and hence is always in public IP subnet. Note, this is not routed/forwarded to NOC.

I know, I have added lot of technical gibberish. Please feel to comment to make it more understandable.
Thanks...

-{ Quote: "thanks for the link....but
1.no configuration of firewall/routing/nat/port etc is provided in the manual i already have a copy of it, it came with the ZXDSL 531B .
2.guys.....are you saying
(a) nat/routing/firewall is there but cannot work?" }-
In your case (since I think its PPPoE and CPE is dialing) its only routing. The firewall in-built provides only protection needed to effective routing/encapsulation of packets. Nothing more

NAT is a different concept. Which the modem supports, but ISP isn't allowing due to usage of PPPoX.
-{ Quote: "
(b)the firewall works but is basic at the most?" }-
Yes, since the CPE firewall is designed to effectively protect from issue arising from encapsulation/routing only.
-{ Quote: "(c)firewall/nat/routing works fine as in most cases?
(d0 nat/routing/firewall not present?
" }-
See my post explaining various config possibilities. NAT can be used only on IPoX case.In other cases its just routing or plain transparent.

NAT provides higher degree of insulation. While others are low-level specific only ( in this case ).

-{ Quote: "1) NAT as per RFC is designed for IP stack. Hence NAT can be done only with IPoA or IPoX. Not with PPPoX, where you will have general routing only.

I know, I have added lot of technical gibberish. Please feel to comment to make it more understandable.
" }-

Sigh; incorrect. And yeah, please lets drop the gibberish (such as NOC and CPE which only obfuscates things). You can configure these devices to act either as a router, or a bridge. For the first case, the "modem" will get the public IP from your ISP, assign private IPs to boxes on your LAN and obviously will NAT the traffic. In the second case, a computer connected to it will get the public IP and will have to take care of all the routing etc. for other LAN clients (IOW, for Windows-based desktop OSes you'll have to configure internet connection sharing there). If you claim that there's no NAT on PPPoE when the "modem" acts as a router and not a bridge, then I'd suggest using Wireshark to get a better idea.

hello...this router business is tough.....:'(

but i found some information from isp site now i can't make head or tail of it but maybe you guys can....so here it is....

BSNL broadband is based on ADSL technology and uses PPPoE protocol for authentication and accounting the user access. The CPE (ADSL Modem) is multi featured powerful router. It can be configured in two modes.
Bridge Mode:

This is the default factory setting. In this mode the modem works as transparent Ethernet bridge and therefore you need to run the PPPoE client software ( for login authentication) on your PC/server. WIN XP systems have this feature inbuilt but for other operating systems you need to buy it from market. Some freeware like RASPPPoE, Enternet etc. are also available on the Internet.

PPPoE Router mode:

In this mode the modem works as router and the PPPoE session terminates on WAN port of router. The PPPoE client is in built in the modem and allocated by BRAS server gets assigned to WAN port of modem. The Internal network has to use the private IP and for Internet access NATing happens in modem. BSNL follows this method. This method is advantageous in many ways like availability of advanced features of router and powerful diagnostic tool for troubleshooting the connection problem.

It is recommended to use the CPE in PPPoE router mode. This makes internal network secured as the servers/PCs are not directly exposed to public Internet. The CPE has got all the advanced features like firewall, IP access lists, VPN pass through, NAT, Port forwarding which are required for any Intranet.

-{ Quote: "
but i found some information from isp site now i can't make head or tail of it but maybe you guys can....so here it is....
" }-

Yes; that's a good and correct explanation. Seems pretty readable to me, but just ask if anything is unclear there.

(Just a side note - the default being a bridge mode is pretty weird, considering that they (rightly) recommend using router mode. Don't they supply the devices themselves? Is so, why don't they preconfigure them to their recommended settings? :D Plus pretty much every DSL 'modem' I touched has the defaults the other way round, i.e. router)

My advice is to use NAT, enable your firewall, and disable all the services that you will not use or aren't needed now, like IPv6...

Check if your router is supported by DD-WRT... ;)

-{ Quote: "Sigh; incorrect. And yeah, please lets drop the gibberish (such as NOC and CPE which only obfuscates things). You can configure these devices to act either as a router, or a bridge. For the first case, the "modem" will get the public IP from your ISP, assign private IPs to boxes on your LAN and obviously will NAT the traffic. In the second case, a computer connected to it will get the public IP and will have to take care of all the routing etc. for other LAN clients (IOW, for Windows-based desktop OSes you'll have to configure internet connection sharing there). If you claim that there's no NAT on PPPoE when the "modem" acts as a router and not a bridge, then I'd suggest using Wireshark to get a better idea." }-
My point being that there is a difference between NAT and routing. They are not interchangeable.

Please read RFC 3439, NAT was not designed for PPP stack. In a purist world, PPPoE NAT is not possible. For proof, in PPPoE routed CPE first enable NAT and see the wireshark capture. Then disable NAT and then compare the wireshark capture.
It will be same. Since NAT is not implemented on that network model. Enable/Disable NAT on most models just enable as flag. Which will trigger action when the specific NAT if-stack is activated. But on PPPoE, the whole NAT stack is bypassed and hence you will see no difference at all w/o NAT enabled.

-{ Quote: "My point being that there is a difference between NAT and routing. They are not interchangeable.

Please read RFC 3439, NAT was not designed for PPP stack." }-

I have no interest in confusing the OP further. Obviously you've missed who's your audience here, the guy can't figure out a simple web GUI and you keep flooding him with basically totally irrelevant purist gibberish.

If I disable NAT on my PPPoE, I lose internet connectivity on LAN clients, so stating that "there's no difference at all w/o NAT enabled" is obviously completely wrong.

-{ Quote: "
If I disable NAT on my PPPoE, I lose internet connectivity on LAN clients, so stating that "there's no difference at all w/o NAT enabled" is obviously completely wrong." }-
Could you provide me you CPE config details ? Any wireshark capture would be useful too.
I have worked on programming/testing/deploying both CPE and DSLAM in past.

I can't concur how this kills your INTERNET connectivity. If you know, better please do explain to me the schematics of things.

PS: OP, wanted to enable NAT and wanted to know the worth of the firewall. Both have been answered.
My only difference with you, is over the fact that NAT disable/enable over PPPoE routed mode makes no difference.

-{ Quote: "
I can't concur how this kills your INTERNET connectivity. If you know, better please do explain to me the schematics of things.
" }-

Well, seriously this is so simple and so obvious I don't understand what's this debate is about. If you disable NAT, you can connect single, and only single computer to internet. All the other boxes will have no internet connectivity. If you need to connect more boxes, you MUST enable NAT.

To quote from the manual for this exact DSL router type:

-{ Quote: "
PPPoE + NAT Mode

In this deployment environment, the PPPoE session is between the ADSL WAN interface and BRAS. The ADSL Router gets a public IP address from RAS when connecting to DSLAM. The multiple client PCs will get private IP address from the DHCP server enabled on private LAN. The enabled NAT mechanism will translate the IP information for clients to access the Internet.
" }-

Not that the exact type would matter because it's exactly the same with any of these DSL routers I got my hands on. E.g., the D-Link DSL-G684T:

-{ Quote: "
Network Address Translation (NAT) – For small office environments, the DSL-G684T allows multiple users on the LAN to access the Internet concurrently through a single Internet account. This provides Internet access to everyone in the office for the price of a single user.

NAT improves network security in effect by hiding the private network behind one global and visible IP address. NAT address mapping can also be used to link two IP domains via a LAN-to-LAN connection.

NAT should remain Enabled. If you disable NAT, you will not be able to use more than one computer for Internet connections. NAT is enabled and disabled system-wide, therefore if you are using multiple virtual connections, NAT will disabled on all connections.

Network Address Translation may be enabled or disabled with the pull-down menu. Keep in mind that disabling NAT allows only a single computer to be used for Internet access through the Router. NAT is enabled and disabled for the Router on all connections (i.e. Pvc0 – Pvc7) if your Router is set up for multiple virtual connections.
" }-

OMG...

I have just logged in in order to say something here, but I see now where you two are heading...

-{ Quote: "I have no interest in confusing the OP further. Obviously you've missed who's your audience here, the guy can't figure out a simple web GUI and you keep flooding him with basically totally irrelevant purist gibberish." }-

I will not participate in this battle of egos anymore.

203674

Cheers,

Hi thathagat,

why don't you try a ShieldsUp (https://www.grc.com/x/ne.dll?bh0bkyd2) port scan and see the results? BTW, A big FAILED result isn't necessarily anything to get worked up about. Just post the reason[s] if this happens (eg: could be it responds to pings or port 113 is not stealthed); it could be inconsequential. I know nothing about your router, but the settings in the screenshots you posted seem about right. Furthermore, as long as your network connectivity seems okay to you, then there is probably nothing wrong.

-{ Quote: "
1.does this router firewall in its present status add a layer of protection to firewall of kis2009 or vice-versa ?" }-

It helps kis2009 by taking the Internet "noise" load off of it.

-{ Quote: "2.two of my other pc's have avast pro and no firewall with this xDSL nat router are they safe or do i need a software firewall....though i use returnil on virtually each of my pc/laptop ?" }-

I think your okay without a software firewall on these pcs, though you could run Windows built-in firewall on them probably without harm.

-{ Quote: "3.This is supposedly the best xDSL nat router provided by bsnl/dataone my isp provider should i move to netgear or something better for my home connection or this is just fine...?" }-

IMO, no. What you have is probably just fine.

-{ Quote: "4.wow...and i thought software firewalls were difficult to configure...:wacko:" }-

if you are not interested in in configuring software firewalls and they cause you more grief than pleasure, then by all means avoid them. Your router with Windows built-in firewall on the pcs (optional) will serve you well.


**EDIT**

my apologies, i see in post 3 you already scanned your ports. I would, however, add you should check your wireless settings and use a WPA or WPA2 encrypted connection.

-{ Quote: "
PPPoE + NAT Mode

In this deployment environment, the PPPoE session is between the ADSL WAN interface and BRAS. The ADSL Router gets a public IP address from RAS when connecting to DSLAM. The multiple client PCs will get private IP address from the DHCP server enabled on private LAN. The enabled NAT mechanism will translate the IP information for clients to access the Internet.
" }-
Thats exactly my point.
See in this case you have PPPoE on WAN and DHCP on LAN. NAT-like behavior will be shown (not 100% RFC compliance).
Now if you disable NAT, what will happen ?? If it was regular IPoE on both sides, then the packets coming out of WAN side would be routed with display of LAN side routes to next hop.
But because its PPPoE on WAN side, even if you disable NAT flag. There will be no change in behavior, since CPE can't sent packets with LAN address on it ( since PPP session has WAN credentials. It will be either discarded or session will be disconnected by RAS). In effect NAT disable/enable for PPPoE on WAN is same. And in most CPEs will have no effect what-so-ever on the behavior when in PPPoE routed mode.

Hope now my point is clear.

-{ Quote: "OMG...

I have just logged in in order to say something here, but I see now where you two are heading...



I will not participate in this battle of egos anymore.

203674

Cheers," }-
I am sorry, Nick for the mess. If you would so kind as to comment on my post or PM me on your views on the topic, I would be very grateful. I value your opinion, kindly assist in getting the thread back on track.
Thank You.

-{ Quote: "Thats exactly my point.
See in this case you have PPPoE on WAN and DHCP on LAN. NAT-like behavior will be shown (not 100% RFC compliance).
Now if you disable NAT, what will happen ?? If it was regular IPoE on both sides, then the packets coming out of WAN side would be routed with display of LAN side routes to next hop.
But because its PPPoE on WAN side, even if you disable NAT flag. There will be no change in behavior, since CPE can't sent packets with LAN address on it ( since PPP session has WAN credentials. It will be either discarded or session will be disconnected by RAS). In effect NAT disable/enable for PPPoE on WAN is same. And in most CPEs will have no effect what-so-ever on the behavior when in PPPoE routed mode.

Hope now my point is clear." }-

Well, I'd hnoestly need your help. Is it somehow possible to disable NAT router completely and simply let all the protection to software firewall?
Several months ago I tried to disable NAT router because I wanted Outpost Pro for my inbound protection. But what happened is that I couldn't access internet at all.
I personally don't want my router protects me from inbound attacks, I want Outpost Pro to protect me from them.
While using router (Edimax ADSL2+ router), Outpost Pro shows 0 blocked attacks-is there any possible way that I can completely disable NAT router so that all of unsoliticed traffic is blocked Outpost Pro????
I don't want to see 0 blocked attacks by Outpost Pro anymore.

And is it possible to completely disable NAT router's protection and still connect to and surf through the internet but with Outpost Pro blocking inbound attacks?
Please, help.

I know what you would say-don't do it, but I want to do it. I'd rather simply Outpost Pro to protect me than my router, I simply feel safer.

personally I would rather my nat blocked all the crap and didn't let it on my computer in the hopes a software firewall might stop it.a software firewall is no where as efficient as a hardware one. but it is your choice. and having no messages that your soft firewall has blocked anything is just proof that the nat is protecting you. I even went a step beyond a nat router I use a dedicated hardware firewall.

-{ Quote: "Well, I'd hnoestly need your help. Is it somehow possible to disable NAT router completely and simply let all the protection to software firewall?" }-

As already noted before, configure it as bridge. It's described in detail in the manual. And yeah, bad idea generally as noted above.

-{ Quote: "Well, I'd hnoestly need your help. Is it somehow possible to disable NAT router completely and simply let all the protection to software firewall?
Several months ago I tried to disable NAT router because I wanted Outpost Pro for my inbound protection. But what happened is that I couldn't access internet at all.
I personally don't want my router protects me from inbound attacks, I want Outpost Pro to protect me from them.
While using router (Edimax ADSL2+ router), Outpost Pro shows 0 blocked attacks-is there any possible way that I can completely disable NAT router so that all of unsoliticed traffic is blocked Outpost Pro????
I don't want to see 0 blocked attacks by Outpost Pro anymore.

And is it possible to completely disable NAT router's protection and still connect to and surf through the internet but with Outpost Pro blocking inbound attacks?
Please, help.

I know what you would say-don't do it, but I want to do it. I'd rather simply Outpost Pro to protect me than my router, I simply feel safer." }-
I think some good advice from many different people, has come your way. Against removing NAT.

Please see your manual If you can understand the same no issues. Else if you still want to move to bridged, please provide the following details:
1) PVC : Please tell WAN details like PVC used (0,33 or 8,35 is typical)
2) WAN Connection Type: It should be one of the following PPPoE,PPPoA, Dynamic IP.

hello.......two things i like to ask..
1. ever since i 've moved to bb my online gaming and u-torrent failed to connect due to port forwarding/port not open...so today through some searching and tinkering i did setup what is a virtual server(screen shot attached) now the u-torrent works fine but is this risky or unsafe...? for games like farcry...crysis too need this....?
2. before this bb i.e. on my dial up my kis2009 always use to warn of some helkern attack but after this xDSL nat router that warning has never come so it would entail that the router stops it....ummm i am guessing this.

-{ Quote: "hello.......two things i like to ask..
1. ever since i 've moved to bb my online gaming and u-torrent failed to connect due to port forwarding/port not open...so today through some searching and tinkering i did setup what is a virtual server(screen shot attached) now the u-torrent works fine but is this risky or unsafe...? for games like farcry...crysis too need this....?" }-
You have done some good tinkering :thumb: That is the way to use utorrent and other programs whose ports get blocked due to NAT.
Risky ..... Yes, a little. What you have done is made a small hole in the wall. So if someone tries to pump traffic on that specific port which you have VS running, you are susceptible. But it seems you have KIS2009 and if its monitoring that port. Then it should save you from any such attack.
-{ Quote: "
2. before this bb i.e. on my dial up my kis2009 always use to warn of some helkern attack but after this xDSL nat router that warning has never come so it would entail that the router stops it....ummm i am guessing this." }-
You are right again. The Helkern/Slammer attack is offset by any router. Helkern basically spawns a loop on port 1434 used by MS SQL. Most routers will have this port closed, hence no more warnings.