B1 Internet Router
Software version 1.70
User Manual
|
|
|
|
|
|
| ||||
|
B1 Internet Router | ||||
|
Software version 1.70 | ||||
|
User Manual | ||||
|
| ||||
|
| ||||
|
|
|
|
B1 Router User Manual
Copyright © 2002 Hive Internet Ltd. All rights reserved. This document may not in whole or part be copied, photocopied, reproduced, translated or reduced to any electronic or machine readable form without prior consent from Hive Internet Ltd.
Every attempt has been made to ensure the accuracy of the information contained in this user guide, but, due to our policy of continuous improvement to our products, Hive Internet Ltd. assumes no liability for losses incurred as a result of out-of-date or incorrect information contained in this guide. We reserve the right to change specifications without notification.
All trademarks contained in this user guide are acknowledged.
For all issues involving router setup or the router's embedded software contact :-
Hive Internet Ltd 25 London Street Chertsey Surrey KT16 8AP
Tel: +44 (0)1932 569020 Fax: +44 (0)1932 569027 Email: support@hive-internet.co.uk Web: www.hive-internet.co.uk
For information on related hardware products (e.g. Special connectors, rack mount options etc) contact
Teltronix Ltd. Unit 2 Maundrell Road Portemarsh Calne Wiltshire SN11 9PU
Tel: +44 (0)1249 818923 Fax: +44 (0)1249 818797 Web: www.teltronix .co.uk | ||
|
| ||
|
|
|
ContentsAPPLICATION 5INSTALLING THE UNIT 5 Example terminal session to configure the unit. 6 Format of fields in terminal or telnet session. 7LAN configuration fields 7Terminal and Telnet configuration 8 Telnet configuration 8Configuration prompts 8 >Main menu commands 9#Config menu commands 10 Configuration Fields 11 DHCP Fields 11 LAN Configuration Fields 12 NAT Configuration Fields 12 Sync Configuration Fields 13 $Maintenance menu commands 14Web Browser Configuration 16 Browser configuration menu 17 Status Page 18 LAN Configuration Pages 20 LAN Configuration Page Fields 21 Extra IP Addresses and Masks 21 Sync Port Configuration Page 22Sync Port Configuration fields 23 Routing Table Page 24Viewable Routing Table Fields 25 25 25 25 Very Simple Routing Policy 26Editable Routing table fields 27 NAT Configuration Pages 28NAT Configuration Fields 29 DHCP Configuration Pages 30DHCP Configuration Fields 31 Firewall Configuration Page 32Firewall Configuration Fields 33 Firewall Configuration Links 33 Firewall Protocol Filter Table Page 34 Firewall Protocol Filter Fields 35 Firewall Port Filter Table Page 36 Firewall Port Filter Fields 37 | ||
|
| ||
|
|
|
Firewall IP Deny Table Page 38Firewall IP Deny Table Fields 39 VPN & Remote Stations Tables 40 Remote Table Entry Fields 41 Technical Issues 42 G703/4 Local Clocking 42 Loopback clocking 42 42 Setting the clock mode 42 | ||
|
| ||
|
|
|
|
APPLICATION The Teltronix B1 router provides basic routing and firewall services between two local area networks and a 2Mb/s leased line. The unit is ideal for connecting to an Internet Service Provider via a 2Mb/s leased line. | ||
|
INSTALLING THE UNIT 1. Check package contents, there should be :- a. One B1 router b. One power cable c. Two BNC leads d. One RJ45 LAN lead e. One RJ11 to D15 console port lead f. One printed manual g.One quick start sheet.
2. Connect the "TX" and "RX" ports of the unit to the leased line NTU. 3. Connect the "LAN1" port to the public or "DMZ" network. The public network will have devices on it which are meant to be reachable from the internet. 4. Connect the "LAN2" port to the private network. The private networkwill have devices on it which are not meant to be reachable from the internet, but are able to access internet resources like email and web servers. 5. Connect the supplied management cable to the management port of the unit and the serial port of a P.C. or terminal. The serial port settings are 9600baud,no parity,8 data bits,1 stop bit. 6. Connect mains power to the unit using the supplied mains cable. 7. Start the terminal program on the PC. Press return a few times, you should see the prompt:- B1:B1:Enter Admin Password: 8. The default password is "password". | ||
|
| ||
|
|
|
Example terminal session to configure the unit. | ||
|
In this example, the IP addresses of the two LAN ports are changed via the console port so that the remainder of the config can be done via telnet or web browser. | ||
|
B1:B1:Enter Admin Password:password B1>help Teltronix B1 Commands --------------------------------- Config Configure unit Exit Exit session Maint Maintenance Ping Ping test Status Report unit status B1>config B1#help
B1 configuration commands ------------------------------------ Default Default configuration DHCP1 DHCP Server LAN1 DHCP2 DHCP Server LAN2 Exit Exit config LAN1 LAN1 (DMZ/Backup) LAN2 LAN2 (Main LAN) NATS Network address translation Sync port NAT1 Network address translation LAN1 NAT2 Network address translation LAN2 Route Change/View routing table Save Save configuration and reboot Sync Sync port B1#lan1 LAN1:Address mode:FIXED: LAN1:IP Address:10.0.1.1:10.10.0.1 LAN1:IP Mask:255.255.255.0: B1#lan2 LAN2:Address mode:FIXED: LAN2:Port speed:Auto: LAN2:IP Address:10.0.2.1:10.100.1.121 LAN2:IP Mask:255.255.255.0: B1#save Saving configuration... Configuration saved OK. B1# | ||
|
Note that the command config followed by the commands lan1 and lan2 were used to change the unit's IP addresses and the command save was used to save the configuration to flash memory. | ||
|
| ||
|
|
|
|
|
LAN configuration fieldsAddress Mode (Fixed/Dynamic) Use FIXED for a pre-configured address, DYNAMIC means get an IP address from a DHCP server.
IP Address (IP Address) The fixed IP address for this LAN port.
IP Mask (IP Mask) The fixed IP mask for this LAN port. Typical value would be 255.255.255.0.
Port speed (10/100/Auto) Usually set to Auto. Do not change this unless you are having problems with the switch or hub you are connecting to. | ||||
Format of fields in terminal or telnet session.Configuration fields are always presented as "Field name or description" ": colon" "current value" ": colon" "space for new value" e.g. LAN2:IP Address:10.100.0.1:10.100.1.122 Here LAN2 IP Address has been changed from value 10.100.0.1 to 10.100.1.122. Responding to a field by just pressing return will cause the current field value to be used. Responding with an invalid value will cause the question to be asked again. | ||||
|
| ||||
|
|
|
Terminal and Telnet configurationThe unit can be configured by serial terminal or telnet session. Terminal configuration is described on pages 5 and 6.
Telnet configurationOnce the unit has been configured with an IP address a telnet session can be started by telneting to the unit's ip address.
e.g. If the unit's IP address is 10.100.1.121, the windows run command (Click on Start then Run) "Telnet 10.100.1.121" will open a telnet session to the unit. The default admin password is "password"
Configuration promptsOnce the correct admin password has been given, the unit will reply with a prompt to indicate the mode. The prompt is in the form "unit name" "prompt character"
The prompt characters are:-
>(Greater than sign) for MAIN MENU #(Hash sign) for CONFIG MENU $(Dollar sign) for MAINTENANCE MENU
e.g. B1> In main menu B1# In config menu B1$ In maintenance menu | ||
|
| ||
|
|
|
>Main menu commands
Config Enter the config menu.
Exit Close the terminal or telnet session.
Help Print a list of commands available in the current mode.
Maint Enter the maintenance menu.
Ping Ping will cause four ICMP echo request packets to be sent to the specified IP address. If no IP address is specified one will be requested.
e.g. B1>ping 10.100.1.1 Ping 10.100.1.1 B1>Ping reply Ping reply Ping reply Ping reply
Status Status prints a short status report on the G703 port and the PPP link to the remote router on the WAN link. e.g. B1> B1>status G703:No signal. G704 Alarms: PPP status:LCP:DOWN Authentication:??? IPCP:DOWN | ||
|
| ||
|
|
|
#Config menu commands | ||
|
Default The configuration is reset to the factory default configuration EXCEPT for the IP addresses of LAN1 and LAN2.
DHCP1 Configures Dynamic Host Configuration Protocol server for LAN port 1.
DHCP2 Configures Dynamic Host Configuration Protocol server for LAN port 2.
Exit Returns to the main menu.
Help Print a list of commands available in the current mode.
LAN1 Configures LAN port 1.
LAN2 Configures LAN port 2.
NATS Configures Network Address Translation for the Sync (G703/4) port.
NAT1 Configures Network Address Translation for LAN port 1.
NAT2 Configures Network Address Translation for LAN port 2.
Password Changes the admin password. The current password is required. | ||
|
Route Route add adds a new route to the routing table. Route del deletes a route from the routing table. Route print prints out the current IP routing table. | ||
|
Save Saves the configutation to flash memory and reboots the unit. | ||
|
Sync Configures the synchronous port. | ||
|
| ||
|
|
|
Configuration Fields | ||
DHCP Fields | ||
|
Enable DHCP server (Yes/No) This field enables or disables the DHCP server. The DHCP1 server only serves LAN port1. The DHCP2 server only serves LAN port 2.
Enable Multiple servers (Yes/No) Always set this field to NO.
Start IP address (IP Address) The first IP address in the pool of addresses to be leased out by the server.
No of IP addresses (Number) The number of consecutive IP addresses in the pool.
IP mask (IP Mask) The IP mask to be issued by the server.
List this router (Yes/No) Controls whether the server will issue the router's own address in the list of routers issued to DHCP clients.
Additional router 1 (IP Address) The address of an additional router to be issued to DHCP clients.
Additional router 2 (IP Address) The address of an additional router to be issued to DHCP clients.
Local domain name (Text domain name) The name of the local domain (if any). If you don't have a local domain (e.g. aneaxmpleco.com) leave this field blank.
DNS Server 1 (IP Address) Address of a local or an ISP's DNS server.
DNS Server 2 (IP Address) Address of a local or an ISP's DNS server.
NBNS Server 1 (IP Address) Address of a local Netbios Name Server or WINS server. Windows NT includes a WINS server.
NBNS Server 2 (IP Address) Address of a local Netbios Name Server or WINS server. Windows NT includes a WINS server. | ||
|
| ||
|
|
|
LAN Configuration Fields
Address Mode (Fixed/Dynamic) Use FIXED for a pre-configured address, DYNAMIC means get an IP address from a DHCP server.
IP Address (IP Address) The fixed IP address for this LAN port.
IP Mask (IP Mask) The fixed IP mask for this LAN port. Typical value would be 255.255.255.0.
Port speed (10/100/Auto) Usually set to Auto. Do not change this unless you are having problems with the switch or hub you are connecting to. | ||
NAT Configuration Fields
Enable NAT (Yes/No) Enables NAT translation of the associated port. NAT should be enabled on the port "closest" to the internet or "closest" to the network where the public address is valid and the private address is not valid.
Address Mode (Dynamic/Fixed) Fixed addressing uses the specified public IP address as the public address. Dynamic addressing allows the IP address allocated via IPCP or DHCP to be used as the public address.
Manual public IP address (IP Address) The address that will be used to replace the private address in outgoing packets. If NAT is being used for internet access, this address should be a valid internet address that has been supplied by your I.S.P.
Private IP network address (IP Address) The network address of the private network. e.g. 10.x.x.x or 172.16.x.x or 192.168.x.x
Private IP mask (IP Mask) The IP mask of the private network. The router uses the private IP network address and mask to decide which packets should be subject to NAT translation. | ||
|
| ||
|
|
|
Sync Configuration Fields | ||
|
Mode (G703S/G703M/G704S/G704M) Sets the clocking and framing mode to be used on the G703/4 port. G703S Unstructured slave clocking G703M Unstructured master clocking G704S Structured slave clocking G704M Structured master clocking
Local(Rx) authentication (None/PAP/CHAP) Sets the protocol used for PPP authentication.
Local(Rx) username (Text name) The username expected from the remote router.
Local(Rx) password (Text password) The password expected from the remote router.
Remote(Tx) authentication (None/PAP/CHAP) Sets the protocol used for PPP authentication.
Remote(Tx) username (Text name) The username this router will send to the remote router.
Remote(Tx) password (Text password) The password this router will send to the remote router. | ||
|
| ||
|
|
|
$Maintenance menu commands | ||
|
ARPlog Prints out a log of Address Resolution Protocol activity. The log shows learnt mac and IP addresses and shows any warnings about address conflicts. | ||
|
Buffers Shows the number of free packet buffers in the system.
Con Shows the statistics for the console (serial) port.
G703 Shows the statisitics for the G703 port.
G704 Shows the statistics for the G704 monitor. When the unit is in G704 mode CRC errors are checked. | ||
|
Help Displays a list of commands available in the current mode. | ||
|
Exit Returns to the main menu. | ||
|
LAN1 Shows the statistics for LAN port 1.
LAN2 Shows the statistics for LAN port2. | ||
|
Loader Starts the TFTP server. This command is used to download new code the unit via any TFTP program or the HiveLoad program. | ||
|
PPPlog Logs events occuring on the G703 port and the IPCP link to the remote router. | ||
|
Ping Ping will cause four ICMP echo request packets to be sent to the specified IP address. If no IP address is specified one will be requested.
e.g. B1$ping 10.100.1.1 Ping 10.100.1.1 B1$Ping reply Ping reply Ping reply Ping reply | ||
|
| ||
|
|
|
|
|
Portlog Shows a log of events on the unit's ports. | |||
|
Rand Prints out a block of random numbers from the unit's hardware random number generator. | |||
|
Route Route add adds a new route to the routing table. Route del deletes a route from the routing table. Route print prints out the current IP routing table. | |||
|
Sync Shows the statistics for the synchronous port. This port handles the raw received data after G703 decoding and raw transmitted data before G703 encoding. | |||
|
| |||
|
|
|
|
|
Web Browser Configuration | |||
|
It is possible to use a web browser like Internet Explorer or Netscape to configure the B1. Type in the IP address of the B1 as the URL. The browser will prompt for a username and password. The username is "admin" and the default password is "password". | |||
| |||
|
After providing a valid username and password the browser should show the main status page. | |||
| |||
|
| |||
|
|
|
|
Browser configuration menu | |||
|
On the left side of the status page is the menu. The menu items are :- | |||
|
Status Shows the status page | |||
|
LAN1 LAN1 configuration.
LAN2 LAN2 configuration.
Sync1 Synchronous port configuration.
Routes Routing table.
NAT Network address translation configuration.
DHCP Dynamic Host Configuration Protocol server configuration.
Firewall Firewall Configuration. | |||
|
VPN Virtual Private Network configuration.
Password Change password page. | |||
|
Save Config Saves the unit's current configuration to flash memory. | |||
|
Default Database This link will cause the unit to reset all settings to factory default EXCEPT the unit's IP address.
Reboot Reboots the unit. | |||
|
| |||
|
|
|
Status Page | ||
| ||
|
The status page shows the current status of the unit. This page does not automatically refresh. Click on the statistics link for a page which does automatically refresh. The items on the status page are:-
Up Time Shows the amount of time the unit has been running.
G703 Status Shows the current link status (Signal / No Signal)
G704 Alarms Shows any standard G704 alarm condtions. e.g. RED
PPP Status Shows the status of the PPP protocol on the sync port. | ||
|
| ||
|
|
|
|
|
|
LAN 1 IP The main IP address and mask for LAN port 1.
LAN 2 IP The main IP address and mask for LAN port 2.
DSN The digital serial number of the unit. Each B1 unit has a unique digital serial number.
HSN The hive serial number of the unit. Each B1 unit has a unique hive serial number. This number is also used to make the unit's LAN port MAC addresses unique.
Licenced Features Lists the software features which are licenced and enabled on the unit. Additional features can be enabled by entering special unlock codes. (e.g B1 Plus) | ||||
|
Statistics Links to the statistics page
Licence and Registration Shows the licencing page used to enter feature unlock codes. | ||||
|
Software version information Shows the software version page.
Open Help Frame Opens a help frame to show help information. | ||||
|
| |||
|
| ||||
|
|
|
LAN Configuration Pages | ||
| ||
|
There is one LAN configuration page per LAN port. Both pages behave identically. After changing the field values to the appropriate values press the Submit button to send the changes to the unit. If any field is invalid, it will be shown with "*>" at the start of the field. To save changes to flash memory click on "Save Config" in the left hand menu. | ||
|
| ||
|
|
|
LAN Configuration Page Fields | ||
|
Address Mode Use FIXED for a pre-configured address, DYNAMIC means get an IP address from a DHCP server.
IP Address The main fixed IP address for this LAN port.
IP Mask The main fixed IP mask for this LAN port. Typical value would be 255.255.255.0.
Port speed Usually set to Auto. Do not change this unless you are having problems with the switch or hub you are connecting to.
Extra IP Addresses and MasksExtra IP addresses and masks give the unit the ability to create more than one logical IP network on a LAN segment. Upto four additional IP addresses or logical networks can be configured. Simply enter the additional IP addresses and masks. There are two special cases:-
1. A mask of 255.255.255.255 can be used to give the unit an extra IP address in the main network address range.
2. A mask of 0.0.0.0 will cause the unit to proxy arp for the associated IP address. | ||
|
In the example shown on page 18, LAN1 has an IP address of 212.135.199.155 and is providing proxy arp service for addresses 212.135.199.154 and 212.135.199.153. | ||
|
| ||
|
|
|
Sync Port Configuration Page | ||
| ||
|
The sync port configuration page configures framing, clocking and PPP parameters on the G703 port. | ||
|
| ||
|
|
|
Sync Port Configuration fields
Mode Sets the clocking and framing mode for the G.703 port. There are four modes:- G703-Slave Unstructured data, slave clocking G703-Master Unstructured data, master clocking G704-Slave Structured data, slave clocking G704-Master Structured data, master clocking On any link, the device at one end should be set to clock master while the device at the other end should be set to clock slave. In G703 frames are sent without any framing structure. In G704 the channel is divided into 32 timeslots. One timeslot is used for framing. The remaining 31 timeslots can cary data. G.704 allows the bandwidth to be set from 64kb/s upto 1.984 Mb/s. G.704 also allows constant monitoring of the line's quality of service.
Connector Switches between BNC (75ohm) or RJ45 (120ohm) connections to the leased line. BNC (75ohm) For connection via coax cables. RJ45 (120ohm) For connection via UTP or STP cable.
Local (Rx) authentication The authentication method on the receive side.Usually set to NONE. The B1 supports PAP or CHAP authenthentication.
Local (Rx) username The username expected from the remote router.
Local (Rx) password The password expected from the remote router.
Local IP The IP address at the local end of a numbered link. Use 0.0.0.0 for an unnumbered link.
Remote (Tx) authentication The authentication method on the transmit side. Usually set to NONE.
Remote (Tx) username The username this router will send to the remote router.
Remote (Tx) password The password this router will send to the remote router.
Remote IP address The IP address for the remote end of a numbered link or the IP address of the remote device (Network or VPN client).
IP Mask The IP mask of the remote network. This is used in conjunction with the remote IP address to add an entry in the routing table when the PPP link is established. | ||
|
| ||
|
|
|
Routing Table Page | ||
| ||
|
The routing table shows which port will be used to send out a packet for any given IP address.Click on the associated edit link to edit or delete a route. Click on the add route link to add a route. | ||
|
| ||
|
|
|
Viewable Routing Table Fields
Network The network address of a destination network or IP address of a host.
Mask The network mask or subnet mask associated with the network address. Use 255.255.255.255 for a host route.
Gateway The IP address of the next hop to the destination network.
Metric The number of hops to the destination. If in doubt, set this value to 1.
Port The port packets to the associated route should leave on. Remote The name of the remote device or VPN user. For VPN routes, the name is setup in the VPN configuration.
Flags Flags show the state of the route. A Activated (The route was activated by a port going to the "UP" state D Dynamic (Route was learnt from another router) M Monitored (Route is monitored by ping requests allowing backup routes) S Static (Route is a pre-configured route) U Up (Route is usable) V Valid
Packets The number of packets sent to that route.
Owner The owner of the port. System The system owns the route. User The user owns the route.
Type The type of route Demand Port The route is added when the port goes to the "UP" state. Permanent Port The route is always active. | ||
|
| ||
|
|
|
| ||
Very Simple Routing Policy | ||
|
Software version b1app.bin 1.70 onwards supports Very Simple Routing Policy. This feature allows backup routes to the same destination (often the default route) to be setup. The router will automatically start using the backup route if the primary route fails. See details on the "Check Route" field. | ||
|
| ||
|
|
|
Editable Routing table fields | ||
|
Network The network address of a destination network or IP address of a host.
Mask The network mask or subnet mask associated with the network address. Use 255.255.255.255 for a host route.
Gateway The IP address of the next hop to the destination network. | ||
|
Metric The number of hops to the destination. If in doubt, set this value to 1.
Port The port packets to the associated route should leave on.
Check Route If set to yes, the router will ping the Check Address every few minutes. If no reply is received, the metric of the route is increased by two. After 8 consecutive failures the route is declared as DOWN. This allows backup routes to be setup. Set the metric of the primary route to 1, set the metric of the backup route to 7. If the primary route fails, the relative order of the primary and secondary routes will be swapped. A typical application of this would be to have internet connections to two different ISP connections (e.g. ADSL or Leased line and ISDN backup).
DO NOT ENABLE CHECK ROUTE on a backup route, e.g. To an ISDN router, as this would cause the ISDN line to be kept up permanently.
Check Address This is the address the router will ping to see if a route is working. | ||
|
| ||
|
|
|
NAT Configuration Pages | ||
| ||
|
There is one NAT configuration page per router port. All three pages work identically. By performing NAT translation at port level it is possible run three simultaneous NAT schemes. This is extremly usefull in situations where disparate networks are being linked. | ||
|
| ||
|
|
|
NAT Configuration Fields
Enable NAT Enables NAT translation of the associated port. NAT should be enabled on the port "closest" to the internet or "closest" to the network where the public address is valid and the private address is not valid.
Address Mode Fixed addressing uses the specified public IP address as the public address. Dynamic addressing allows the IP address allocated via IPCP or DHCP to be used as the public address.
Manual public IP address The address that will be used to replace the private address in outgoing packets. If NAT is being used for internet access, this address should be a valid internet address that has been supplied by your I.S.P.
Private IP network address The network address of the private network. e.g. 10.x.x.x or 172.16.x.x or 192.168.x.x
Private IP mask The IP mask of the private network. The router uses the private IP network address and mask to decide which packets should be subject to NAT translation. | ||
|
| ||
|
|
|
DHCP Configuration Pages | ||
| ||
|
There is one DHCP server configuration page per LAN port. Both pages work identically. The DHCP servers work independantly, the server on LAN1 will not respond to requests on LAN2. | ||
|
| ||
|
|
|
DHCP Configuration Fields | ||
|
Enable DHCP server This field enables or disables the DHCP server. The DHCP1 server only serves LAN port1. The DHCP2 server only serves LAN port 2.
Enable Multiple servers Always set this field to NO.
Start IP address The first IP address in the pool of addresses to be leased out by the server.
No of IP addresses The number of consecutive IP addresses in the pool.
IP mask The IP mask to be issued by the server.
List this router Controls whether the server will issue the router's own address in the list of routers issued to DHCP clients.
Additional router 1 The address of an additional router to be issued to DHCP clients.
Additional router 2 The address of an additional router to be issued to DHCP clients.
Local domain name The name of the local domain (if any). If you don't have a local domain (e.g. aneaxmpleco.com) leave this field blank.
DNS Server 1 Address of a local or an ISP's DNS server.
DNS Server 2 Address of a local or an ISP's DNS server.
NBNS Server 1 Address of a local Netbios Name Server or WINS server. Windows NT includes a WINS server.
NBNS Server 2 Address of a local Netbios Name Server or WINS server. Windows NT includes a WINS server. | ||
|
| ||
|
|
|
Firewall Configuration Page | ||
| ||
|
Each port on a B1 router has it's own firewall allowing different levels of filtering between the private network, the demilitarised zone and the internet. The port firewalls have two parts :-
A. Protocol Filter The protocol filter allows any IP protocol to be blocked or unblocked. In a typical SME network only ICMP,UDP and TCP protocols might be desired.
B. Port Filter. The port filter allows any service assocaited with a TCP or UDP port to be blocked or unblocked. Services include POP3 (Email reading), SMTP (Email sending), HTTP (Web browsing) and HTTPS (Secure web browsing).
A global IP deny table allows certain address ranges to be blocked for all ports. | ||
|
| ||
|
|
|
Firewall Configuration Fields | ||
|
Protocol Filters The protocol filter can be set for each port. There are three protocol filters :-
OFF No protocol filtering BASIC Short list of protocols ADVANCED Long list of protocols
Port Filters The port filter can be set for each port.There are four protocol filters :-
OFF No port filtering PRIVATE Port filtering for a private network PUBLIC-DMZ Port filtering for a public/dmz network. INTERNET Port filtering for the internet connection. | ||
|
Typically the private port filter will only allow outgoing requests to the HTTP (web browsing) port, but the INTERNET and DMZ filters will allow outgoing and incoming requests to the HTTP port.
If LAN ports 1and 2 are both connected to private networks, the firewall should be set to the private filter on both LAN ports. | ||
Firewall Configuration Links | ||
|
Basic Protocol Filter Displays the basic protocol filter page.
Advanced Protocol Filter Displays the advanced protocol filter page.
Private Network Port Filter Displays the private network port filter page.
DMZ Public Netowk Port Filter Displays the DMZ/Public network port filter page.
Internet port filter Displays the internet port filter page.
IP Deny Table Displays IP deny table page. | ||
|
| ||
|
|
|
Firewall Protocol Filter Table Page | ||
| ||
|
The basic and advanced protocol filter pages work identically. Click on the associated edit link to edit or delete a protocol filter. Click on the add protocol link to add a protocol. Any protocol not listed in the table IS BLOCKED. | ||
| ||
|
| ||
|
|
|
Firewall Protocol Filter Fields | ||
|
ProtocolName The text name for the protocol. | ||
|
Protocol Number The number of the protocol from the assigned numbers RFC (RFC1700) | ||
|
Allow If set to yes, packets with this protocol number are allowed through the filter. | ||
|
Passcount The number of packets allowed through | ||
|
Blockcount The number of packets blocked. | ||
|
| ||
|
|
|
Firewall Port Filter Table Page | ||
| ||
|
The private, public DMZ and internet port filter pages all work identically. Click on the associated edit link to edit or delete a port filter. Click on the add port link to add a new port filter. Any port not listed in the table is blocked. | ||
| ||
|
| ||
|
|
|
Firewall Port Filter Fields | ||
|
Service Name The text name of the service.
Port Number The port number from the assigned numbers RFC (RFC1700).
Allow Clients If set to yes,packets from service clients (e.g. Web browser) will be allowed through the associated physical port.e.g. A workstation with web browser is connected to the associated physical port.
Allow Servers If set set to yes, packets from service servers (e.g. Web server) will be allowed through the associated physical port. e.g. A web server is connected to the associated physical port.
Allow TCP If set to yes, TCP packets using the associated port number are allowed through the filter.
Allow UDP If set to yes, UDP packets using the associated port number are allowed through the filer.
Client IP net and mask The client IP net and mask setup an address range of allowed client IP addresses. To allow any addresses through use 0.0.0.0 in both fields.
Server IP net and mask The server IP net and mask setup an address range of allowed server IP addresses. To allow any addresses through use 0.0.0.0 in both fields.
Pass Count The number of packets allowed through the filter. Note that the same filter table can be used by more than one physical port.
Block Count The number of packets blocked by the filter. Note that the same filter table can be used by more than one physical port.
Note that is is possible to have a none zero block count AND passcount. The reasons are:-
a. A server or client is on the "wrong side" of the port. b.UDP or TCP mismatch. c.Address range mismatch. d.Statefull inspection session rules violation - only a client can open a session. e. Session expired. f. Too many attempts to open a session (SYN attack) | ||
|
| ||
|
|
|
Firewall IP Deny Table Page | ||
| ||
|
The IP Deny table allows an individual or range of IP addresses to be blocked. To edit or delete an IP deny click on the associated edit link. To add a new IP deny click on the add deny link. | ||
| ||
|
| ||
|
|
|
Firewall IP Deny Table Fields
IP Address The IP Address or network address to be blocked.
IP Mask The associated mask. Use 255.255.255.255 to block an individual IP address.
Block Count The number of packets to/from the address that were blocked. | ||
|
| ||
|
|
|
VPN & Remote Stations Tables | ||
| ||
|
The VPN & Remote Station Table allows VPN clients to be configured. To edit or delete a client, click on the associated edit link. To add a new client click on theadd remote link. Note the SYNC-PEER remote client cannot be deleted because it is reserved by the system and holds the configuration for the PPP link on the sync port. | ||
| ||
|
| ||
|
|
|
Remote Table Entry Fields | ||
|
Remote name The name used to identify the remote station. This should usually be set to the same name as set in the Rx username field. | ||
|
Connection type The type of connection used :- Physical Port The remote is connected directly to one of the router's ports PPTP Fixed IP VPN link using the PPTP protocol, and pre-configured IP address.
Rx username The username that the remote will send to identify itself. Usually this should be set to the same name as set in the Remote name field.
Rx password The password that the remote will send to identify itselt.
Tx username The username this router will send to identify itself.
Tx password The password this router will send to identify itself.
Local IP The IP address for the local end of the link. 0.0.0.0 is always acceptable.
Remote IP The IP address that will be given to the remote. | ||
|
IP Mask The IP mask for the numbered link, or the remote's network. This field is used in conjunction with the Remote IP field to add an entry into the routing table when the link is established. | ||
|
| ||
|
|
|
|
Technical Issues G703/4 Local Clocking
The B1 supports master or slave clocking on the G703 port. Master Clocking makes the unit use it's own clock for the transmit data port. Slave clocking makes the unit derive the transmit clock from the received clock from the rx data port. When the B1 is in clock master mode, the remote router should be in clock slave mode. Note that on a Megastream(tm) circuit the DATA AND CLOCK are carried end to end. | ||
Loopback clockingIf the transmit port is connected to the receive port to make a test loop, the B1 MUST be configured to clock master mode. Setting the clock mode There are four port modes:- G703Master Unstructured data clock master G703Slave Unstructured data clock slave G704Master Structured data clock master G704Slave Structured data clock slave The mode can be set via the console commands config and main or via the web browser main configuration page. | ||
|
| ||
|
|
|
Unit Serial Number Information | ||
|
Hive Serial Number
_________________________________________________________________
Dallas Serial Number
_________________________________________________________________
Licenced Features
IP Router [ ]
Firewall [ ]
Bridge [ ]
G704 [ ] | ||
|
Firebar [ ]
PA2000 [ ] | ||
|
| ||