Manuals / Eicon Networks / Computer Equipment / Network Card

Eicon Networks DIVA LAN ISDN manual Default NAT server, Running a web or FTP server

Models: DIVA LAN ISDN

1 213

Download 213 pages 57.11 Kb

Page 79

Chapter Six: Security	Network address translation 79

Default NAT server

When the DIVA LAN ISDN Modem receives incoming datagrams containing protocols it does not handle, it discards them. For example, if an incoming datagram contains an FTP request and no FTP server has been defined using a static mapping, the data is discarded.

In some cases, you may want to forward these datagrams to a specific computer. The DIVA LAN ISDN Modem calls this computer, the default NAT server.

To define a default NAT server, enter the IP address of the device that should receive these datagrams into the Default NAT server parameter on the IP Parameters panel (see page 80).

Note The DIVA LAN ISDN Modem handles traffic with the following protocols: HTTP, Telnet, TFTP, ECHO (UDP port 7), and SNMP. Only traffic that does not contain these protocols will be forwarded to the default NAT server. To forward these protocols you must define a NAT static mapping for each one.

Running a web or FTP server

Two of the most common reasons to use NAT static mappings are to run a web server or FTP server on a computer connected to the DIVA LAN ISDN Modem.

Use the following diagram as a reference as you examine the NAT mapping examples that follow:

FTP Server			Web Server
192.168.1.5	192.168.1.4	192.168.1.3	192.168.1.2

Internet

192.168.1.1

Static IP address

DIVA

223.132.212.39

B-channel

ISDN

Ethernet

LAN ISDN Modem

FAULT POWER

B1

B2 D LINK

E1 E2 E3 E4/C

DIVA LAN ISDN Modem

ISP

ISDN Network

Configuring a NAT static mapping for a web server

Web traffic is carried on TCP port 80. Therefore, the following NAT mapping is required:

To access the web server, a remote computer uses the URL: HTTP://223.132.212.39/

The DIVA LAN ISDN Modem forwards all web traffic to the appropriate computer on the internal LAN.

Note Setting up a web server disables remote access (via the ISDN line) to the DIVA LAN ISDN Modem web interface. Local computers can still log in.

Configuring a NAT mapping for an FTP server

FTP traffic is carried on TCP ports 20 and 21. Therefore, the following two NAT mappings are required:

Image 79

Eicon Networks DIVA LAN ISDN Default NAT server, Running a web or FTP server, Configuring a NAT mapping for an FTP server

Contents

Diva LAN Isdn Modem User’s Guide First Edition August 206-312-01 Table of Contents Chapter Four Chapter ThreeChapter Five Chapter Seven Chapter SixChapter Eight Chapter Ten Chapter NineAppendix B Appendix aAppendix C Appendix D Introduction Diva LAN Isdn Modem Connecting to the InternetIntroducing the Diva LAN Isdn Modem Creating your own LAN for resource sharingCreating a VPN Connecting to a corporate networkAttaching telephones and fax machines Total network security Connecting more computersCompression for faster throughput Advanced Isdn tariff management Advanced diagnosticsUnsupported configurations Bandwidth on-demandSummary of features Administration Contacting customer servicesWorld wide web Getting Started Installation overview Verify your package contents Prepare for installationVerify the configuration of your computers To configure the Diva LAN Isdn Modem To use the advanced configuration optionsTo run the Modem Monitor software Isdn channel usage Isdn access interfacesChoose a connection protocol Important Isdn conceptsMultilink PPP + Bacp Choosing a connection protocolPPP Multilink PPPMultilink PPP + AO/DI Summary120 Order an Isdn Line Information to record when ordering your lineGather X.25 information Gather Internet account informationGather V.120 information Scripting To install the Diva LAN Isdn Modem Install the Diva LAN Isdn ModemChapter Two Getting Started Install the Diva LAN Isdn Modem To install Modem Monitor Install Modem Monitor Windows 95/98/NT4Page Page Connecting a non-Windows computer to the Diva LAN Isdn Modem Page To configure the Internet connection Configuring the Internet connectionPage Fill in the fields as indicated below Page Page What’s next? Using your Diva LAN Isdn ModemHow long will the line stay connected? Registering your Diva LAN Isdn ModemUsing Modem Monitor Start menu program group Starting Modem MonitorStart menu options Buttons Properties dialog boxUtilities dialog box Options dialog box Profile table Status ViewerUtilities Web-based Configuration Interface To start the web-based configuration interface Starting the web-based configuration interfaceGetting help Saving configuration settingsConnection profile types General settings and connection profilesGeneral settings Connection profile settingsTo edit the ISP profile Editing the ISP profilePage To edit the LAN profile Editing LAN settingsTo save/restore configuration settings Saving and restoring configuration filesSystem status Viewing status informationFront panel display Obtaining statistics Upgrading the Diva LAN Isdn Modem firmware To upgrade the firmwareTo reset the Diva LAN Isdn Modem to factory defaults Resetting to factory defaultsMinimizing Isdn Charges Cost Control Idle timerTo define Cost Control settings To set the idle timerIsdn billing intervals Data call thresholdsTo configure Bacp Configuring BacpChapter Five Minimizing Isdn Charges Configuring Bacp Configuring AO/DI To configure AO/DI On the D-channel To configure X.25 settingsChapter Five Minimizing Isdn Charges Configuring AO/DI To set Isdn active intervals Setting Isdn active intervalsTo enable spoofing of NetBIOS services Spoofing NetBIOS servicesData compression Manual dialing To enable manual dialingTo restrict analog calls Restricting analog callsData over voice To enable data over voiceTraffic filtering Security Configuration interfaces Security featuresTo set the system password System passwordTo erase the system password Automatic log out How it works Network address translationSecurity benefits NAT static mappingsRunning a web or FTP server Default NAT serverConfiguring a NAT static mapping for a web server Configuring a NAT mapping for an FTP serverTo create a static NAT mapping Internet Remote managementTo enable remote management Incoming calls and IP addressing Incoming data callsEnable Answer incoming data calls To enable support for incoming data callsClick Authentication Call screening To set up call screeningTo set up call authentication Call authenticationCallback modes CallbackCallback options Timeout waiting for callback Delay before host calls backTo set up callback Enable Manual dialing only Custom security features Setting up the Phone Ports Setting phone numbers manually Connecting multiple analog devices Connecting modems and fax machinesTo enable support for fax/modem Requirements To enable call bumpingCall bumping How it worksRestricting analog calls To enable supplementary services Supplementary servicesCall Forwarding Caller ID Service Failure ToneCall Waiting VoiceMailCall Transfer Feature Key valuesConnecting to a Corporate Network Resources OverviewGather information To configure the Corporate profile Configure the Corporate profilePage Page Page Support for Microsoft Network Neighborhood Using the corporate connectionNetBIOS name resolution TimeoutsWhat’s next? Advanced Installations Connection retries To define retry settingsTo define a backup profile and set the profile restore delay Using Modem Monitor Installing on an existing LANManual installation Uncheck the Dhcp server enabled option If your LAN has a router Adjusting configuration settings on the LANIf your LAN uses static addressing If your LAN has a Dhcp serverThird-party Ethernet Hub Connecting more than four computersTo create a VPN Creating a virtual private networkConnecting to the VPN Page Defining routes Installation and configuration procedureConcurrent Internet and Intranet connections Selecting a connections protocolStatic vs. dynamic addresses Using masksIP routes About IP addressesExternal addresses 192.168.1.1ISP 212.182.22.39 Why routes are neededInternet Single connectionMultiple connections Internet212.182.22.39 Routing on the local LANDefining routes for the Diva LAN Isdn Modem Routing Information Protocol RIPChapter Nine Advanced Installations IP routes How filtering works IP filtersWhat is a datagram? Default filtersTo define a filter Chapter Nine Advanced Installations IP filters Location ActionDirection Source/DestinationDropping incoming traffic from a specific network IP filtering examples1st filter Allowing incoming traffic only from a specific network2nd filter Blocking web surfing Chapter Nine Advanced Installations Making a V.120 connection To configure the V.120 protocolPage To uninstall the Eicon SecurID Client software To install the Eicon SecurID Client softwareSecurID support To enable SecurID support Other Configuration Tools Local configuration Configuration optionsRemote configuration Prerequisites Local accessRemote access Web interfaceEnabling Tftp server support Using Web interfaceUsing the command line interface CLI Tftp interfaceLoading new firmware via Tftp Uploading/downloading configuration filesDtmf interface CommandsEstablishing a Telnet connection via IP Command line interface CLIEstablishing a serial connection To establish a serial connection Using the command line interfaceConnection profiles About configuration contextDefault profiles Command line referenceTo load the new firmware TCP/IP Configuration Installing TCP/IP Installing and configuring TCP/IP for Windows 95/98Configuring TCP/IP Select Use Dhcp for Wins Resolution Page Installing TCP/IP Installing TCP/IP for Windows NTConfiguring TCP/IP Configuring TCP/IP on an iMac Technical Information B1, B2 Diva LAN Isdn Modem indicator lightsLink Power FaultE1, E2, E3, E4 Port Description Diva LAN Isdn Modem connectorsTo reset Resetting the Diva LAN Isdn ModemResetting operational settings Resetting to factory defaultsSingle Isdn device Installing the resistorTermination Determining termination requirementsCommand Line Reference Section uses the following conventions Notational ConventionsFor information on See CommandsDisable Aodi Areacode Enable Aodi AreacodeSET Aodi Txbuffer bytes Show Callback Configuration SET Callback Mode type option number1 number2SET Callback Timeout seconds SET Callback Delay secondsDelete Isdn Screening channel index Enable Isdn ScreeningDisable Isdn Screening ADD Isdn Screening channel numberCall thresholds Enable Isdn Threshold Disable Isdn ThresholdSET Isdn Threshold intervalDays maxHours maxCalls Show Dhcp Status SET Dhcp Type Server NoneStop Dhcp Trace Show Dhcp ConfigurationDelete Dhcp Staticmap ip Enable Dhcp Staticmap ip Disable Dhcp Staticmap ipShow Dhcp Staticmap SET DNS Address Primary Secondary dnsaddr Enable DNS Relay Disable DNS RelayShow DNS Configuration SET DNS Domain domainShow Ethernet Trace memsize framesize EthernetShow Ethernet Statistics Show Ethernet AddressGeneral Show Time Enable Display Disable DisplayValidate Show DateShow Calls Status Active Last Show LED StatusShow System Status Show VersionSET Action Drop Forward Enable Filter Disable FilterSET Direction in OUT ANY Show IP Filter SET Type ALL UDP TCP SYN Anyicmp ADD IP NAT UDP TCP port ipaddress Enable IP NAT Disable IP NATSET IP NAT UDP TCP Default port address Show IP NATSET IP Route Ipaddr maskLen gwAddr IP routingADD IP Route Ipaddr maskLenmetric gwAddr Delete IP Route IpaddrShow IP Statistics IP variousShow Icmp Statistics Show IP AddressEnable IP Multicast Disable IP Multicast Show IP ConfigurationSET IP Services ALL Intelligent Minimal None Enable IP Spoofing Disable IP SpoofingEnable Isdn Answer Disable Isdn Answer Enable Isdn Teisharing Disable Isdn TeisharingSET Isdn Switch Jate Euro BT TPH China Singapore SET Isdn Switch NI1 5ESS Auto 5ESSPPDetect Isdn Spid Show Isdn Statistics Disable Isdn DELAY56KShow Isdn Configuration SET Isdn Calltype Auto 56K DOVShow Isdn Accesstime Isdn Access TimeEnable Isdn Accesstime Disable Isdn Accesstime Stop Lapd Trace Show Lapd Trace memsize framesizeStop Mail Trace Disable LOG Output Screen RemoteLogging and Mail Trace SET LOG Filter Trace Debug Info Security WarningShow Mlppp Configuration SET Mlppp Linkup threshold delay channelSET Mlppp Linkdown threshold delay channel SET Mlppp Mode Disable Normal Bacp AodiPhone Enable Phone Altring channel Disable Phone Altring channelEnable Phone Callbumping Disable Phone Callbumping Enable Phone Callerid Disable Phone CalleridSET Phone Capability channel Speech Data SET Phone Msgindicator refreshEnable Phone Voicemail channel Silent Disable Phone Voicemail channelSET Phone Country country Show Phone ConfigurationShow Phone Country SET PPP Authent Encrypted ANY Enable PPP Authent Disable PPP AuthentEnable PPP Compression Disable PPP Compression Enable PPP Secureid Disable PPP SecureidShow PPP Configuration Enable PPP Echorequest Disable PPP EchorequestStop PPP Trace port Show PPP StatisticsShow PPP Status Show PPP Trace portmask memsize framesizeProfiles Show Q931 Trace memsize framesize 931Stop Q931 Trace Show RIP Statistics Enable RIP V1 V2 V2COMPATIBLE MergeDisable RIP Merge Show RIP ConfigurationShow RIP Reject Delete RIP Reject ipaddrSET Snmp Location name SET Snmp Name nameSET Snmp Description name SET Snmp Contact nameShow TCP Trace memsize framesize Show TCP StatisticsStop TCP Trace Tftp Enable Tftp Server Disable Tftp ServerSET Timeprotocol Server timeServer Enable Timeprotocol Disable TimeprotocolShow Timeprotocol Configuration Time ProtocolShow UDP Trace memsize framesize Show UDP StatisticsStop UDP Trace SET V120 Mode Multiframe Unacknowledged Enable Disable120 Stop V120 Trace SET V120 Idletime IdleDelayShow V120 Configuration Show V120 Trace memsize framesizeShow Script index ADD Script Line index command argumentScripting Delete Script Line indexSET X25 LCN lcnNumber SET X25 Address localX25addrSET X25 CUD callUserData SET X25 Facilities hexstringShow X25 Status Show X25 ConfigurationStop X25 Trace Regulatory Information 212 Regulatory Information for the U.S.AFCC Part 68 Notice 213 Regulatory Information for Canada