Dhcp, Firewall Setting Off Low/Medium High | Motorola 3397GP

Administrator’s Handbook

As a device on the Internet, a Motorola Netopia® Gateway requires an IP address in order to send or receive trafﬁc.

The IP trafﬁc sent or received have an associated application port which is dependent on the nature of the connection request. In the IP protocol standard the following session types are common applica- tions:

❑	ICMP	❑	HTTP	❑	FTP
❑	SNMP	❑	telnet	❑	DHCP

By receiving a response to a scan from a port or series of ports (which is the expected behavior accord- ing to the IP standard), hackers can identify an existing device and gain a potential opening for access to an internet-connected device.

To protect LAN users and their network from these types of attacks, the Motorola Netopia® Firewall offers three levels of increasing protection.

The following tables indicate the state of ports associated with session types, both on the WAN side and the LAN side of the Gateway.

This table shows how inbound trafﬁc is treated. Inbound means the trafﬁc is coming from the WAN into the WAN side of the Gateway.

Gateway: WAN Side

	Firewall Setting >>	Off	Low/Medium*	High

Port	Session Type	--------------Port State-----------------------

20	ftp data	Enabled	Disabled	Disabled

21	ftp control	Enabled	Disabled	Disabled

23	telnet external	Enabled	Disabled	Disabled

23	telnet Netopia server	Enabled	Disabled	Disabled

80	http external	Enabled	Disabled	Disabled

80	http Netopia server	Enabled	Disabled	Disabled

67	DHCP client	Enabled	Enabled	Disabled

68	DHCP server	Not Applicable	Not Applicable	Not Applicable

161	snmp	Enabled	Disabled	Disabled

	ping (ICMP)	Enabled	Disabled	Disabled

24

Image 24

Motorola 3397GP manual Dhcp, Firewall Setting Off Low/Medium High

Contents

Administrator’s Handbook Part Number Table of Contents Home Page Expert Mode 127 Index Setting up Your Motorola Netopia Gateway What’s New Important Safety Instructions Power Supply Installation Wichtige Sicherheitshinweise AchtungBewahren Sie diese Anweisungen auf Set up your Gateway Conﬁgure Your PC for Dynamic Addressing Microsoft WindowsPage Select Built-in Ethernet Select Conﬁgure Using Dhcp Motorola Netopia Gateway Quickstart Select your language from the pull-down menu and click Next Click OK PPPoE QuickstartPage Administrator’s Handbook Basic Mode Features Home Home Page InformationConnection Information Router Information Local Network More Buttons Links Bar Firewall Firewall Background Firewall Setting Off Low/Medium High Dhcp Gateway LAN Side Wireless Protected Setup Page Wireless Enable WirelessWireless ID Ssid Enable Wireless Protected Setup WPS Enable Wireless Scheduler Privacy Operating Mode Advanced Conﬁguration Options optional AutoChannel Setting Enable Wireless Scheduler Enable Wireless Protected Setup WPS Privacy Radius Server authentication WPA-PSK WEP-Manual Examples WEP-Automatic Enable Multiple Wireless IDs Administrator’s Handbook Page WiFi Multimedia Page Wireless MAC Authorization optional Page Once you choose a software service or game, click Enable Gaming List of Supported Games and Software FTP Nntp Deﬁne Custom Service Static NAT Expert Mode Troubleshoot Diagnostics Result Meaning Statistics Downstream and Upstream statistics Ethernet GeneralIP interfaces Network Routing Table and Host Routing Table Wireless LogsDhcp Server Status May be On or Off Devices on LAN Help Administrator’s Handbook Expert Mode Home Page Expert Mode Gateway Information Local Network More Buttons Help LAN/WAN Conﬁgure Connection Administrator’s Handbook LAN/WAN Dhcp Server Page IP Passthrough Restriction NAT List of Supported Games and Software Nntp Deﬁne Custom Service Static NAT Router Password Time Zone Vlan Overview Ethernet Switching/Policy Setup Administrator’s Handbook Vlan Port Conﬁguration screen appears Administrator’s Handbook Page Administrator’s Handbook VoIP SIP Line Entry Call Features Settings Digit Map Administrator’s Handbook Wireless Enable Wireless Scheduler Operating Mode Default Channel AutoChannel Setting Enable Closed System ModeAbout Closed System Mode and Wireless Encryption Block Wireless Bridging Privacy Radius Server authentication WPA-PSK WEP-Manual Examples WEP-Automatic Enable Multiple Wireless IDs 100 101 102 103 104 105 Statistics 106 107 108 Diagnostics 109 Remote Access 110 Update Router From a ServerFrom your PC 111 Reset Router 112 Restart Router 113 Basic Mode 114 Basic Troubleshooting 115 Status Indicator Lights Power116 Ethernet 117 ActionModel 2241N only 118 Ethernet 1, 2, 3 Wireless 119 Power Ethernet 1, 2, 3 Wireless Internet 120Line Phone 1, Phone Wireless Ethernet 1, 2, 3 121 122 DSL 1 & 2 ADSL2+Models only Ethernet 1, 2, 3 123 LED Function Summary Matrix 124 125 Factory Reset Switch Series2240N2241N 3347-02 2246N Command Line Interface 127 Config Commands 128 Overview 129 Command Verbs Status and/or Description 130Keywords Using the CLI Help Facility Saving SettingsStarting and Ending a CLI Session Logging About Shell Commands Shell Command ShortcutsShell Prompt 132 Shell Commands Common Commands License key Loglevel level134 Reset arp NetstatNetstat -r Quit Reset atm Reset cdmodeReset crash Reset dhcp server Reset wan-users all ip-address Reset wanReset wepkeys Show backup Show daylight-savings Show dhcp agentShow dhcp server leases Show diffserv Show features Show etheroam ahShow group-mgmt Show ip arp Show ip lan-discovery Show ip routesShow ip state-insp Show ipmap Show summary Show vlan141 142 Show wireless all Show wireless clients MACaddressShow voip Voip rtpstats WAN Commands About Config Commands Config Mode PromptNavigating the Config Hierarchy Show ppp stats lcp ipcp Entering Commands in Config Mode Guidelines Config CommandsDisplaying Current Gateway Settings Set ip ethernet a ipaddress Step Mode a CLI Conﬁguration Technique Validating Your Conﬁguration147 Config Commands Remote ATA Conﬁguration Commands Set ata proﬁle 0.. ata-user-password string Set ata proﬁle 0.. ata-static-wan-gateway ipaddrSet ata proﬁle 0.. ata-proxy-server ipaddr Set ata proﬁle 0.. ata-proxy-port port DSL Commands Bridging Settings Set atm vcc n vci 0Set atm vccn pppoe-sessions 1 Set bridge sys-bridge on off Set bridge table-timeout 30 Set bridge concurrent-bridging-routing on offSet bridge dhcp-ﬁlterset string Set bridge ethernet option on off Dhcp Settings Set dhcp range 2.. start-address ipaddress Set dhcp range 2.. end-address ipaddressSet dhcp gen-option name name Set dhcp gen-option option 1 155 Option Data Format Data Size Can Bytes Conﬁgure Set dhcp gen-option data-type ascii hex dotted-decimal Set dhcp gen-option data data156 Set dhcp ﬁlterset name string rule n dhcp-option 0 Set dhcp ﬁlterset name string rule n match-str matchstring157 Set dhcp ﬁlterset name string rule n match-pool ipaddress Set dhcp ﬁlterset name string rule n absent-pool ipaddressSet dhcp assigned-ﬁlterset string 158 DMT Settings Domain Name System Settings 161 Igmp Settings 162Igmp Version 3 supports Set igmp snooping off on Set igmp robustness valueSet igmp query-intvl value Set igmp query-response-intvl value IP Settings Set ip arp-timeout 60 Set ip dsl vccn restrictions admin-disabled noneSet ip dsl vccn address ipaddress Set ip dsl vccn broadcast broadcastaddress Set ip dsl vccn mcast-fwd on off Set ip dsl vccn igmp-null-source-addr on offSet ip dsl vccn unnumbered on off Set ip dsl vccn dns acquired-dns-priority 0 Set ip ethernet a restrictions none admin-disabled Set ip ethernet a option on offSet ip ethernet a address ipaddress Set ip ethernet a broadcast broadcastaddress Set ip ethernet a rip-receive off v1 v2 v1-compat v2-MD5 Set ip ethernet a subnet 2 .. option on offSet ip ethernet a subnet n address ipaddress Set ip ethernet a subnet n netmask netmask Set ip ip-ppp vccn restrictions admin-disabled none Set ip ip-ppp vccn option on offSet ip ip-ppp vccn address ipaddress Set ip ip-ppp vccn peer-address ipaddress Set ip ip-ppp vccn rip-send off v1 v2 v1-compat v2-MD5 Set ip ip-ppp vccn rip-receive off v1 v2 v1-compat v2-MD5Set ip ip-ppp vccn igmp-null-source-addr on off Set ip ip-ppp vccn mcast-fwd on off Set ip static-arp ip-addressipaddress Set ip igmp-forwarding off onSet ip ipsec-passthrough off on 171 Set ip sip-passthrough on off Set ip rtsp-passthrough off onSet ip prioritize off on 172 Set diffserv option off on Set diffserv lohi-ratio 60 100 percent173 QoS Setting TOS Bit Value Behavior Qos off assure expedite network-control174 Set diffserv qos dscp-map default custom 175 176 Set diffserv qos dscp-map-23 expedite Queue Conﬁguration 177 178 Set queue name wfq weight-type bps 179 180 Set queue name priorityqueuename default-inputqueuename 181 Rate-limiting weighted fair queue to 100Kbps 182 Set ip static-routes destination-networknetaddress Delete ip static-routes destination-network netaddress183 IPMaps Settings Set ip-maps name name internal-ip ipaddressSet ip-maps name name external-ip ipaddress 184 Network Address Translation NAT Default Settings Set nat-default mode off default-server ip-passthroughSet nat-default dhcp-enable on off Set nat-default address ipaddress Network Address Translation NAT Pinhole Settings PPPoE /PPPoA Settings Set ppp module vccn restart-timer integer Set ppp module vccn port-authenticationSet ppp module vccn lost-echoes-max integer Set ppp module vccn failures-max integer Set ppp module vccn port-authentication username username Set ppp module vccn port-authentication password passwordOption off on pap-only chap-only 189 PPPoE with IPoE Settings Set wan-over-ether pppoe on offSet wan-over-ether pppoe-with-ipoe on off Set wan-over-ether ipoe-sessions 1 Ethernet Port Settings Set atm vcc n encap pppoe-llcSet ip ip-ppp vcc1 mcast-fwd on off Set ip ip-ppp vcc1 igmp-null-source-addr off on 802.3ah Ethernet OAM Settings Command Line Interface Preference Settings Set preference verbose on offSet preference more lines 193 Port Renumbering Settings Set servers web-http 1Set servers telnet-tcp 1 194 Security Settings Set security ipsec tunnels name 123 tun-enable on offSet security ﬁrewall option high medium low off Set security ipsec option off on off Set security ipsec tunnels name 123 IKE-mode DH-group 1 2 196 Set security ipsec tunnels name 123 xauth enable off on Set security ipsec tunnels name 123 xauth password passwordSet security ipsec tunnels name 123 nat-enable on off Set security ipsec tunnels name 123 xauth username username Set security ipsec tunnels name 123 local-id idvalue Set security ipsec tunnels name 123 remote-id idvalue198 199 200 Parameter Motorola Netopia Peer Gateway 201 Field Description PFS Enable 202 203 Set security state-insp tcp-timeout 30 Set security state-insp udp-timeout 30Set security state-insp dos-detect off on Set security state-insp xposed-addr exposed-address# n 205 Packet Filtering Settings 206 207 Operator 208 Snmp Settings System Settings Set system name name210 Set system idle-timeout telnet 1...120 http 1 Set system username administrator name user nameSet system password admin user Set system ftp-server option off on Sleep Contact-email string@domainname location string 212 Set system zerotouch option on off Set system zerotouch redirect-url redirection-URL213 Syslog Default syslog installation procedure 215 Wireless Settings supported models Set wireless scheduler end-time hhmin Set wireless multi-ssid option on off217 Set wireless no-bridging off on Set wireless tx-power full medium fair low minimal218 Set wireless wmm option off on 219 220 Set wireless network-id wps off on Set wireless network-id privacy pre-shared-key stringSet wireless network-id privacy default-keyid 221 Set wireless mac-auth option on off 222Example 40bit key 02468ACE02 Set radius radius-name servernamestring Set radius radius-secret sharedsecretSet radius alt-radius-name servernamestring Set radius alt-radius-secret sharedsecret Vlan Settings Set vlan name name ports port port-pbits 0 Set vlan name name ip-interface ipinterface225 226 Assign an IP interface 227 Set vlan name PPPoE11 id 228 VoIP settings supported models Set voip phone 1 2 sip-registrar-setting sip-expires-time 0Set voip phone 1 2 sip-option off on Set voip phone 1 2 sip-proxy-server servername ipaddress Set voip phone 1 2 sip-user-password password Set voip phone 1 2 sip-user-display-name nameSet voip phone 1 2 sip-user-name username Set voip phone 1 2 auth-id string Set voip phone 1 2 sip-advanced-setting sip-q-value 0 Set voip phone 1 2 sip-advanced-setting sip-qos-tos-value 0Set voip phone 1 2 sip-advanced-setting rtp-qos-tos-value 0 Set voip phone 1 2 codec G72632 priority 1 2 3 4 5 6 7 none 232 233 Set voip phone 1 sip-advanced-setting sip-dtmf-mode rfc2833 234 UPnP settings DSL Forum settings 236 TR-069 Remote Management settings Backup IP Gateway Settings Set backup option disabled manual automaticSet backup failure-timeout 1 Set backup auto-recovery off on Set ip backup-gateway option on off Set ip backup-gateway interface ip-address ppp-vccnSet ip backup-gateway default ipaddress 239 Vdsl Settings 240 241 242 Vdsl Parameters Accepted Values 243 Parameter 244 Accepted Values 245 246 Technical Specifications and Safety Information Description Agency approvals North AmericaInternational Manufacturer’s Declaration of Conformance 247Declaration for Canadian users Important Safety Instructions Australian Safety InformationTelecommunication installation cautions 248 CFR Part 68 Information 249 Electrical Safety Advisory Warranty Information250 Limited Warranty 251 Copyright Acknowledgments 252 253 Caring for the Environment by Recycling 254 255 Uw Motorola-materiaal recyclerenReciclagem do seu equipamento Motorola Återvinning av din Motorola-utrustning 256 Index 258 Shell 260