SnapGear 1.7.8 manual Lan

Page 6

Term	Meaning
	millions of people worldwide. The Internet is technically distinguished
	because it uses the TCP/IP set of protocols.
Intranet	A private TCP/IP network within an enterprise.
IPSec	Internet Protocol Security. IPSec provides interoperable, high quality,
	cryptographically-based security at the IP layer and offers protection
	for network communications.
LAN	Local Area Network.
LED	Light-Emitting Diode.
MAC address	The hardware address of an Ethernet interface. It is a 48-bit number
	usually written as a series of 6 hexadecimal octets, e.g.
	00:d0:cf:00:5b:da. A SnapGear appliance has a MAC address for
	each Ethernet interface. These are listed on a label on the
	underneath of the device.
Masquerade	The process when a gateway on a local network modifies outgoing
	packets by replacing the source address of the packets with its own
	IP address. All IP traffic originating from the local network appears to
	come from the gateway itself and not the machines on the local
	network.
NAT	Network Address Translation. The translation of an IP address used
	on one network to an IP address on another network. Masquerading
	is one particular form of NAT.
Net mask	The way that computers know which part of a TCP/IP address refers
	to the network, and which part refers to the host range.
NTP	Network Time Protocol (NTP) used to synchronize clock times in a
	network of computers.
PAT	Port Address Translation. The translation of a port number used on
	one network to a port number on another network.
PPP	Point-to-Point Protocol. A networking protocol for establishing simple
	links between two peers.
PPPoE	Point to Point Protocol over Ethernet. A protocol for connecting users
	on an Ethernet to the Internet using a common broadband medium
	(e.g. single DSL line, wireless device, cable modem, etc).
PPTP	Point to Point Tunneling Protocol. A protocol developed by
	Microsoft™ that is popular for VPN applications. Although not
	considered as secure as IPSec, PPP is considered “good enough”
	technology. Microsoft has addressed many flaws in the original
	implementation.
Road warrior	A remote machine with no fixed IP address.
Router	A network device that moves packets of data. A router differs from
	hubs and switches because it is “intelligent” and can route packets to
	their final destination.
Subnet mask	See “Net mask”.
Switch	A network device that is similar to a hub, but much smarter. Although

3

Introduction

Image 6

Contents Rev May 2nd Table of contents Virtual Private Networking Introduction Terminology Term MeaningLAN Document conventions TCP/IPInstalling and configuring your SnapGear appliance Step ChapterYour SnapGear appliance LEDsLabel Activity Description SnapGear appliance back panels Network interconnections SnapGear appliance features Software featuresInternet link features LAN link featuresDial-in connection features Environmental features Static IP reset Getting startedNew Networks 10.0.0.0 10.255.255.255 10/8 prefix192.168.0.0 192.168.0.255 192.168.0/24 prefix Configuring the SnapGear appliance on your network Page Set up IP addresses Your SnapGear appliance was found on the network Multiple SnapGear appliances were found on the networkYour SnapGear appliance needs an IP address Administrative password SnapGear Management Console web administration pagesInitial setup using Linux Using linsetipUsing an existing local Dhcp or Bootp server Ping -b subnet broadcast address Arp -aConfiguring a new local Dhcp or Bootp server Edit the /etc/inetd.conf fileSnapGear Quick Setup LAN port quick setup LAN port quick setupISP connection quick setup ISP connection quick setupGetting started Configuring the PCs on your network TCP/IP properties Connecting to the Internet Physically connect modem deviceSelect Internet connection Connect to Internet cable modemConnect to Internet Adsl Connect to Internet direct Connect to Internet modemISP. The Password and Confirm Password fields must Field DescriptionAdvanced configuration option Internet failoverFollowing figure shows the failover configuration screen Failed connection Configure PCs to use SnapGear appliance Internet gateway Establishing the connectionDial-in server configuration Dial-in server configuration Dial-in setup Dial-in setupField Description Dial-in user accounts Dial-in user account creationFollowing figure shows the user maintenance screen Dial-in password error Account listRemote user configuration For Windows 95 and WindowsServer types Windows Connect to dialogue boxClick Next to continue 11 Connection availability 13 Remote access login screen Network configuration IP configurationNetwork configuration Advanced IP configuration Advanced IP configurationNetwork configuration Dhcp server configuration Dhcp serverNetwork configuration Advanced networking Traffic shapingAdditional routes Incoming access FirewallIncoming access administration services Incoming access configurationExternal access to services Configure external access to servicesPort forwarding configuration Port forwardingOutgoing access Security group classes configurationOutgoing access settings Firewall rulesIntrusion detection and blocking configuration Intrusion detection and blockingPage Content filtering Content filtering Filtering levels and reporting Filtering Level Description1VPN tunneling using the Pptp server Virtual Private NetworkingPptp client setup Pptp client configuration Pptp server setup Enable and configure the Pptp VPN server Pptp server setupField Description Configuring user accounts for VPN server 4PPTP VPN server accounts screenVirtual Private Networking Configuring the remote VPN client VPN Pptp IP addressVirtual Private Networking VPN client setup Windows 95 and WindowsYour VPN client is now set up correctly Windows NT Network and dial-up connections This displays the Destination Address window Connecting the remote VPN client IPSec setup 12 IPSec setup13 Add new IPSec connection Virtual Private Networking 14 Automatic keying setup Aggressive mode phase 1 settings Technique DescriptionIPSec interoperability Password SystemTime server Diagnostics AdvancedFlash upgrade Reset buttonTechnical support Technical supportAppendix a LED status patterns LED Pattern Status ActionAccess Logging Appendix B System LogEth1 Default DenyEth0 PppCreating Custom Log Rules Forward Iptables -I Forward -j LOG -i eth+ -o eth+ -p tcp Administrative Access Logging Rate LimitingBoot Log Messages