Default NAT server | Eicon Networks DIVA LAN ISDN guide

Chapter Six: Security	Network address translation 79

Default NAT server

When the DIVA LAN ISDN Modem receives incoming datagrams containing protocols it does not handle, it discards them. For example, if an incoming datagram contains an FTP request and no FTP server has been defined using a static mapping, the data is discarded.

In some cases, you may want to forward these datagrams to a specific computer. The DIVA LAN ISDN Modem calls this computer, the default NAT server.

To define a default NAT server, enter the IP address of the device that should receive these datagrams into the Default NAT server parameter on the IP Parameters panel (see page 80).

Note The DIVA LAN ISDN Modem handles traffic with the following protocols: HTTP, Telnet, TFTP, ECHO (UDP port 7), and SNMP. Only traffic that does not contain these protocols will be forwarded to the default NAT server. To forward these protocols you must define a NAT static mapping for each one.

Running a web or FTP server

Two of the most common reasons to use NAT static mappings are to run a web server or FTP server on a computer connected to the DIVA LAN ISDN Modem.

Use the following diagram as a reference as you examine the NAT mapping examples that follow:

FTP Server			Web Server
192.168.1.5	192.168.1.4	192.168.1.3	192.168.1.2

Internet

192.168.1.1

Static IP address

DIVA

223.132.212.39

B-channel

ISDN

Ethernet

LAN ISDN Modem

FAULT POWER

B1

B2 D LINK

E1 E2 E3 E4/C

DIVA LAN ISDN Modem

ISP

ISDN Network

Configuring a NAT static mapping for a web server

Web traffic is carried on TCP port 80. Therefore, the following NAT mapping is required:

To access the web server, a remote computer uses the URL: HTTP://223.132.212.39/

The DIVA LAN ISDN Modem forwards all web traffic to the appropriate computer on the internal LAN.

Note Setting up a web server disables remote access (via the ISDN line) to the DIVA LAN ISDN Modem web interface. Local computers can still log in.

Configuring a NAT mapping for an FTP server

FTP traffic is carried on TCP ports 20 and 21. Therefore, the following two NAT mappings are required:

Image 79

Eicon Networks DIVA LAN ISDN Default NAT server, Running a web or FTP server, Configuring a NAT mapping for an FTP server

Contents

Diva LAN Isdn Modem User’s Guide First Edition August 206-312-01 Table of Contents Chapter Four Chapter ThreeChapter Five Chapter Seven Chapter SixChapter Eight Chapter Ten Chapter Nine Appendix B Appendix aAppendix C Appendix D Introduction Diva LAN Isdn Modem Connecting to the InternetIntroducing the Diva LAN Isdn Modem Creating your own LAN for resource sharing Creating a VPN Connecting to a corporate networkAttaching telephones and fax machines Total network security Connecting more computersCompression for faster throughput Advanced Isdn tariff management Advanced diagnosticsUnsupported configurations Bandwidth on-demand Summary of features Administration Contacting customer servicesWorld wide web Getting Started Installation overview Verify your package contents Prepare for installationVerify the configuration of your computers To configure the Diva LAN Isdn Modem To use the advanced configuration optionsTo run the Modem Monitor software Isdn channel usage Isdn access interfacesChoose a connection protocol Important Isdn concepts Multilink PPP + Bacp Choosing a connection protocolPPP Multilink PPP Multilink PPP + AO/DI Summary120 Order an Isdn Line Information to record when ordering your line Gather X.25 information Gather Internet account informationGather V.120 information Scripting To install the Diva LAN Isdn Modem Install the Diva LAN Isdn Modem Chapter Two Getting Started Install the Diva LAN Isdn Modem To install Modem Monitor Install Modem Monitor Windows 95/98/NT4Page Page Connecting a non-Windows computer to the Diva LAN Isdn Modem Page To configure the Internet connection Configuring the Internet connectionPage Fill in the fields as indicated below Page Page What’s next? Using your Diva LAN Isdn ModemHow long will the line stay connected? Registering your Diva LAN Isdn Modem Using Modem Monitor Start menu program group Starting Modem Monitor Start menu options Buttons Properties dialog box Utilities dialog box Options dialog box Profile table Status ViewerUtilities Web-based Configuration Interface To start the web-based configuration interface Starting the web-based configuration interface Getting help Saving configuration settings Connection profile types General settings and connection profilesGeneral settings Connection profile settings To edit the ISP profile Editing the ISP profilePage To edit the LAN profile Editing LAN settings To save/restore configuration settings Saving and restoring configuration files System status Viewing status informationFront panel display Obtaining statistics Upgrading the Diva LAN Isdn Modem firmware To upgrade the firmware To reset the Diva LAN Isdn Modem to factory defaults Resetting to factory defaults Minimizing Isdn Charges Cost Control Idle timerTo define Cost Control settings To set the idle timer Isdn billing intervals Data call thresholds To configure Bacp Configuring Bacp Chapter Five Minimizing Isdn Charges Configuring Bacp Configuring AO/DI To configure AO/DI On the D-channel To configure X.25 settings Chapter Five Minimizing Isdn Charges Configuring AO/DI To set Isdn active intervals Setting Isdn active intervals To enable spoofing of NetBIOS services Spoofing NetBIOS services Data compression Manual dialing To enable manual dialing To restrict analog calls Restricting analog calls Data over voice To enable data over voice Traffic filtering Security Configuration interfaces Security features To set the system password System passwordTo erase the system password Automatic log out How it works Network address translationSecurity benefits NAT static mappings Running a web or FTP server Default NAT serverConfiguring a NAT static mapping for a web server Configuring a NAT mapping for an FTP server To create a static NAT mapping Internet Remote management To enable remote management Incoming calls and IP addressing Incoming data calls Enable Answer incoming data calls To enable support for incoming data calls Click Authentication Call screening To set up call screening To set up call authentication Call authentication Callback modes CallbackCallback options Timeout waiting for callback Delay before host calls backTo set up callback Enable Manual dialing only Custom security features Setting up the Phone Ports Setting phone numbers manually Connecting multiple analog devices Connecting modems and fax machinesTo enable support for fax/modem Requirements To enable call bumpingCall bumping How it works Restricting analog calls To enable supplementary services Supplementary servicesCall Forwarding Caller ID Service Failure ToneCall Waiting VoiceMail Call Transfer Feature Key values Connecting to a Corporate Network Resources Overview Gather information To configure the Corporate profile Configure the Corporate profilePage Page Page Support for Microsoft Network Neighborhood Using the corporate connectionNetBIOS name resolution Timeouts What’s next? Advanced Installations Connection retries To define retry settings To define a backup profile and set the profile restore delay Using Modem Monitor Installing on an existing LANManual installation Uncheck the Dhcp server enabled option If your LAN has a router Adjusting configuration settings on the LANIf your LAN uses static addressing If your LAN has a Dhcp server Third-party Ethernet Hub Connecting more than four computers To create a VPN Creating a virtual private network Connecting to the VPN Page Defining routes Installation and configuration procedureConcurrent Internet and Intranet connections Selecting a connections protocol Static vs. dynamic addresses Using masksIP routes About IP addresses External addresses 192.168.1.1 ISP 212.182.22.39 Why routes are neededInternet Single connection Multiple connections Internet 212.182.22.39 Routing on the local LAN Defining routes for the Diva LAN Isdn Modem Routing Information Protocol RIP Chapter Nine Advanced Installations IP routes How filtering works IP filters What is a datagram? Default filtersTo define a filter Chapter Nine Advanced Installations IP filters Location ActionDirection Source/Destination Dropping incoming traffic from a specific network IP filtering examples 1st filter Allowing incoming traffic only from a specific network2nd filter Blocking web surfing Chapter Nine Advanced Installations Making a V.120 connection To configure the V.120 protocolPage To uninstall the Eicon SecurID Client software To install the Eicon SecurID Client softwareSecurID support To enable SecurID support Other Configuration Tools Local configuration Configuration optionsRemote configuration Prerequisites Local accessRemote access Web interface Enabling Tftp server support Using Web interfaceUsing the command line interface CLI Tftp interface Loading new firmware via Tftp Uploading/downloading configuration files Dtmf interface Commands Establishing a Telnet connection via IP Command line interface CLIEstablishing a serial connection To establish a serial connection Using the command line interface Connection profiles About configuration contextDefault profiles Command line reference To load the new firmware TCP/IP Configuration Installing TCP/IP Installing and configuring TCP/IP for Windows 95/98Configuring TCP/IP Select Use Dhcp for Wins Resolution Page Installing TCP/IP Installing TCP/IP for Windows NTConfiguring TCP/IP Configuring TCP/IP on an iMac Technical Information B1, B2 Diva LAN Isdn Modem indicator lightsLink Power FaultE1, E2, E3, E4 Port Description Diva LAN Isdn Modem connectors To reset Resetting the Diva LAN Isdn ModemResetting operational settings Resetting to factory defaults Single Isdn device Installing the resistorTermination Determining termination requirements Command Line Reference Section uses the following conventions Notational Conventions For information on See Commands Disable Aodi Areacode Enable Aodi AreacodeSET Aodi Txbuffer bytes Show Callback Configuration SET Callback Mode type option number1 number2SET Callback Timeout seconds SET Callback Delay seconds Delete Isdn Screening channel index Enable Isdn ScreeningDisable Isdn Screening ADD Isdn Screening channel number Call thresholds Enable Isdn Threshold Disable Isdn ThresholdSET Isdn Threshold intervalDays maxHours maxCalls Show Dhcp Status SET Dhcp Type Server None Stop Dhcp Trace Show Dhcp Configuration Delete Dhcp Staticmap ip Enable Dhcp Staticmap ip Disable Dhcp Staticmap ipShow Dhcp Staticmap SET DNS Address Primary Secondary dnsaddr Enable DNS Relay Disable DNS RelayShow DNS Configuration SET DNS Domain domain Show Ethernet Trace memsize framesize EthernetShow Ethernet Statistics Show Ethernet Address General Show Time Enable Display Disable DisplayValidate Show Date Show Calls Status Active Last Show LED StatusShow System Status Show Version SET Action Drop Forward Enable Filter Disable FilterSET Direction in OUT ANY Show IP Filter SET Type ALL UDP TCP SYN Anyicmp ADD IP NAT UDP TCP port ipaddress Enable IP NAT Disable IP NATSET IP NAT UDP TCP Default port address Show IP NAT SET IP Route Ipaddr maskLen gwAddr IP routingADD IP Route Ipaddr maskLenmetric gwAddr Delete IP Route Ipaddr Show IP Statistics IP variousShow Icmp Statistics Show IP Address Enable IP Multicast Disable IP Multicast Show IP ConfigurationSET IP Services ALL Intelligent Minimal None Enable IP Spoofing Disable IP Spoofing Enable Isdn Answer Disable Isdn Answer Enable Isdn Teisharing Disable Isdn Teisharing SET Isdn Switch Jate Euro BT TPH China Singapore SET Isdn Switch NI1 5ESS Auto 5ESSPPDetect Isdn Spid Show Isdn Statistics Disable Isdn DELAY56KShow Isdn Configuration SET Isdn Calltype Auto 56K DOV Show Isdn Accesstime Isdn Access TimeEnable Isdn Accesstime Disable Isdn Accesstime Stop Lapd Trace Show Lapd Trace memsize framesize Stop Mail Trace Disable LOG Output Screen RemoteLogging and Mail Trace SET LOG Filter Trace Debug Info Security Warning Show Mlppp Configuration SET Mlppp Linkup threshold delay channelSET Mlppp Linkdown threshold delay channel SET Mlppp Mode Disable Normal Bacp Aodi Phone Enable Phone Altring channel Disable Phone Altring channelEnable Phone Callbumping Disable Phone Callbumping Enable Phone Callerid Disable Phone Callerid SET Phone Capability channel Speech Data SET Phone Msgindicator refreshEnable Phone Voicemail channel Silent Disable Phone Voicemail channel SET Phone Country country Show Phone ConfigurationShow Phone Country SET PPP Authent Encrypted ANY Enable PPP Authent Disable PPP AuthentEnable PPP Compression Disable PPP Compression Enable PPP Secureid Disable PPP Secureid Show PPP Configuration Enable PPP Echorequest Disable PPP Echorequest Stop PPP Trace port Show PPP StatisticsShow PPP Status Show PPP Trace portmask memsize framesize Profiles Show Q931 Trace memsize framesize 931Stop Q931 Trace Show RIP Statistics Enable RIP V1 V2 V2COMPATIBLE MergeDisable RIP Merge Show RIP Configuration Show RIP Reject Delete RIP Reject ipaddr SET Snmp Location name SET Snmp Name nameSET Snmp Description name SET Snmp Contact name Show TCP Trace memsize framesize Show TCP StatisticsStop TCP Trace Tftp Enable Tftp Server Disable Tftp Server SET Timeprotocol Server timeServer Enable Timeprotocol Disable TimeprotocolShow Timeprotocol Configuration Time Protocol Show UDP Trace memsize framesize Show UDP StatisticsStop UDP Trace SET V120 Mode Multiframe Unacknowledged Enable Disable120 Stop V120 Trace SET V120 Idletime IdleDelayShow V120 Configuration Show V120 Trace memsize framesize Show Script index ADD Script Line index command argumentScripting Delete Script Line index SET X25 LCN lcnNumber SET X25 Address localX25addrSET X25 CUD callUserData SET X25 Facilities hexstring Show X25 Status Show X25 ConfigurationStop X25 Trace Regulatory Information 212 Regulatory Information for the U.S.AFCC Part 68 Notice 213 Regulatory Information for Canada