NAT (Network Address Translation) is the translation of the IP address of a host in a packet.  Use port forwarding to make computers on a private network behind the PK5001Z available outside the private network.  If the PK5001Z has only one public IP address, you can make the computers in the private network available by using ports to forward packets to the appropriate private IP address.  Below is a step-by-step list of instructions on creating port forwarding rules on the PK5001Z.

1. Open a web browser and go to http://192.168.0.1 to access the web configurator.

2. Do the following:

• Enter the Administrator Username: admin (default)
• Enter the Administrator Password: (located on the bottom of the modem)
• Select "Apply".
  

3. Select "Advanced Setup".

4. Select "Port Forwarding" from the left menu pane.

5. Select a device from the dropdown, or manually enter the private computer's IP address the packets will need to be forwarded to.

6. Enter the port number or range you need open.  If only one port needs to be opened, both starting port and ending port should be populated with the same info.

• Starting Port
• Ending Port
  

7. Select the Protocol for this service port (options are TCP, UDP, GRE or TCP/UDP).  If the customer is unsure of the protocol the port they are attempting to open is, set this option to do both TCP and UDP (TCP/UDP)

8. Enter the remote port and IP information.  This can be configured to limit access to the service ports you are trying to open.  You can limit the service to only accept traffic from a specific public IP address, specific incoming ports or both.  If traffic needs to be accepted from any public address, set the option to "All IP Addresses".

9. Select "Apply" to save the settings.

10. You can view a list of all the port forwarding rules you have entered/created, at the bottom of the screen.

Note:  If port forward rules are not showing up on the Port Forwarding List or you receive an error when attempting to open a port, check the UPnP service on the PK5001Z.  If UPnP is enabled the port you are attempting to create a port forward rule for may have already been opened by the UPnP service.

To check the UPnP status click on the "UPnP" option on the left pane on the web configuration menu.  Disable the UPnP feature so that you can manually add the port forward rule, or verify that the UPnP service has opened the port for the correct private computer IP address.

Testing and Troubleshooting

To test if the ports are open you can visit a website with a port scanning tool to test the ports you have opened.  Such sites include:

http://www.whatsmyip.org/port-scanner/

http://www.t1shopper.com/tools/port-scan/

http://mxtoolbox.com/PortScan.aspx

Please note that port scanning only works on TCP ports as this protocol requires a handshake.

If the services being hosted are common services such as port 80 (Web), 21 (FTP) or 3389 (RDP), you can use a web browser and/or the Remote Desktop Connection application built into Windows to test.

If the test fails:

1. Reboot the PK5001Z.  Unplug the router from the power, wait about 15-30 seconds and plug it back in.
2. Verify that the server computer hosting the services is accepting traffic. See if another computer on the private network can access the services. If the services do not work locally, they will not be accessible from the internet.
3. Disable the firewall on the computer to make sure it is not blocking the port traffic.
4. If the services are still not working after the firewall has been disabled, reboot the computer to restart the services.
5. Double check the computer setup to make sure the correct listening ports are active.  (this is something the customer will need to check)
6. If the services are working perfectly for local computers, check the PK5001Z firmware version and make sure it is running the latest software patch.  To check the current firmware patch and upgrade the firmware on the PK5001Z click on the "Utilities" menu across the top of the web configurator window.
   
• Select the "Upgrade Firmware" option on the left pane.
  
• Check what firmware the device is currently running and if there are any updates available.
  
• If an update is available click the "Download" button to download and save the firmware file to the computer.
  
• Click the "Choose File" button to select the software patch that was downloaded and saved on the previous step.
  
• Click the "Upgrade Firmware" button to initiate the update process. This process takes roughly 5 minutes to complete.
  
• Once the firmware on the PK5001Z is up to date try running the port scan again to test if the ports are open.
7. Disable the routers firewall.  By default this feature is disabled by CenturyLink, but double check the settings to make sure the customer has not enabled it.  To check the firewall status click on the Advance Setup menu across the top of the web configuration screen. (if you're not already in this menu)
   
• Click on the IPv4 Firewall option on the left pane.
  
• Verify the IPv4 Firewall is disabled.
  
8. If the services are still unreachable from the public side (internet), you can attempt setting up the DMZ as a last resort.  Setting the DMZ will open all services to the specified server.  To enable this feature click on the Advanced Setup menu across the top of the web configuration screen. (if you're not already in this menu)
   
• Find the "DMZ Hosting" option on the left pane.
  
• Enable the DMZ hosting.
  
• Select a device from the dropdown, or manually enter the private computer's IP address.
  
• Click "Apply" to save the settings.
  
• Run the port scan again to test if the ports are open.
9. Check the computer's IP address settings to make sure the computer is using the PK5001Z as the default gateway.  If the private computer's IP address was manually assigned (static IP), set the computer for DHCP and change the port forward rules to reflect the new address.
10. Verify with CenturyLink that they are not blocking the service ports on their end.  Some ISP's will block certain services to make sure you are not hosting websites, FTP sites, mail servers on a residential connection. Business internet connections don't usually block any services.
11. Run a packet capture, if possible, to verify that port traffic is making its way to the server and that it replies to the service request.
12. Have CenturyLink swap out the PK5001Z to rule out hardware issues.