Manuals / Netopia / Computer Equipment / Network Router

Netopia R910 manual User’s Reference Guide

Models: R910

1 209

Download 209 pages 33.84 Kb

Page 140

13-140 User’s Reference Guide

The ﬁve input ﬁlters and one output ﬁlter that make up Basic Firewall are shown in the table below.

	Setting	Input ﬁlter	Input ﬁlter	Input ﬁlter	Input ﬁlter	Input ﬁlter	Output
	Setting	1	2	3	4	5	ﬁlter 1
		1	2	3	4	5	ﬁlter 1


	Enabled	Yes	Yes	Yes	Yes	Yes	Yes

	Forward	No	No	Yes	Yes	Yes	Yes

	Source IP	0.0.0.0	0.0.0.0	0.0.0.0	0.0.0.0	0.0.0.0	0.0.0.0
	address

	Source IP	0.0.0.0	0.0.0.0	0.0.0.0	0.0.0.0	0.0.0.0	0.0.0.0
	address mask

	Dest. IP	0.0.0.0	0.0.0.0	0.0.0.0	0.0.0.0	0.0.0.0	0.0.0.0
	address

	Dest. IP	0.0.0.0	0.0.0.0	0.0.0.0	0.0.0.0	0.0.0.0	0.0.0.0
	address mask

	Protocol type	TCP	TCP	ICMP	TCP	UDP	0

	Source port	No	No	N/A	No	No	N/A
	comparison	Compare	Compare		Compare	Compare

	Source port ID	0	0	N/A	0	0	N/A

	Dest. port	Equal	Equal	N/A	Greater	Greater	N/A
	comparison				Than	Than

	Dest. port ID	2000	6000	N/A	1023	1023	N/A

Basic Firewall’s ﬁlters play the following roles.

Input ﬁlters 1 and 2: These block WAN-originated OpenWindows and X-Windows sessions. Service origination requests for these protocols use ports 2000 and 6000, respectively. Since these are greater than 1023, OpenWindows and X-Windows trafﬁc would otherwise be allowed by input ﬁlter 4. Input ﬁlters 1 and 2 must precede input ﬁlter 4; otherwise they would have no effect since ﬁlter 4 would have already passed OpenWindows and X-Windows trafﬁc.

Input ﬁlter 3: This ﬁlter explicitly passes all WAN-originated ICMP trafﬁc to permit devices on the WAN to ping devices on the LAN. Ping is an Internet service that is useful for diagnostic purposes.

Input ﬁlters 4 and 5: These ﬁlters pass all TCP and UDP trafﬁc, respectively, when the destination port is greater than 1023. This type of trafﬁc generally does not allow a remote host to connect to the LAN using one of the potentially intrusive Internet services, such as Telnet, FTP, and WWW.

Output ﬁlter 1: This ﬁlter passes all outgoing trafﬁc to make sure that no outgoing connections from the LAN are blocked.

Image 140

Netopia R910 manual User’s Reference Guide

Contents

Netopia R910 Ethernet Router for DSL and Cable Modems User’s Reference GuidePrinted Copies CopyrightPart Number Contents Features and capabilitiesHow to use this guide Chapter 2 - Setting Up Internet ServicesConnecting a console cable to your router Chapter 7 - Easy SetupEasy Setup console screens Accessing the Easy Setup console screensDHCP NetBIOS Options VPN Default Answer ProﬁleInstalling Dial-Up Networking Installing the VPN ClientThe SNMP Setup screen Telnet accessChapter 12 - Monitoring Tools 12-109Chapter 14 - Utilities and Diagnostics Factory defaultsAppendix A - Troubleshooting Conﬁguration problemsUsing address serving Exported servicesAppendix F - Technical Speciﬁcations and Safety Power requirementsFeatures and capabilities “Features and capabilities” on page “How to use this guide” on pageChapter Introduction OverviewHow to use this guide 1-10 User’s Reference GuideChapter Setting Up Internet Services Setting Up Internet ServicesDeciding on an ISP account DSL and cable modemsLocal LAN IP address information to obtain 2-12 User’s Reference GuideWith Network Address Translation Without Network Address Translation“Identify the connectors and attach the cables” on page Chapter Making the Physical ConnectionsFind a location Making the Physical Connections3-14 User’s Reference Guide Identify the connectors and attach the cablesWhat you need Making the Physical Connections Netopia R910 Ethernet Router back panel portsyour router” on page 8 9 10 12 13 14 15 16 Netopia R910 Ethernet Router status lights3-16 User’s Reference Guide Chapter Connecting to Your Local Area Network Connecting to Your Local Area Network“Connecting to an Ethernet network” on page Network ModelAfter Readying computers on your local network4-18 User’s Reference Guide Connecting to Your Local Area Network Application software TCP/IP stack Ethernet/EtherTalk Driver Your PC4-20 User’s Reference Guide Connecting to an Ethernet network10Base-T The Netopia R910 in a 10Base-T network with a hub Connecting to Your Local Area NetworkThe Netopia R910 in a 10Base-T network 4-22 User’s Reference Guide Chapter Configuring TCP/IP Hardware and operating system requirementsConﬁguring TCP/IP “Hardware and operating system requirements” on pageDynamic conﬁguration recommended Conﬁguring TCP/IP on Windows 95 or5-24 User’s Reference Guide Static conﬁguration optional Conﬁguring TCP/IPDynamic conﬁguration recommended Conﬁguring TCP/IP on a Macintosh Computer5-26 User’s Reference Guide 1. Go to the Apple menu. Select Conﬁguring TCP/IPStatic conﬁguration optional Dynamic conﬁguration using MacIP optional 5-28 User’s Reference GuideConﬁguring TCP/IP 5-30 User’s Reference Guide “Connecting through a Telnet session” on page “Connecting a console cable to your router” on pageChapter Console-Based Management Console-Based ManagementConnecting through a Telnet session Upgrade feature set. See “Upgrade feature set” on page6-32 User’s Reference Guide Filter sets ﬁrewalls. See “About ﬁlters and ﬁlter sets” on pageConsole-Based Management Connecting a console cable to your routerConﬁguring Telnet software Navigating through the console screens 6-34 User’s Reference GuideChapter Easy Setup Easy Setup console screensAccessing the Easy Setup console screens Easy SetupSee Appendix A, “Troubleshooting,” for more suggestions 7-36 User’s Reference GuideQuick Easy Setup connection path If your ISP supports DHCPIf your ISP doesn’t support DHCP Easy SetupFor more Easy Setup options see “More Easy Setup options” on page 7-38 User’s Reference GuideEasy Setup More Easy Setup optionsWAN Ethernet Conﬁguration IP Easy Setup 7-40 User’s Reference GuideEasy Setup Security Conﬁguration Easy Setup1. Select RESTART DEVICE. A prompt asks you to conﬁrm your choice 7-42 User’s Reference GuideEasy Setup is now complete Chapter WAN and System Configuration “System conﬁguration features” on pageWAN conﬁguration WAN and System ConﬁgurationSystem conﬁguration screens 8-44 User’s Reference GuideNavigating through the system conﬁguration screens WAN and System ConﬁgurationSystem conﬁguration features 8-46 User’s Reference GuideIP setup Filter sets ﬁrewallsIP address serving Date and timeUpgrade feature set Console conﬁgurationSNMP Simple Network Management Protocol SecurityLogging WAN and System ConﬁgurationInstalling the Syslog client 8-50 User’s Reference GuideChapter IP Setup and Network Address Translation Network Address Translation featuresIP Setup and Network Address Translation “Network Address Translation features” on page9-52 User’s Reference Guide HOW NAT WORKS With NAT ISP 163.167.132.1 Without NATor corporate intranet router 192.168.1.100 192.168.1.102 192.168.1.103 192.168.1.104 192.168.1.105IP Setup and Network Address Translation Using Network Address TranslationNote See “Associating port numbers with nodes” on page 9-54 User’s Reference Guide IP Setup and Network Address Translation Associating port numbers with nodesNetwork Address Translation guideline 9-56 User’s Reference Guide IP setupIP Setup and Network Address Translation 9-58 User’s Reference Guide Select Add Export. The Add Exported Service screen appearsCANCEL Exports, Add Export, and Delete ExportIP Setup and Network Address Translation Select Service. A pop-up menu of services and ports appearsIP subnets 9-60 User’s Reference GuideIP Setup and Network Address Translation For examplepage Static routes9-62 User’s Reference Guide Viewing static routes IP Setup and Network Address Translation9-64 User’s Reference Guide Adding a static routeRules of static route installation Modifying a static routeDeleting a static route IP Setup and Network Address TranslationIP address serving 9-66 User’s Reference GuideServe DHCP Clients Serve BootP Clients Serve Dynamic WAN Clients IP Setup and Network Address Translation Follow these steps to conﬁgure IP Address ServingIP Address Pools 9-68 User’s Reference GuideIP Setup and Network Address Translation Numerous factors inﬂuence the choice of served address. It is difﬁcult to specify the address that will be served to a particular client in all circumstances. However, when the address server has been conﬁgured, and the clients involved have no prior address serving interactions, the Netopia R910 will generally serve the ﬁrst unused address from the ﬁrst address pool with an available address. The Netopia R910 starts from the pool on the ﬁrst row and continues to the pool on the last row of this screenDHCP NetBIOS Options 9-70 User’s Reference GuideIP Setup and Network Address Translation You have ﬁnished your IP setup 9-72 User’s Reference GuideSelect Release BootP Leases and press Return “VPN Default Answer Proﬁle” on page “VPN QuickView” on page “Installing the VPN Client” on page “About ATMP Tunnels” on pageChapter Virtual Private Networks VPN Virtual Private Networks VPN10-74 User’s Reference Guide Transi t In t ern etwor k“About PPTP Tunnels” on page “About IPsec Tunnels” on page “About ATMP Tunnels” on pageSummary Virtual Private Networks VPN10-76 User’s Reference Guide PPTP configurationAbout PPTP Tunnels Note Proﬁles using PPTP do not offer a Telco Options screen Virtual Private Networks VPN10-78 User’s Reference Guide Virtual Private Networks VPN Encryption SupportMS-CHAP V2 and strong encryption 10-80 User’s Reference Guide ConfigurationAbout IPsec Tunnels Virtual Private Networks VPN The Add Connection Proﬁle screen appears10-82 User’s Reference Guide IP Profile Parameters Virtual Private Networks VPNAdvanced IP Profile Options 10-84 User’s Reference GuideVPN Default Answer Profile Virtual Private Networks VPN10-86 User’s Reference Guide Interoperation with other featuresVPN QuickView Virtual Private Networks VPN Proﬁle Name Lists the name of the Connection Proﬁle being used, if any10-88 User’s Reference Guide Installing Dial-Up NetworkingDial-Up Networking for VPN Creating a new Dial-Up Networking profile Virtual Private Networks VPNConfiguring a Dial-Up Networking profile 10-90 User’s Reference Guide4. Click the TCP/IP Settings button Virtual Private Networks VPNInstalling the VPN Client Windows 95 VPN installationWindows 98 VPN installation 10-92 User’s Reference GuideConnecting using Dial-Up Networking Virtual Private Networks VPN10-94 User’s Reference Guide ATMP configurationAbout ATMP Tunnels Note Proﬁles using ATMP do not offer a Telco Options screen Virtual Private Networks VPN10-96 User’s Reference Guide Virtual Private Networks VPN “PPTP example” on page “ATMP example” on page Allowing VPNs through a Firewall10-98 User’s Reference Guide Display/Change Input Filter screen PPTP exampleVirtual Private Networks VPN 10-100 User’s Reference Guide Virtual Private Networks VPN 0.0.0.00.0.0.0 0.0.0.0ATMP example 10-102 User’s Reference GuideVirtual Private Networks VPN 10-104 User’s Reference Guide 0.0.0.00.0.0.0 0.0.0.0Chapter PPP over Ethernet PPP over Ethernet11-106 User’s Reference Guide PPP Ethernet LAN Reconfiguration ConfigurationThe Netopia R910 offers the ability for PPP to reconﬁgure the router’s Ethernet LAN when establishing an unnumbered, non-NAT connection PPP over EthernetQuick View 11-108 User’s Reference GuideChapter Monitoring Tools Quick View status overviewMonitoring Tools “Quick View status overview” on page “Statistics & Logs” on page12-110 User’s Reference Guide General statusStatus lights Monitoring Tools Statistics & LogsGeneral Statistics Event histories 12-112 User’s Reference GuidePhysical Interface Network InterfaceMonitoring Tools WAN Event HistoryDevice Event History Routing tables 12-114 User’s Reference GuideIP routing table Monitoring ToolsServed IP Addresses 12-116 User’s Reference GuideSystem Information Monitoring Tools12-118 User’s Reference Guide The SNMP Setup screenSNMP Monitoring Tools SNMP trapsCommunity strings Setting the IP trap receivers 12-120 User’s Reference GuideViewing IP trap receivers Modifying IP trap receiversDeleting IP trap receivers Monitoring Tools12-122 User’s Reference Guide “Telnet access” on page “About ﬁlters and ﬁlter sets” on page Chapter SecuritySuggested security measures User accountsProtecting the conﬁguration screens 13-124 User’s Reference GuideProtecting the Security Options screen Telnet access SecurityAbout ﬁlters and ﬁlter sets What’s a ﬁlter and what’s a ﬁlter set?How ﬁlter sets work 13-126 User’s Reference GuideFilter priority Securitypacket first filter match? send to next filter yes pass or discard? discard delete passHow individual ﬁlters work 13-128 User’s Reference GuideA ﬁlter’s actions A ﬁltering ruleParts of a ﬁlter Port numbersPort number comparisons SecurityPutting the parts together 13-130 User’s Reference GuideOther ﬁlter attributes Filtering example #1 SecurityFiltering example #2 Design guidelines13-132 User’s Reference Guide An approach to using ﬁlters Working with IP ﬁlters and ﬁlter setsDisadvantages of ﬁlters SecurityAdding a ﬁlter set 13-134 User’s Reference GuideNaming a new ﬁlter set SecurityAdding ﬁlters to a ﬁlter set 13-136 User’s Reference GuideInput and output ﬁlters-source and destination 1. To make the ﬁlter active in the ﬁlter set, select Enabled and toggle it to Yes. If Enabled is toggled to No, the ﬁlter can still exist in the ﬁlter set, but it will have no effect SecurityViewing ﬁlter sets 13-138 User’s Reference GuideViewing ﬁlters Modifying ﬁltersModifying ﬁlter sets Deleting a ﬁlter setA sample IP ﬁlter set Security13-140 User’s Reference Guide Possible modiﬁcations Security13-142 User’s Reference Guide Firewall tutorial General ﬁrewall terms Basic IP packet componentsBasic protocol types SecurityFirewall design rules 13-144 User’s Reference GuideExample TCP/UDP Ports Firewall LogicBinary representation Logical AND functionImplied rules SecurityFilter basics 13-146 User’s Reference GuideEstablished connections Example IP ﬁlter set screenExample ﬁlters Incoming Packet FilterNetopia InternetExample 13-148 User’s Reference GuideExample Example SecurityExample 13-150 User’s Reference Guide Security RADIUS client configurationRADIUS Client Support 13-152 User’s Reference Guide RADIUS Server Authentication PortRADIUS then Local Local then RADIUSAdvanced Security Options be unable to configure this device unless a Radius Server isSecurity 13-154 User’s Reference Guide Chapter Utilities and Diagnostics Utilities and Diagnostics“Factory defaults” on page “Ping” on page “Trace Route” on page “Telnet client” on pagePing 14-156 User’s Reference GuideUtilities and Diagnostics Trace Route 14-158 User’s Reference GuideTelnet client Utilities and DiagnosticsFactory defaults Disconnect Telnet console sessionTransferring conﬁguration and ﬁrmware ﬁles with TFTP 14-160 User’s Reference GuideUpdating ﬁrmware Utilities and DiagnosticsGET WAN MODULE FIRMWARE FROM SERVER Config File Name GET CONFIG FROM SERVER SEND CONFIG TO SERVERDownloading conﬁguration ﬁles 14-162 User’s Reference GuideUtilities and Diagnostics Uploading conﬁguration ﬁlesTransferring conﬁguration and ﬁrmware ﬁles with XMODEM 14-164 User’s Reference Guide Updating ﬁrmwareUploading conﬁguration ﬁles Utilities and DiagnosticsDownloading conﬁguration ﬁles Restarting the system 14-166 User’s Reference GuideAppendix A Troubleshooting Conﬁguration problemsTroubleshooting A-167 “Conﬁguration problems” on page A-167Console connection problems Network problemsProblems communicating with remote IP hosts Local routing problemsHow to reset the router to factory defaults Power outagesReset Switch Slot Troubleshooting A-169How to reach us Technical supportA-170 User’s Reference Guide Before contacting NetopiaOnline Technical Support Troubleshooting A-171Online product information A-172 User’s Reference Guide What is IP? “What is IP?” on page B-173 “About IP addressing” on page B-173Appendix B Understanding IP Addressing About IP addressingSubnets and subnet masks B-174 User’s Reference GuideSubnet masks Example Using subnets on a Class C IP internetUnderstanding IP Addressing B-175 B-176 User’s Reference Guide Network conﬁgurationCustomer Site A ISP NetworkExample Working with a Class C subnet Distributing IP addressesUnderstanding IP Addressing B-177 BackgroundTechnical note on subnet masking B-178 User’s Reference GuideNetopia R910 DHCP server characteristics ConﬁgurationUnderstanding IP Addressing B-179 DHCP address servingUsing address serving Manually distributing IP addressesTips and rules for distributing IP addresses B-180 User’s Reference GuideUnderstanding IP Addressing B-181 A DHCP example Nested IP subnetsB-182 User’s Reference Guide Understanding IP Addressing B-183 InternetB-184 User’s Reference Guide Understanding IP Addressing B-185 BroadcastsPacket header types B-186 User’s Reference Guide Appendix C Understanding Netopia NAT Behavior Network conﬁgurationBackground ISP NetworkC-188 User’s Reference Guide Understanding Netopia NAT Behavior C-189 Workstation AC-190 User’s Reference Guide WorkstationsExported services Understanding Netopia NAT Behavior C-191Important notes C-192 User’s Reference GuideUnderstanding Netopia NAT Behavior C-193 ConﬁgurationSummary C-194 User’s Reference GuideAppendix D Binary Conversion Table Binary Conversion Table D-195D-196 User’s Reference Guide DecimalBinary DecimalAppendix E Further Reading Further Reading E-197E-198 User’s Reference Guide Further Reading E-199 E-200 User’s Reference Guide Appendix F Technical Specifications and Safety Information Power requirementsTechnical Speciﬁcations and Safety Information F-201 DescriptionDeclaration for Canadian users Regulatory noticesF-202 User’s Reference Guide Important safety instructions Technical Speciﬁcations and Safety Information F-203Telecommunication installation cautions BatteryF-204 User’s Reference Guide Index-205 IndexNumerics Index-206 Index-207 13-131 Index-208Index-209