Manuals / Black Box / Computer Equipment / Server

Black Box LES1132A, LES1332A, LES1408A, LES144BA, LES1416A, LES1348A, LES1432A, LES1316A Firewall rules

Models: LES1116A LES110BA LES1308A LES1348A LES144BA Value-Line and Advanced Console Servers LES114BA LES1432A LES1332A LES1316A LES1416A LES1208A-R2 LES1132A LES1216A-R2 LES1232A LES1248A-R2 LES1408A

1 286

Download 286 pages 6.23 Kb

Page 99

Source Address: This allows the user to restrict access to a port forward to a specific address. In most cases, this should be left blank

Input Port Range: The range of ports to forward to the destination IP. These will be the port(s) specified when accessing the port forward. These ports need not be the same as the output port range.

Protocol: The protocol of the data being forwarded. The options are TCP or UDP

Output Address: The target of the port forward. This is an address on the internal network where packets sent to the Input Interface on the input port range are sent.

Output Port Range: The port or ports that the packets will be redirected to on the Output Address.

For example, to forward port 8443 to an internal HTTPS server on 192.168.10.2, the following settings would be used:

Input Interface: Any

Input Port Range: 8443

Protocol: TCP

Output Address: 192.168.10.2

Output Port Range: 443

5.8.4Firewall rules

Firewall rules can be used to block or allow traffic through an interface based on port number, the source and/or destination IP address (range), the direction (ingress or egress) and the protocol. This can be used to allow custom on-box services, or block traffic based on policy.

To setup a firewall rule:

Navigate to the System: Firewall page, and click on the Firewall Rules tab

_____________________________________________________________________

724-746-5500 blackbox.com

Page 99

Image 99

Black Box LES1132A, LES1332A, LES1408A, LES144BA, LES1416A, LES1348A, LES1432A, LES1316A, LES1308A, LES1232A Firewall rules

Contents

Value-Line and Advanced Console Servers User’s Manual Value-Line and Advanced Console Servers Manual Blackbox.com Value-Line and Advanced Console Servers Manual Value-Line and Advanced Console Servers Manual Management network configuration Power connectionAdministrator Password System Services Serial Port Redirection Managed Devices IPsec VPN FIREWALL, Failover and OoB DIAL-IN OoB Dial-In AccessConfiguring for SSH Tunneling to Hosts SDT Connector Client Configuration SSH Tunneling using other SSH clients e.g. PuTTY SDT Connector to Management ConsoleSDT Connector Public Key Authentication Setting up SDT for Remote Desktop access PAM Pluggable Authentication Modules Remote Power Control RPCUninterruptible Power Supply Control UPS Authentication Configuration 213 13.4 Power Management 212203 209 Power Strip Control Raw Access to Serial PortsModifying Snmp Configuration Secure Shell SSH Public Key Authentication Appendix Server Chapter IntroductionThis Manual Manual Organization Types of users Management ConsoleConsole server Publishing history Manual Conventions Date Revision Update details Copyright Chapter Installation IntroductionModels Kit components LES1508A Console Server Blackbox.com Power connection 1 LES1508A powerKit components LES1108A Console Server 2 LES1116A, LES1132A and LES1148A power 4 LES1108A power Network connectionSerial Port connection USB Port Connection PIN Signal Definition Direction Antenna and SIM Before powering on the console server Chapter Initial System Configuration Management console connectionIP address Browser connection Blackbox.com Administrator Password Set up new administrator Network IP addressName the console server Configuration Method Dynamic DNS Ddns configuration 1 IPv6 configuration Service Access System Services Blackbox.com  Select the Service Settings tab on the System Services Message Changes to configuration succeeded Service Settings Communications Software PuTTY SDT Connector SSHTerm Management network configuration Enable the Management LAN  Check Enable Dhcp Server Configure the Dhcp server Select Failover or broadband OOB Blackbox.com Aggregating the network ports Static routes To add to the static route to the route table of the system Configure Serial Ports Serial Port, Host, Device & User Configuration Common Settings Console Server Mode Blackbox.com Blackbox.com Blackbox.com Blackbox.com SDT Mode Terminal Server Mode Device RPC, UPS, EMD Mode Serial Bridging Mode Cisco USB console connection Add/ Edit Users Ftp AdminPptpd Dialin Blackbox.com Blackbox.com Network Hosts Authentication  Select Serial & Network Trusted Networks Trusted Networks Automatically generate and upload SSH keys Serial Port Cascading  Check Generate SSH keys automatically and click Apply  Select RSA Keys and/or DSA KeysManually generate and upload SSH keys # ssh remhost Configure the slaves and their serial ports Managing the Slaves Serial Port Redirection  Select Serial & Network Managed Devices Managed Devices Add Connection IPsec VPN  Select IPsec VPN on the Serial & Networks menu Enable the VPN gateway  Select OpenVPN on the Serial & Networks menu Enable the OpenVPN Configure as Server or Client Windows OpenVPN Client and Server set up Windows client/server configuration file options are AES Blackbox.com Pptp VPN None Set up a remote Pptp client  Click Apply Settings Add a Pptp user Blackbox.com OoB Dial-In Access Chapter Firewall, Failover and OoB Dial Access  Check Enable Dial-In Configure Dial-In PPP MSCHAPv2 Set up Windows XP/ 2003/Vista/7 client Using SDT Connector client OoB broadband access Set up earlier Windows clientsSet up Linux clients for dial-in Broadband Ethernet Failover Always-on dial-out Dial-Out Failover Blackbox.com Connect to the GSM HSUPA/UMTS carrier network Failover dial-out Blackbox.com Connect to the Cdma EV-DO carrier network Otasp ActivationManual Activation Cellular modem watchdog Verify cellular connection Cellular failover setup OOB access set up Cellular CSD dial-in setup  Check Enable Dial-In and configure the Dial-In SettingsCellular routing Firewall & Forwarding Configuring network forwarding and IP masquerading Configuring client devices Manual ConfigurationDhcp Configuration  Click Add New Port Forward Port forwarding Firewall rules  Click New Firewall Rule Dialout/Cellular, VPN, Network Interface, Dial-in etcInterface Dialout/Cellular Port Range Destination IP InterfacePort Range Source IP Chapter Secure SSH Tunneling & SDT Connector SDT Connector Client Configuration Configuring for SSH Tunneling to Hosts  Run the set-up program SDT Connector installation Blackbox.com Blackbox.com Make an SDT connection through the gateway to a host Manually adding hosts to the SDT Connector gateway Manually adding new services to the new hosts Blackbox.com Adding a client program to be started for the new service Blackbox.com Dial in configuration SDT Connector to Management Console Blackbox.com  Click Add, then scroll to the bottom and click Apply Blackbox.com Pon networkconnection Importing and exporting preferences OpenSSH Windows http//sshwindows.sourceforge.net/download SDT Connector Public Key Authentication Setting up SDT for Remote Desktop access Configure the Remote Desktop Connection client Blackbox.com Option Description  Click Connect On a Macintosh client SDT SSH Tunnel for VNC Install, configure and connect the VNC Viewer Blackbox.com Blackbox.com Blackbox.com From  Select Allow calling computer to specify its own address Set up SDT Serial Ports on console server SSH Tunneling using other SSH clients e.g. PuTTY Blackbox.com Blackbox.com Chapter Alerts, Auto-response Logging Configure Auto-Response Blackbox.com  Click on UPS Status as the Check Condition UPS / Power Supply Click on UPS / Power Supply as the Check Condition  Check Save Auto-Response UPS Status Serial Login/Logout  Click on Icmp Ping as the Check Condition Check Save Auto-Response Cellular Data  Check Save Auto-Response SMS Command  Click on SMS Command as the Check Condition Click on Custom Check as the Check Condition Send Email Action Delay Time Send SMS  Click Save New Action Send Email alerts Select Alerts & Logging Smtp &SMS SMS via Email Gateway Send SMS alerts SMS via Cellular Modem  Select Cellular Modem In the SMS Settings field  Select Alerts & Logging Snmp Send Snmp trap alerts Log storage LoggingNagios alerts Network Serial Ports refer to Chapter Serial port logging Power device logging Network TCP and UDP port loggingAuto-Response event logging Chapter Power & Environmental Management Remote Power Control RPCRPC connection Blackbox.com Blackbox.com RPC access privileges and alerts User power managementTurn on Uninterruptible Power Supply Control UPS Turn OFF Cycle StatusRPC status Managed UPS connections Blackbox.com Blackbox.com Remote UPS management Controlling UPS powered computers Monitor managedups@192.168.0.1 1 username password slave UPS alertsUPS status Overview of Network UPS Tools NUT Blackbox.com Environmental Monitoring Connecting the EMD Blackbox.com Environmental status Environmental alerts Authentication Configuration Chapter Authentication Tacacs authentication Radius authentication Ldap authentication  Enter the Server Password Blackbox.com Group support with remote authentication RADIUS/TACACS User Configuration Remote groups with Radius authentication Remote groups with Ldap authenticationNetwork Administration Group DN Kerberos authentication Remote groups with TACACS+ authenticationIdle timeout  Select Serial and Network Authentication Authentication testing PAM Pluggable Authentication Modules TACACS+ SSL Certificate Blackbox.com Blackbox.com Chapter Nagios Integration Nagios Overview Central management and setting up SDT for Nagios Distributed console servers Black Box console servers Set up central Nagios server Description, for example Windows 2003 IIS Server Set up distributed console servers  Check Nagios Nsca  In Description enter Administrator connection Select Serial Port from the Serial & Network menu  Click Console server Mode, and select Logging Level  Select Users & Groups from the Serial & Network menu Configuring Nagios distributed monitoringEnable Nagios on the console server Enabled Enable Nrpe monitoring  Select System Nagios and check Nrpe EnabledEnable Nsca monitoring Permitted Service  Select System Nagios and check Nsca EnabledConfigure Selected Serial Ports for Nagios Monitoring Configure Selected Network Hosts for Nagios Monitoring Advanced Distributed Monitoring Configuration Configure the upstream Nagios monitoring hostSample Nagios configuration Hostname Black Box CheckpingviaBlack Box Checkportlog Executionfailurecriteria SSH Port Define command CheckconnviaBlack BoxBasic Nagios plug-ins Number of supported devices Additional plug-ins Local office Distributed Monitoring Usage Scenarios Remote site with restrictive firewall II. Remote site Remote site with no network access Chapter System Management System Administration and Reset Configure Date and Time Upgrade Firmware Configuration Backup Blackbox.com Blackbox.com Delayed Configuration Commit  Select the System Administration menu option Fips Mode Statistics Port Access and Active Users Select the Status Port Access Chapter Status Reports  Select Status Syslog Support ReportsSyslog  Select the Status Statistics Dashboard Configuring the Dashboard Blackbox.com Blackbox.com Echo table Creating custom widgets for the Dashboard Device Management Chapter Management Web Terminal to Command Line Port and Host LogsWeb Terminal SDT Connector access  Check Web Terminal and click Apply Select Manage Terminal  Select Manage Power Power Management Accessing config from the command line Chapter Command Line Configuration Syntax DescriptionOptions Listed below At /etc/config/config.xmlRun=configurator # /bin/config -d element name Serial Port configuration Device Mode Console server mode Syslog settings Serial bridge mode# config -s config.ports.port5.mode=bridge Config.ports.port5.bridge.ssh.enabled=on # config -g config.users.total # config -d config.users.user2.port1Adding and Removing Users Adding and removing user Groups # ./delete-node config.users.user2# config -r users # config -g config.groups.total # config -r auth # config -a Add other network host # config -g config.sdt.hosts.total# config -s config.sdt.hosts.total=4 Add power device host Cascaded Ports # config -g config.devices.total# config -hosts # config -g config.portaccess.total # config -r cascade UPS ConnectionsManaged UPSes # config -s config.ups.monitors.total=1 RPC ConnectionsRemote UPSes Environmental # config -d config.devices.device8 Port LogUser Syslog Mail News Alerts ErrorGeneral settings for all alerts Signal Alert UPS Power Status Alert Environmental and Power Sensor AlertPattern Match Alert Smtp & SMS Alarm Sensor Alert# config -r alerts # config -s config.system.smtp.server2=mail.Black Box.com Administration IP settingsSnmp Date & Time Settings # config -s config.console.ppp.defaultroute=on Dial-in settings# config -s config.system.timezone=US/Eastern # config -r time Services Blowfish Twofish RIJNDAEL-256 Serpent Gost Nagios Custom Scripting Chapter Advanced ConfigurationUsing IPMItools Custom script to run when booting # dos2unix /etc/config/rc.local Running custom scripts when alerts are triggered# cd Bin/sh /etc/scripts/alert-email $suffix Example script Power Cycling on Pattern MatchDeleting Configuration Values from the CLI Example script Multiple email notifications on each alert Delete-node script # ./delete-node config.users.user3 While $COUNTER != $TOTAL-NUMBER+1 do NEWTOTAL=$ $TOTAL Power Cycle any device when a ping request fails Ping-detect script Running custom scripts when a configurator is invoked # /etc/scripts/backup-usb list # /etc/scripts/backup-usb load filenameBacking-up the configuration off-box Pmchat Portmanager commandsAdvanced Portmanager Pmshell External Scripts and Alerts SignalsPmusers Portmanager daemon Access to serial ports Raw Access to Serial Ports Accessing the console/modem port Etc/config/ipfilterIP- Filtering Modifying Snmp Configuration 15.5.1 /etc/config/snmpd.confSysdescr Black Box Syscontact Adding more than one Snmp server Secure Shell SSH Public Key Authentication Config --set config.system.snmp.password2=yourpasswordSSH Overview 28aa2938ba40f4115e3fd4fae53614d6 user@server Installing the SSH Public/Private Keys ClusteringGenerating Public Keys Linux $ ssh-keygen -t rsadsa Chown fred /etc/config/users/fred/.ssh/authorizedkeys Installing SSH Public Key Authentication Linux Blackbox.com Generating public/private keys for SSH Windows Blackbox.com Fingerprinting Ab7e33bd85505a430be0bd433f1ca5f8Offending key in /.ssh/knownhosts1 Client Keys SSH tunneled serial bridging Authorized Keys Public key to refer to either idrsa.pub or iddsa.pub Uploading Keys SDT Connector Public Key AuthenticationSecure Sockets Layer SSL Support $ ls /home/user/keys Generating a self-signed certificate with OpenSSL HttpsGenerating an encryption key Openssl genrsa -des3 -out sslkey.pem Kill -HUP `cat /var/run/inetd.pid` Power Strip ControlInstalling the key and certificate Launching the Https Server PowerMan tool Target SpecificationSynopsis Powerman --on foo0,4-5 Pmpower toolAdding new RPC devices Blackbox.com P-f password -o oemtype command IPMItoolIpmitool -c-h-v-V-I lan -H hostname -p port Lprivlvl AauthtypeCciphersuite Iinterface Ipmitool help Help Ipmitool chassis help Ipmitool chassis power helpCustom Development Kit CDK Scripts for Managing Slaves Select Alerts & Logging Port Log Select Serial & Network Serial Port, Edit the serial portsSelect Status Support Report Appendix a Linux Commands & Source Code Blackbox.com Blackbox.com Blackbox.com Commands Sigspec -n signum -si let arg arg Feature Value Appendix B Hardware Specifications FCC Warning Statement Appendix C Safety & Certifications Appendix F End User License Agreement Read Before Using the Accompanying Software JSch License SDT Connector License Blackbox.com No Warranty Blackbox.com Blackbox.com Black Box Tech Support FREE! Live /7