Network Address and Port Translation (NAPT) allows a single device, such as a gateway, to be an agent between the Internet (or "public network") and a local (or "private") network. This means that only a single unique IP address represents an entire group of devices to the outside world.
Implementing dynamic NAPT automatically creates a firewall between your internal network and the Internet. NAPT only allows connections that originate inside the internal network. Essentially, this means that a computer on an external network cannot connect to your computer unless your computer has initiated the contact. Nobody from the outside can latch onto your IP address and use it to connect to a port on your computer.
Under NAPT, all internal network computers are inaccessible from the outside. However, if you need to use public services such as Web, FTP, or e-mail servers from your private network, you can set up a virtual server to permit secured access. In this method, a connection with the outside is redirected to a host (the virtual server) running the services on the private network. (IP forwarding is another term for this.)
The Virtual Servers setup page allows you to add, remove, and save virtual server settings.
| Protocol | Type | Port |
| FTP ( File Transfer Protocol) | TCP | 21 |
| HTTP (Web Server) | TCP | 80 |
| DNS (Domain Name Server) | TCP UDP | 53 |
| Telnet- Remote connection | TCP | 23 |
| SMPT (Outgoing mail) | TCP | 25 |
| POP3 (Incoming mail) | TCP | 110 |
| NNTP (Network News Transfer Protocol) | TCP | 119 |
| PCAnyWhere | UDP TCP | 5631-5632 |
| TALK | UDP | 517-518 |
| Net2Phone ** | TCP UDP | 2000 |
| HTTPS (secure Web server) | TCP | 443 |
| VNS (remote display system) | TCP | 5900-5909 5800-5809 |
| TFTP | UDP TCP | 69 |
| SSH (secure remote login) ** | TCP | 22 |
| ** Net2Phone and SSH have not been tested yet | ||
| Game | Type | Port |
| Age of Empires II | TCP UDP | 2300:2400 2300:2400 |
| Star Craft | TCP | 4000 |
| Half Life Team Fortress | TCP UDP | 27015 27015 |
| Diablo II | TCP | 6112 4000 |
| Quake II | UDP | 27950 27960 27910 27952 27000 26000 27951 |
| Quake III | UDP | 27950 27960 27910 27952 27000 26000 27951 |
| Return to Castle Wolfenstein | UDP | 27950 27952 27953 27960 27961 27962 27963 27965 |
| Unreal Tournament | UDP | 7777 |
| Game | Outgoing Port Range | Protocol | Incoming Port Range | Protocol |
| Return to Castle Wolfenstein | 27950-27965 | UDP | 27950-27965 | UDP |
| Star Craft | 4000-4000 | TCP/UDP | 4000-4000 | TCP/UDP |
The following applications, when run behind NAPT, do not require any gateway user configuration.
| Protocol (see note 1) | Type | Port |
| FTP (File Transfer Protocol) | TCP | 21 |
| TFTP | UDP TCP | 69 |
| TALK | UDP | 517-518 |
| H.323 | TCP | 1720 |
| IRC | TCP | 6667 |
| SNMP | UDP | 161-162 |
| PPTP | TCP | 1723 |
| Windows Media Player (see note 2) | UDP | 7000-7007 |
| DirectX Game (see note 3) | UDP | 2300-2400 |
| AOL Instant Messenger (see note 4) | TCP | 5190 |
| MSN Messenger (see note 4) | TCP | 1863 |
Notes:
The following steps provide a workaround to problems you might have when using ICQ's file transfer, Send/Start ICQ chat and PC2PC phone. The problem is that some of these applications set the Web browser to use a proxy server to listen to incoming connection requests.