Manuals / Black Box / Computer Equipment / Server

Black Box Value-Line and Advanced Console Servers Interface, Port Range, Source IP, Protocol

Models: LES1116A LES110BA LES1308A LES1348A LES144BA Value-Line and Advanced Console Servers LES114BA LES1432A LES1332A LES1316A LES1416A LES1208A-R2 LES1132A LES1216A-R2 LES1232A LES1248A-R2 LES1408A

1 286

Download 286 pages 6.23 Kb

Page 101

Protocol: TCP

Direction: Egress

Action: Block

The firewall rules are processed in a set order- from top to bottom. So rule placement is important. For example with the following rules, all traffic coming in over the Network Interface is blocked except when it comes from two nominated IP addresses (SysAdmin and Tony):

	To allow all incoming traffic on all	To allow all incoming	To block all incoming traffic
	interfaces from the SysAdmin:	traffic from Tony:	from the Network
			Interface:
Interface	Any	Any	Network Interface
Port Range	Any	Any	Any
Source IP	IP address of SysAdmin	IP address of Tony	Any
Destination IP	Any	Any	Any
Protocol	TCP	TCP	TCP
Direction	Ingress	Ingress	Ingress
Action	Accept	Accept	Block

However if the Rule Order above was to be changed so the “Block Everyone Else” rule was second on the list then the traffic coming in over the Network Interface from Tony would be blocked.

_____________________________________________________________________

724-746-5500 blackbox.com

Page 101

Image 101

Black Box Value-Line and Advanced Console Servers Interface, Port Range, Source IP, Destination IP, Protocol, Direction

Contents

Value-Line and Advanced Console Servers User’s Manual Value-Line and Advanced Console Servers Manual Blackbox.com Value-Line and Advanced Console Servers Manual Value-Line and Advanced Console Servers Manual Administrator Password Power connectionSystem Services Management network configurationConfiguring for SSH Tunneling to Hosts FIREWALL, Failover and OoB DIAL-IN OoB Dial-In AccessSDT Connector Client Configuration Serial Port Redirection Managed Devices IPsec VPNSDT Connector Public Key Authentication SDT Connector to Management ConsoleSetting up SDT for Remote Desktop access SSH Tunneling using other SSH clients e.g. PuTTYUninterruptible Power Supply Control UPS Remote Power Control RPCAuthentication Configuration PAM Pluggable Authentication Modules203 13.4 Power Management 212209 213Modifying Snmp Configuration Raw Access to Serial PortsSecure Shell SSH Public Key Authentication Power Strip ControlAppendix This Manual Chapter IntroductionManual Organization ServerConsole server Types of usersManagement Console Publishing history Manual ConventionsDate Revision Update details Copyright Models Chapter InstallationIntroduction Kit components LES1508A Console Server Blackbox.com Kit components LES1108A Console Server Power connection1 LES1508A power 2 LES1116A, LES1132A and LES1148A power Serial Port connection 4 LES1108A powerNetwork connection USB Port Connection PIN Signal Definition DirectionAntenna and SIM Before powering on the console serverIP address Chapter Initial System ConfigurationManagement console connection Browser connection Blackbox.com Administrator Password Name the console server Set up new administratorNetwork IP address Configuration Method Dynamic DNS Ddns configuration 1 IPv6 configurationService Access System ServicesBlackbox.com  Select the Service Settings tab on the System Services Message Changes to configuration succeeded Service SettingsCommunications Software PuTTY SDT ConnectorSSHTerm Management network configurationEnable the Management LAN  Check Enable Dhcp Server Configure the Dhcp serverSelect Failover or broadband OOB Blackbox.com Aggregating the network ports Static routes To add to the static route to the route table of the system Configure Serial Ports Serial Port, Host, Device & User ConfigurationCommon Settings Console Server Mode Blackbox.com Blackbox.com Blackbox.com Blackbox.com SDT Mode Terminal Server Mode Device RPC, UPS, EMD ModeSerial Bridging Mode Cisco USB console connection Add/ Edit UsersPptpd AdminDialin FtpBlackbox.com Blackbox.com Network Hosts Authentication Select Serial & Network Trusted Networks Trusted NetworksAutomatically generate and upload SSH keys Serial Port CascadingManually generate and upload SSH keys  Check Generate SSH keys automatically and click Apply Select RSA Keys and/or DSA Keys # ssh remhost Configure the slaves and their serial ports Managing the Slaves Serial Port Redirection Select Serial & Network Managed Devices Managed DevicesAdd Connection IPsec VPN  Select IPsec VPN on the Serial & Networks menu Enable the VPN gateway Select OpenVPN on the Serial & Networks menu Enable the OpenVPNConfigure as Server or Client Windows OpenVPN Client and Server set up Windows client/server configuration file options are AES Blackbox.com Pptp VPN None Set up a remote Pptp client  Click Apply Settings Add a Pptp userBlackbox.com OoB Dial-In Access Chapter Firewall, Failover and OoB Dial Access Check Enable Dial-In Configure Dial-In PPPMSCHAPv2 Set up Windows XP/ 2003/Vista/7 client Using SDT Connector clientSet up Linux clients for dial-in OoB broadband accessSet up earlier Windows clients Broadband Ethernet Failover Always-on dial-out Dial-Out FailoverBlackbox.com Connect to the GSM HSUPA/UMTS carrier network Failover dial-outBlackbox.com Manual Activation Connect to the Cdma EV-DO carrier networkOtasp Activation Cellular modem watchdog Verify cellular connectionCellular failover setup OOB access set upCellular routing Cellular CSD dial-in setup Check Enable Dial-In and configure the Dial-In Settings Firewall & Forwarding Configuring network forwarding and IP masquerading Dhcp Configuration Configuring client devicesManual Configuration  Click Add New Port Forward Port forwardingFirewall rules Interface Dialout/Cellular Port Range  Click New Firewall RuleDialout/Cellular, VPN, Network Interface, Dial-in etc Port Range InterfaceSource IP Destination IPChapter Secure SSH Tunneling & SDT Connector SDT Connector Client Configuration Configuring for SSH Tunneling to Hosts Run the set-up program SDT Connector installationBlackbox.com Blackbox.com Make an SDT connection through the gateway to a host Manually adding hosts to the SDT Connector gateway Manually adding new services to the new hosts Blackbox.com Adding a client program to be started for the new service Blackbox.com Dial in configuration SDT Connector to Management ConsoleBlackbox.com  Click Add, then scroll to the bottom and click Apply Blackbox.com Pon networkconnection Importing and exporting preferencesOpenSSH Windows http//sshwindows.sourceforge.net/download SDT Connector Public Key AuthenticationSetting up SDT for Remote Desktop access Configure the Remote Desktop Connection client Blackbox.com Option Description  Click ConnectOn a Macintosh client SDT SSH Tunnel for VNC Install, configure and connect the VNC Viewer Blackbox.com Blackbox.com Blackbox.com From  Select Allow calling computer to specify its own address Set up SDT Serial Ports on console server SSH Tunneling using other SSH clients e.g. PuTTY Blackbox.com Blackbox.com Chapter Alerts, Auto-response Logging Configure Auto-ResponseBlackbox.com  Click on UPS / Power Supply as the Check Condition UPS / Power Supply Check Save Auto-Response UPS Status  Click on UPS Status as the Check Condition Check Save Auto-Response Cellular Data Serial Login/Logout Click on Icmp Ping as the Check Condition  Click on Custom Check as the Check Condition  Check Save Auto-Response SMS Command Click on SMS Command as the Check Condition Send Email Action Delay TimeSend SMS  Select Alerts & Logging Smtp &SMS  Click Save New ActionSend Email alerts SMS via Email Gateway Send SMS alertsSMS via Cellular Modem  Select Cellular Modem In the SMS Settings field Select Alerts & Logging Snmp Send Snmp trap alertsNagios alerts LoggingNetwork Serial Ports refer to Chapter Log storageSerial port logging Auto-Response event logging Power device loggingNetwork TCP and UDP port logging RPC connection Chapter Power & Environmental ManagementRemote Power Control RPC Blackbox.com Blackbox.com Turn on RPC access privileges and alertsUser power management RPC status Uninterruptible Power Supply Control UPSTurn OFF Cycle Status Managed UPS connections Blackbox.com Blackbox.com Remote UPS management Controlling UPS powered computers UPS status Monitor managedups@192.168.0.1 1 username password slaveUPS alerts Overview of Network UPS Tools NUT Blackbox.com Environmental Monitoring Connecting the EMD Blackbox.com Environmental status Environmental alertsAuthentication Configuration Chapter AuthenticationTacacs authentication Radius authentication Ldap authentication  Enter the Server PasswordBlackbox.com Group support with remote authentication RADIUS/TACACS User ConfigurationNetwork Remote groups with Radius authenticationRemote groups with Ldap authentication Administration Group DN Idle timeout Remote groups with TACACS+ authentication Select Serial and Network Authentication Kerberos authenticationAuthentication testing PAM Pluggable Authentication ModulesTACACS+ SSL Certificate Blackbox.com Blackbox.com Chapter Nagios Integration Nagios Overview Central management and setting up SDT for NagiosDistributed console servers Black Box console servers Set up central Nagios serverDescription, for example Windows 2003 IIS Server Set up distributed console servers Select Serial Port from the Serial & Network menu  In Description enter Administrator connection Click Console server Mode, and select Logging Level  Check Nagios NscaEnable Nagios on the console server Configuring Nagios distributed monitoringEnabled  Select Users & Groups from the Serial & Network menuEnable Nsca monitoring Enable Nrpe monitoring Select System Nagios and check Nrpe Enabled Configure Selected Serial Ports for Nagios Monitoring  Select System Nagios and check Nsca EnabledConfigure Selected Network Hosts for Nagios Monitoring Permitted ServiceSample Nagios configuration Advanced Distributed Monitoring ConfigurationConfigure the upstream Nagios monitoring host Hostname Black Box CheckpingviaBlack Box CheckportlogBasic Nagios plug-ins Executionfailurecriteria SSH Port Define commandCheckconnviaBlack Box Number of supported devices Additional plug-insLocal office Distributed Monitoring Usage ScenariosRemote site with restrictive firewall II. Remote siteRemote site with no network access Chapter System Management System Administration and ResetConfigure Date and Time Upgrade FirmwareConfiguration Backup Blackbox.com Blackbox.com Delayed Configuration Commit  Select the System Administration menu option Fips Mode Select the Status Port Access Port Access and Active UsersChapter Status Reports StatisticsSyslog Support Reports Select the Status Statistics  Select Status SyslogDashboard Configuring the DashboardBlackbox.com Blackbox.com Echo table Creating custom widgets for the DashboardDevice Management Chapter ManagementWeb Terminal Web Terminal to Command LinePort and Host Logs  Select Manage Terminal SDT Connector access Check Web Terminal and click Apply  Select Manage Power Power ManagementAccessing config from the command line Chapter Command Line ConfigurationOptions SyntaxDescription Run=configurator At /etc/config/config.xml# /bin/config -d element name Listed belowSerial Port configuration Device Mode Console server mode# config -s config.ports.port5.mode=bridge Serial bridge modeConfig.ports.port5.bridge.ssh.enabled=on Syslog settingsAdding and Removing Users # config -g config.users.total# config -d config.users.user2.port1 # config -r users # ./delete-node config.users.user2# config -g config.groups.total Adding and removing user Groups# config -r auth # config -a# config -s config.sdt.hosts.total=4 # config -g config.sdt.hosts.totalAdd power device host Add other network host# config -hosts # config -g config.devices.total# config -g config.portaccess.total Cascaded PortsManaged UPSes # config -r cascadeUPS Connections Remote UPSes # config -s config.ups.monitors.total=1RPC Connections Environmental User Syslog Mail News # config -d config.devices.device8Port Log General settings for all alerts ErrorSignal Alert AlertsPattern Match Alert UPS Power Status AlertEnvironmental and Power Sensor Alert # config -r alerts Alarm Sensor Alert# config -s config.system.smtp.server2=mail.Black Box.com Smtp & SMSSnmp AdministrationIP settings Date & Time Settings # config -s config.system.timezone=US/Eastern Dial-in settings# config -r time # config -s config.console.ppp.defaultroute=onServices Blowfish Twofish RIJNDAEL-256 Serpent Gost NagiosUsing IPMItools Chapter Advanced ConfigurationCustom script to run when booting Custom Scripting# cd # dos2unix /etc/config/rc.localRunning custom scripts when alerts are triggered Deleting Configuration Values from the CLI Example script Power Cycling on Pattern MatchExample script Multiple email notifications on each alert Bin/sh /etc/scripts/alert-email $suffixDelete-node script # ./delete-node config.users.user3While $COUNTER != $TOTAL-NUMBER+1 do NEWTOTAL=$ $TOTALPower Cycle any device when a ping request fails Ping-detect script Running custom scripts when a configurator is invoked Backing-up the configuration off-box # /etc/scripts/backup-usb list# /etc/scripts/backup-usb load filename Advanced Portmanager Portmanager commandsPmshell PmchatPmusers SignalsPortmanager daemon External Scripts and AlertsAccess to serial ports Raw Access to Serial PortsIP- Filtering Accessing the console/modem portEtc/config/ipfilter Sysdescr Black Box Syscontact Modifying Snmp Configuration15.5.1 /etc/config/snmpd.conf Adding more than one Snmp server SSH Overview Secure Shell SSH Public Key AuthenticationConfig --set config.system.snmp.password2=yourpassword Generating Public Keys Linux Installing the SSH Public/Private Keys Clustering$ ssh-keygen -t rsadsa 28aa2938ba40f4115e3fd4fae53614d6 user@serverChown fred /etc/config/users/fred/.ssh/authorizedkeys Installing SSH Public Key Authentication LinuxBlackbox.com Generating public/private keys for SSH Windows Blackbox.com Offending key in /.ssh/knownhosts1 FingerprintingAb7e33bd85505a430be0bd433f1ca5f8 Client Keys SSH tunneled serial bridgingAuthorized Keys Public key to refer to either idrsa.pub or iddsa.pubSecure Sockets Layer SSL Support SDT Connector Public Key Authentication$ ls /home/user/keys Uploading KeysGenerating an encryption key HttpsOpenssl genrsa -des3 -out sslkey.pem Generating a self-signed certificate with OpenSSLInstalling the key and certificate Power Strip ControlLaunching the Https Server Kill -HUP `cat /var/run/inetd.pid`Synopsis PowerMan toolTarget Specification Adding new RPC devices Powerman --on foo0,4-5Pmpower tool Blackbox.com Ipmitool -c-h-v-V-I lan -H hostname -p port P-f password -o oemtype commandIPMItool Cciphersuite AauthtypeIinterface LprivlvlIpmitool help HelpCustom Development Kit CDK Ipmitool chassis power helpScripts for Managing Slaves Ipmitool chassis helpSelect Status Support Report Select Alerts & Logging Port LogSelect Serial & Network Serial Port, Edit the serial ports Appendix a Linux Commands & Source Code Blackbox.com Blackbox.com Blackbox.com Commands Sigspec -n signum -si let arg arg Feature Value Appendix B Hardware SpecificationsFCC Warning Statement Appendix C Safety & CertificationsAppendix F End User License Agreement Read Before Using the Accompanying SoftwareJSch License SDT Connector License Blackbox.com No Warranty Blackbox.com Blackbox.com Black Box Tech Support FREE! Live /7