Asus RX3042H User Manual Download Page 17

Page: 17 / 129

RX3042H User's Manual

Getting to Know RX3042H

ACL is a very appropriate measure for providing isolation of one

subnet from another. It can be used as the ﬁrst line of defense in

the network to block inbound packets of specific types from ever

reaching the protected network.
The RX3042H Firewallʼs ACL methodology supports:

• Filtering based on destination and source IP address, port

number and protocol
• Use of the wild card for composing ﬁlter rules
• Filter Rule priorities

2.3.2.3 Defense against DoS Attacks

The RX3042H Firewall has an Attack Defense Engine that protects

internal networks from known types of Internet attacks. It provides

automatic protection from Denial of Service (DoS) attacks such

as SYN flooding, IP smurfing, LAND, Ping of Death and all re-

assembly attacks. For example, the RX3042H Firewall provides

protection from “WinNuke”, a widely used program to remotely

crash unprotected Windows systems in the Internet. The RX3042H

Firewall also provides protection from a variety of common Internet

attacks such as IP Spoofing, Ping of Death, Land Attack, and

Reassembly attacks.
The type of attack protections provided by the RX3042H is listed in

Table 2.1.

Table 2.1. DoS Attacks

Type of Attack

Name of Attacks

Re-assembly Attacks

Bonk, Boink, Teardrop ( New Tear),

Overdrop, Opntear, Syndrop, Jolt, IP

fragmentation overlap.

ICMP Attacks

Ping of Death, Smurf, Twinge

Flooders

Logging only for ICMP Flooder, UDP

Flooder, SYN Flooder

Port Scans

Logging only for TCP SYN Scan,

Attacking packets dropped: TCP

XMAS Scan, TCP Null Scan, TCP

Stealth Scan

Protection with PF Rules

Echo-Chargen, Ascend Kill

Miscellaneous Attacks

IP Spooﬁng, LAND, Targa, Winnuke

Summary of Contents for RX3042H

Page 1: ...RX3042H User s Manual Revision 0 8 May 12 2005 ...

Page 2: ...2 ...

Page 3: ...eatures 3 2 3 Software Features 3 2 3 1 NAT Features 3 2 3 2 Firewall Features 4 2 3 2 1 Stateful Packet Inspection 4 2 3 2 2 Packet Filtering ACL Access Control List 4 2 3 2 3 Defense against DoS Attacks 5 2 3 2 4 Application Level Gateway ALG 6 2 3 2 5 Log 6 2 4 Finding Your Way Around 7 2 4 1 Front Panel 7 2 4 2 Rear Panel 8 2 4 3 Bottom View 9 2 5 Placement Options 9 2 5 1 Desktop Placement 9 ...

Page 4: ...15 3 2 5 Windows NT 4 0 workstations 16 3 2 6 Assigning static IP addresses to your PCs 17 3 3 Part 3 Quick Conﬁguration of the RX3042H 19 3 3 1 Setting Up the RX3042H 19 3 3 2 Testing Your Setup 21 3 3 3 Default Router Settings 21 4 Using the Conﬁguration Manager 23 4 1 Log into the Conﬁguration Manager 23 4 2 Functional Layout 24 4 2 1 Menu Navigation 25 4 2 2 Commonly Used Buttons and Icons 25 ...

Page 5: ...guring Static IP for WAN or DMZ 38 5 2 6 PPTP 39 5 2 6 1 WAN PPTP Conﬁguration Parameters 39 5 2 6 2 Conﬁguring PPTP for WAN 41 5 3 WAN Load Balancing and Line Back Up 41 5 3 1 WAN Load Balancing and Line Back Up Conﬁguration Parameters 42 5 3 2 Setting Up WAN Load Balancing 43 5 3 3 Setting Up WAN Line Back Up 44 6 DHCP Server Conﬁguration 45 6 1 DHCP Dynamic Host Control Protocol 45 6 1 1 What i...

Page 6: ...onﬁguration Parameters 54 7 2 2 Conﬁguring RIP 55 7 3 Static Route 56 7 3 1 Static Route Conﬁguration Parameters 56 7 3 2 Adding Static Routes 57 7 3 3 Deleting Static Routes 58 7 3 4 Viewing the Static Routing Table 58 8 Conﬁguring DDNS 59 8 1 DDNS Conﬁguration Parameters 60 8 2 Conﬁguring HTTP DDNS Client 60 9 Conﬁguring Firewall and NAT 63 9 1 Firewall Overview 63 9 1 1 Stateful Packet Inspecti...

Page 7: ...eters 70 9 5 Conﬁguring ACL Rules Firewall ACL 74 9 5 1 Add an ACL Rule 75 9 5 2 Modify an ACL Rule 76 9 5 3 Delete an ACL Rule 77 9 5 4 Display ACL Rules 77 9 6 Conﬁguring Self Access ACL Rules Firewall NAT Self Access ACL 77 9 6 1 Add a Self Access Rule 78 9 6 2 Modify a Self Access Rule 79 9 6 3 Delete a Self Access Rule 79 9 6 4 View Conﬁgured Self Access Rules 80 9 7 Conﬁgure Virtual Server 8...

Page 8: ...ers 94 10 5 2 Conﬁguring SNMP 94 10 6 Log Setup 95 10 6 1 Setting Up Remote Logging Using a Syslog Server 95 10 6 2 View the System Log 96 10 7 System Conﬁguration Management 95 10 7 1 Restore System Conﬁguration to Factory Default Settings 96 10 7 2 Backup System Conﬁguration 98 10 7 3 Restore System Conﬁguration 99 10 8 Firmware Upgrade 101 10 9 Restart System 103 10 10 Logout Conﬁguration Manag...

Page 9: ...ypical Conﬁguration Manager Page 25 Figure 4 3 System Status Page 26 Figure 5 1 Network Setup Conﬁguration LAN Conﬁguration 28 Figure 5 2 Network Setup Conﬁguration Page WAN Conﬁgura tion 30 Figure 5 3 WAN PPPoE Conﬁguration 30 Figure 5 4 WAN PPPoE Unnumbered Conﬁguration 33 Figure 5 5 WAN Dynamic IP DHCP client Conﬁguration 36 Figure 5 6 WAN Static IP Conﬁguration 37 Figure 5 7 WAN PPTP Conﬁgurat...

Page 10: ...Conﬁguration Example 76 Figure 9 6 Sample ACL List Table 76 Figure 9 7 Self Access ACL Conﬁguration Page 78 Figure 9 8 Self Access ACL Conﬁguration Example 79 Figure 9 9 Virtual Server Conﬁguration Page 80 Figure 9 10 Virtual Server Deployment Topology 83 Figure 9 11 Virtual Server Example 1 Web Server 84 Figure 9 12 Adding a New Service 84 Figure 9 13 Virtual Server Example 2 FTP Server 85 Figure...

Page 11: ...ure 10 17 Selecting Firmware from the File Manager 102 Figure 10 18 Firmware Upgrade Conﬁrmation 102 Figure 10 19 Firmware Upgrade Progress 102 Figure 10 20 System Reboot Count Down Timer for Firmware Upgrade 103 Figure 10 21 Restart System Page 104 Figure 10 22 Conﬁguration Manager Logout Page 104 Figure 10 23 Conﬁrmation for Closing Browser IE 104 Figure 12 1 Using the ping Utility 111 Figure 12...

Page 12: ...Conﬁguration Parameters 49 Table 7 1 Static Route Conﬁguration Parameters 54 Table 7 2 Static Route Conﬁguration Parameters 56 Table 8 1 DDNS Conﬁguration Parameters 60 Table 9 1 Firewall Options Parameters 67 Table 9 2 DoS Attack Deﬁnition 68 Table 9 3 ACL Rule Conﬁguration Parameters 71 Table 9 4 Service Conﬁguration Parameters 73 Table 9 5 Virtual Server Conﬁguration Parameters 81 Table 9 6 Por...

Page 13: ...Internet access for your LAN Automatic network address assignment through DHCP Server Services including IP route DNS and DDNS conﬁguration Conﬁguration program accessible via a web browser such as Microsoft Internet Explorer 6 0 or newer User conﬁguration dual WAN or WAN plus DMZ support USB storage support to be supported with firmware upgrade 1 2 System Requirements In order to use the RX3042H ...

Page 14: ...nstance System Network Setup means click the System menu and then click the Network Setup submenu 1 3 2 Typographical conventions Boldface type text is used for items you select from menus and drop down lists and text strings you type when prompted by the program 1 3 3 Special messages This document uses the following icons to call your attention to speciﬁc instructions or explanations Note Provid...

Page 15: ...ave the cost of multiple connections required for the hosts on the LAN segments connected to it This feature conceals network address and prevents them from becoming public It maps unregistered IP address of hosts connected to the LAN with valid ones for Internet access RX3042H also provides reverse NAT capability which enables users to host various services such as e mail servers web servers etc ...

Page 16: ...et Filtering ACL Defense against Denial of Service Attacks Log 2 3 2 1 Stateful Packet Inspection The RX3042H Firewall uses stateful packet inspection that extracts state related information required for the security decision from the packet and maintains this information for evaluating subsequent connection attempts It has awareness of application and creates dynamic sessions that allow dynamic c...

Page 17: ...IP smurfing LAND Ping of Death and all re assembly attacks For example the RX3042H Firewall provides protection from WinNuke a widely used program to remotely crash unprotected Windows systems in the Internet The RX3042H Firewall also provides protection from a variety of common Internet attacks such as IP Spoofing Ping of Death Land Attack and Reassembly attacks The type of attack protections pro...

Page 18: ...feasible to create policies for numerous applications dynamically at the same time without compromising security intelligence in the form of Application Level Gateways ALG is built to parse packets for applications and open dynamic associations The RX3042H NAT provides a number of ALGs for popular applications such as FTP and Netmeeting 2 3 2 5 Log Events in the network that could be attempts to a...

Page 19: ...OFF No link is detected Green ON 100Mbps link is detected Blinking 100Mbps activity is detected Amber ON 10Mbps link is detected Blinking 10Mbps activity is detected 5 LAN Identiﬁes the LAN port 1 4 OFF No link is detected Green ON 100Mbps link is detected Blinking 100Mbps activity is detected Amber ON 10Mbps link is detected Blinking 10Mbps activity is detected 2 4 Finding Your Way Around 2 4 1 F...

Page 20: ...s Connect to your WAN device such as ADSL or cable modem 8 USB USB Ports connect to USB 1 1 OR 2 0 devices 9 Console 10 RESET Reset Button 1 Reboot the device 2 Reset the system conﬁguration to factory defaults if pressed for more than 5 seconds 11 POWER Power Input Jack Connect to the supplied AC adapter 2 4 2 Rear Panel The rear panel contains the ports for the unitʼs data and power connections ...

Page 21: ...ferent orientations front panel up rear panel up left side up or right side up 2 5 Placement Options Depending on your environment you may choose one of the three supported placement options for RX3042H desktop placement magnet mount and wall mount 2 5 1 Desktop Placement You may place RX3042H on any flat surface The space saving design of RX3042H occupies only a small area on your desk 2 5 2 Wall...

Page 22: ... the following ﬁgures The wall mount design supports 4 different orientations rear side up rear side down rear side to the left and rear side to the right Screw Wall mount slot Line up the wall amount slot with both screws Maneuver the router so that both screws are inserted into the wall mount slots and then slowly push the router downward as shown in the above ﬁgure Wall mount slot Screw ...

Page 23: ... ISP These instructions provide a basic conﬁguration that should be compatible with your home or small ofﬁce network setup Refer to the subsequent chapters for additional conﬁguration instructions 3 1 Part 1 Connecting the Hardware In Part 1 you connect the device to an ADSL or a cable modem which in turn is connected to a phone jack or a cable outlet the power outlet and your computer or network ...

Page 24: ...or instructions and the other to the Ethernet switch port labeled 1 4 on the RX3042H Note that either the crossover or straight through Ethernet cable can be used to connect the built in switch and computers hubs or switches as the built in switch is smart enough to make connections with either type of cables 3 1 3 Step 3 Attach the AC adapter Attach the AC adapter to the POWER input jack on the b...

Page 25: ...f the LEDs illuminate as expected the RX3042H is working properly 3 2 Part 2 Conﬁguring Your Computers Part 2 of the Quick Start Guide provides instructions for conﬁguring the network settings on your computers to work with the RX3042H 3 2 1 Before you begin By default the RX3042H automatically assigns all required network settings e g IP address DNS server IP address default gateway IP address to...

Page 26: ...btain DNS server address automatically 6 Click OK button twice to conﬁrm your changes and close the Control Panel 3 2 3 Windows 2000 PCs First check for the IP protocol and if necessary install it 1 In the Windows task bar click the Start button point to Settings and then click Control Panel 2 Double click the Network and Dial up Connections icon 3 In the Network and Dial up Connections window rig...

Page 27: ...ternet Protocol TCP IP Properties dialog box click the radio button labeled Obtain an IP address automatically Also click the radio button labeled Obtain DNS server address automatically 12 Click OK button twice to conﬁrm and save your changes and then close the Control Panel 3 2 4 Windows 95 98 and ME PCs 1 In the Windows task bar click the Start button point to Settings and then click Control Pa...

Page 28: ...button 9 In the TCP IP Properties dialog box click the radio button labeled Obtain an IP address automatically 10 In the TCP IP Properties dialog box click the Default Gateway tab Enter 192 168 1 1 the default LAN port IP address of the RX3042H in the New gateway address ﬁeld and click Add button to add the default gateway entry 11 Click OK button twice to confirm and save your changes and then cl...

Page 29: ...nﬁgure the PCs to accept IP addresses assigned by the RX3042H 7 Open the Control Panel window and then double click the Network icon 8 In the Network dialog box click the Protocols tab 9 In the Protocols tab select TCP IP and then click Properties button 10 In the Microsoft TCP IP Properties dialog box click the radio button labeled Obtain an IP address from a DHCP server 11 Click OK button twice ...

Page 30: ...resses for the computer DNS server and default gateway click the radio buttons that enable you to enter the information manually Note Your PCs must have IP addresses that place them in the same subnet as the RX3042Hʼs LAN port If you manually assign IP information to all your LAN PCs you can follow the instructions in Chapter 5 to change the LAN port IP address accordingly 3 3 Part 3 Quick Conﬁgur...

Page 31: ...may want to check if your PC is conﬁgured to accept IP address assignment from the RX3042H Another method is to set the IP address of your PC to any IP address in the 192 168 1 0 network such as 192 168 1 2 14 Enter your username and password and then click OK to enter the Conﬁguration Manager The ﬁrst time you log into this program use these defaults Default Username admin Default Password admin ...

Page 32: ...Testing Your Setup At this point the RX3042H should enable any computers on your LAN to use the RX3042Hʼs ADSL or cable modem connection to access the Internet To test the Internet connection open your web browser and type the URL of any external website such as http www asus com The LED labeled WAN should be blinking rapidly and may appear solid as the device connects to the site You should also ...

Page 33: ...ssistance Before you modifying any settings review Chapter 4 for general information about accessing and using the Conﬁguration Manager program We strongly recommend that you contact your ISP prior to changing the default conﬁguration Table 3 2 Default Settings Summary Option Default Setting Explanation Instruction DHCP Dynamic Host Conﬁguration Protocol DHCP server enabled with the following pool...

Page 34: ......

Page 35: ...ation Manager program is preinstalled on the RX3042H To access the program you need the following A computer connected to the LAN or WAN port on the RX3042H as described in the Quick Start Guide chapter A web browser installed on the computer The program is designed to work best with Microsoft Internet Explorer 6 0 or later You may access the program from any computer connected to the RX3042H via ...

Page 36: ... System Information page displays every time you log into the Conﬁguration Manager shown in Figure 4 3 on page 20 4 2 Functional Layout Typical Typical Configuration page consists of several elements banner menu menu navigation tips configuration and on line help You can click on any menu item to expand contract any menu groups or to access a speciﬁc conﬁguration page The conﬁguration pane is wher...

Page 37: ...s The following buttons or icons are used throughout the application The following table describes the function for each button or icon Table 4 1 Description of Commonly Used Bottons and Icons Button Function Stores any changes you have made on the current page Adds the existing conﬁguration to the system e g a static route or a ﬁrewall ACL rule and etc Modiﬁes the existing conﬁguration in the sys...

Page 38: ...Overview of System Conﬁguration To view the overall system conﬁguration log into the Conﬁguration Manager or click the Status menu if you have already logged on Figure 4 3 shows sample information available in the System Status page Figure 4 3 System Status Page ...

Page 39: ...ique IP address to each device residing on your LAN The LAN IP address that identifies the RX3042H as a node on your network must be in the same subnet as the PCs on your LAN The default LAN IP address for the RX3042H is 192 168 1 1 Deﬁnition A network node can be thought of as any interface where a device connects to the network such as the RX3042Hʼs LAN port and the network interface cards on yo...

Page 40: ... whole and which parts refer speciﬁcally to nodes on the network Your device is preconﬁgured with a default subnet mask of 255 255 255 0 5 1 3 Conﬁguring the LAN IP Address Follow these steps to change the default LAN IP address 1 Open the Connection conﬁguration page as shown in Figure 5 1 by clicking the Router Setup Connection menu Figure 5 1 Network Setup Conﬁguration LAN Conﬁguration 2 Option...

Page 41: ...rized zone is a host or a small network that sits between a trusted internal network such as a corporate private LAN and an untrusted external network such as the Internet Typically the DMZ contains devices accessible to the Internet trafﬁc such as Web servers FTP servers SMTP e mail servers and DNS servers The DMZ contains no corporate confidential information In the event that the DMZ is comprom...

Page 42: ...uter Setup RX3042H User s Manual 30 Figure 5 2 Network Setup Conﬁguration Page WAN Conﬁguration 5 2 2 PPPoE PPPoE connection is most often used by ADSL service providers Figure 5 3 WAN PPPoE Conﬁguration ...

Page 43: ... provided by your ISP Service name is optional but may be required by some ISP AC Name Enter the access concentrator name provided by your ISP Access concentrator name is optional but may be required by some ISPs IP Address If your ISP allows you to always obtain the same IP address for your WAN enter it here Primary Secondary DNS Server IP address of the primary and or secondary DNS are optional ...

Page 44: ...u 2 Select which WAN port WAN1 WAN2 to conﬁgure for PPPoE connection mode 3 Select PPPoE from the WAN Connection Mode drop down list as shown in Figure 5 3 4 Select PPPoE session ID from the PPPoE session ID drop down list Currently two sessions are supported for each WAN port 5 Enter the service name if required by your ISP 6 Optional Enter the service name and or AC name if required by your ISP ...

Page 45: ...m 546 to 1492 The default value is 1492 10 Enter appropriate connection settings for Disconnect after Idle min and Connect on Demand 11 Click Apply to save the settings 5 2 3 PPPoE Unnumbered Some of the ADSL service providers may offer PPPoE unnumbered service Choose this connection mode if your ISP provides such service ...

Page 46: ... Enable NAPT Check or uncheck this box to enable NAPT for this connection User Name and Password Enter the username and password you use to log into your ISP Note this is different from the information you used to log into Conﬁguration Manager Service Name Enter the service name provided by your ISP Service name is optional but may be required by some ISPs AC Name Enter the access concentrator nam...

Page 47: ...ect to your ISP using PPPoE unnumbered connection mode Manual Disconnect Connect Click the Disconnect or Connect button to disconnect or connect using the PPPoE unnumbered connection mode 5 2 3 2 Conﬁguring PPPoE Unnumbered for WAN Follow the instructions below to configure PPPoE unnumbered settings 1 Open the Network Setup configuration page by clicking the Router Setup Connection menu 2 Select w...

Page 48: ...wn in Figure 5 5 Note that the IP addresses for the primary and or the secondary DNS servers are automatically assigned secondary DNS servers if you want to use your preferred DNS servers otherwise skip this step 9 Optional Change the MTU value if necessary If you do not know what value to enter leave it as is For dynamic IP connection mode the range of MTU is from 546 to 1492 The default value is...

Page 49: ...2 5 Static IP Figure 5 6 WAN Static IP Conﬁguration 5 2 5 1 WAN or DMZ Static IP Conﬁguration Parameters Table 5 4 describes the conﬁguration parameters available for static IP connection mode Table 5 4 WAN Static IP Conﬁguration Parameters Setting Description Link Select a port to conﬁgure Available options are WAN1 WAN2 or WAN DMZ Connection Mode Select Static from the connection mode drop down ...

Page 50: ...e Network Setup configuration page by clicking the Router Setup Connection menu 2 Select which WAN port WAN1 WAN2 or DMZ port to conﬁgure for static connection mode 3 Select Static from the Connection Mode drop down list as shown in Figure 5 6 4 Enter WAN IP address in the IP Address ﬁeld This information should be provided by your ISP 5 Enter Subnet Mask for the WAN This information should be pro...

Page 51: ... the WAN IP is a fixed IP provided by your ISP IP Address Enter the WAN IP address provided by your ISP Subnet Mask Enter the subnet mask for the WAN IP provided by your ISP Gateway Address Enter the gateway IP address for the WAN provided by your ISP Dynamic DHCP Select this connection mode if your WAN IP address is obtained automatically from your ISPʼs DHCP server User Name and Password Enter t...

Page 52: ...tion when there is no trafﬁc A value of 0 means no activity time out Note that SNTP service may interfere with this function if there are activities from the service Status On PPTP connection is active Off No PPTP connection is active Connecting RX3042H is trying to connect to your ISP using PPTP connection mode Manual Disconnect Connect Click the Disconnect or Connect button to disconnect or conn...

Page 53: ...Enter user name and password provided by your ISP 7 Enter PPTP server IP address provided by your ISP 8 Optional Change the MTU value if necessary If you do not know what value to enter leave it as is For PPTP connection mode the range of MTU is from 546 to 1460 The default value is 1460 9 Check MPPE box if the packet is to be encrypted with this protocol 10 Enter appropriate connection settings f...

Page 54: ...option if load balancing is desired The algorithm used for the load balancing is weighted round robin Line Backup select this option if line backup is needed In the existing implementation the primary link is always set to WAN1 and the backup link is always set to WAN2 WAN1 WAN2 Bandwidth Enter the ratio of the traffic amount that you want to distribute between the WANs The number should be betwee...

Page 55: ...ctivity Check IP Address WAN1 Enter the IP address of the specific network device that the trafﬁc will pass through This ﬁeld is optional Normally you donʼt need to provide any IP address here unless you know the trafﬁc must pass a speciﬁc network device Connectivity Check IP Address WAN2 Enter the IP address of the specific network device that the trafﬁc will pass through This ﬁeld is optional No...

Page 56: ... is enabled please also enter the following a Enter the connectivity check interval b Optional Enter the connectivity check IP address for WAN1 and or WAN2 5 Click Apply to save the settings 5 3 3 Setting Up WAN Line Back Up Follow the instructions below to set up line backup 1 Open the Load Balancing configuration page by clicking the Router Setup Load Balance menu 2 Select Line Backup in the Loa...

Page 57: ...ly If you chose to have the information assigned dynamically then you conﬁgured your PCs as DHCP clients that will accept IP addresses assigned from a DCHP server such as the RX3042H The DHCP server draws from a deﬁned pool of IP addresses and leases them for a specified amount of time to your computers when they request an Internet session It monitors collects and redistributes the addresses as n...

Page 58: ...pen the DHCP Server Conﬁguration page shown in Figure 6 1 by clicking Advanced DHCP Server menu Figure 6 1 DHCP Server Conﬁguration Page 2 Enter the information for the IP Address Pool Begin End Address Subnet Mask Lease Time and Default Gateway IP Address ﬁelds others such as Primary Secondary DNS Server IP Address and Primary Secondary WINS Server IP Address are optional However it is recommende...

Page 59: ...ondary DNS Server IP Address The IP address of the Domain Name System server to be used by computers that receive IP addresses from this pool The DNS server translates common Internet names that you type into your web browser into their equivalent numeric IP addresses Typically the server s are located with your ISP However you may enter LAN IP address of the RX3042H as it will serve as DNS proxy ...

Page 60: ...ble lists any IP addresses leased and the corresponding MAC addresses Figure 6 2 DHCP Lease Table 6 1 5 Fixed DHCP Lease Fixed DHCP lease is used in situation when a ﬁxed DHCP address is desired for a host that gets IP from the DHCP server First you should conﬁgure your PCs to accept DHCP information assigned by a DHCP server 6 1 5 1 Access Fixed DHCP Conﬁguration Page Advanced DHCP Server Open th...

Page 61: ...tion parameters in detail Table 6 2 Fixed DHCP Lease Conﬁguration Parameters Field Description Fixed DHCP Lease MAC A hardware ID of the device that needs a ﬁxed IP address from the DHCP server Fixed DHCP Lease IP The IP address leased from the DHCP server Note that it is recommended that this IP address be outside of the DHCP IP pool 3 Click on the Add button to add the new ﬁxed DHCP lease entry ...

Page 62: ...es Multiple DNS addresses are useful to provide alternatives when one of the servers is down or is encountering heavy traffic ISPs typically provide primary and secondary DNS addresses and may provide additional addresses Your LAN PCs learn these DNS addresses in one of the following ways Statically If your ISP provides you with their DNS server addresses you can assign them to each PC by modifyin...

Page 63: ...4 Dynamic IP connection to the ISP the primary and secondary DNS addresses can be learned via the PPPoE protocol Using this option provides the advantage that you will not need to reconfigure the PCs or the RX3042H if the ISP changes their DNS addresses Configured on the RX3042H You can also specify the ISPʼs DNS addresses in the WAN configuration page as shown in Figure 5 3 Figure 5 4 or Figure 5...

Page 64: ...Routing RX3042H User s Manual 52 DNS address other than the LAN IP address in a DHCP pool or statically on a PC then that address will be used instead of the DNS relay address ...

Page 65: ...2H provide the most appropriate path for all your Internet trafﬁc On your LAN computers a default gateway directs all Internet traffic to the LAN port on the RX3042H Your LAN computers know their default gateway either because you assigned it to them when you modified their TCP IP properties or because you conﬁgured them to receive the information dynamically from a server whenever they access the...

Page 66: ...Page 7 2 1 RIP Conﬁguration Parameters The following table deﬁnes the available conﬁguration parameters for static routing conﬁguration Table 7 1 Static Route Conﬁguration Parameters Field Description Interface Select an interface through which the routing information is exchanged Available options are LAN WAN1 WAN2 PPPoE1 PPPoE2 PPPoE3 and PPPoE4 RIP Click the Enable or Disable radio button to en...

Page 67: ...he routing information Note that all the routers exchanging routing information must use the same authentication key Authentication Mode Select RIP authentication mode from the drop down list Two modes are supported Clear Text and MD5 Authentication Key Enter the authentication key shared by all the routers exchanging the routing information 7 2 2 Conﬁguring RIP Follow these instructions to enable...

Page 68: ...ation Parameters The following table deﬁnes the available conﬁguration parameters for static routing conﬁguration Table 7 2 Static Route Conﬁguration Parameters Field Description Destination Address Specifies the IP address of the destination computer or an entire destination network It can also be specified as all zeros to indicate that this route should be used for all destinations for which no ...

Page 69: ...router will automatically assign an interface to route the packets based on the gateway IP address 7 3 2 Adding Static Routes Figure 7 3 Static Route Conﬁguration Follow these instructions to add a static route to the routing table 1 Open the Static Route conﬁguration page by clicking the Advanced Static Route menu 2 Enter static routes information such as destination IP address destination subnet...

Page 70: ...Viewing the Static Routing Table All IP enabled computers and routers maintain a table of IP addresses that are commonly accessed by their users For each of these destination IP addresses the table lists the IP address of the ﬁrst hop the data should take This table is known as the deviceʼs routing table To view the RX3042Hʼs routing table click the Advanced Static Route menu The Routing Table dis...

Page 71: ... features Update DNS records addition when an external interface comes up Force DNS update HTTP DDNS Client HTTP DDNS client uses the mechanism provided by the popular DDNS service providers for updating the DNS records dynamically In this case the service provider updates DNS records in the DNS RX3042H uses HTTP to trigger this update RX3042H supports HTTP DDNS update with the following service p...

Page 72: ...NS Check this box to enable DDNS service otherwise keep the box unchecked Domain Name Enter the registered domain name into this ﬁeld For example If the host name of your RX3042H is host1 and the domain name is yourdomain com The fully qualify domain name FQDN is host1 yourdomain com Username Enter the username provided by your DDNS service provider in this ﬁeld Password Enter the password provide...

Page 73: ...licking Advanced DDNS Service menu 3 Select the interface that the DDNS service is to be used 4 Check Enable DDNS checkbox to enable the DDNS service 5 Enter the registered domain name in the Domain Name ﬁeld 6 Enter the username and password provided by your DDNS service provider 7 Click on Apply button to send a DNS update request to your DDNS service provider Note that DNS update request will a...

Page 74: ......

Page 75: ... is traveling for example from the LAN to the Internet or vice versa the IP address of the sending computer the destination IP address and other characteristics of the packet data If the packet matches the criteria established in a rule the packet can either be accepted forwarded towards its destination or denied discarded depending on the action speciﬁed in the rule 9 1 Firewall Overview 9 1 1 St...

Page 76: ...found or all the ACL rules are examined If no match is found the packet is dropped otherwise the packet is either dropped or forwarded based on the action deﬁned in the matched ACL rule 9 1 3 2 Tracking Connection State The stateful packet inspection engine in the firewall keeps track of the state or progress of a network connection By storing information about each connection in a state table RX3...

Page 77: ...puters to any entity outside a network Network Address Translation NAT is a mechanism for conserving registered IP addresses in large networks and simplifying IP addressing management tasks Because of the translation of IP addresses NAT also conceals true network address from privy eyes and provide a certain degree security to the local network The NAT modes supported are static NAT dynamic NAT NA...

Page 78: ...rewall RX3042H User s Manual 66 Figure 9 1 NAPT Map Any Internal PCs to a Single Global IP Address Figure 9 2 Reverse NAPT Relayed Incoming Packets to the Internal Host Base on the Protocol Port Number or IP Address ...

Page 79: ...tings Firewall NAT Settings 9 3 1 Firewall Options Table 9 1 lists the ﬁrewall options parameters Table 9 1 Firewall Options Parameters Field Description DoS Check Check or uncheck this box to enable or disable DoS check When DoS check is disabled the following functionalities are disabled Stateful packet inspection Skip all DoS attack check Default NAT Log Port Probing Connection attempt to close...

Page 80: ...oS attacks Table 9 2 DoS Attack Deﬁnition Field Description IP Source Route Intruder uses source routing in order to break into the target system IP Spooﬁng Spoofing is the creation of TCP IP packets using somebody elseʼs IP address IP spooﬁng is an integral part of many network attacks that do not need to see responses Land Attacker sends out packets to the system with the same source and destina...

Page 81: ... a sequence number of zero and all control bits are set to zero FIN scan A hacker is scanning the target system using a stealth method The goal of the hacker is to ﬁnd out if they can connect to the system without really connecting using the FIN scanning It attempts to close a non existent connection on the server Either way it is an error but systems sometimes respond with different error results...

Page 82: ... shown in Figure 9 3 by clicking on Firewall Security menu 2 Check or uncheck individual check box for each type DoS protection 3 Click Apply to save the settings Figure 9 3 Firewall General Conﬁguration Page 9 4 ACL Rule Conﬁguration Parameters 9 4 1 ACL Rule Conﬁguration Parameters Table 9 3 describes the conﬁguration parameters ﬁrewall inbound outbound and self access ACL rules ...

Page 83: ...ity Other numbers Select other numbers to indicate the priority you wish to assign to the rule Log Click on the Enable or Disable radio button to enable or disable logging for this ACL rule Action Allow Select this button to conﬁgure the rule as an allow rule This rule when bound to the Firewall will allow matching packets to pass through Deny Select this button to conﬁgure the rule as a deny rule...

Page 84: ...e on the Internet for the inbound trafﬁc or all the computers in the local network for outbound trafﬁc IP Address This option allows you to specify an IP address on which this rule will be applied IP Address Specify the appropriate network address Subnet This option allows you to include all the computers that are connected in an IP subnet When this option is selected the following ﬁelds become av...

Page 85: ...tifying the new service Protocol Select a protocol type from the drop down list Available options are All TCP UDP ICMP IGMP AH ESP and TCP UDP Port Range This option allows you to set the destination port to which this rule should apply Use the drop down list to select one of the following options Any Select this option if you want this rule to apply to all applications with an arbitrary source po...

Page 86: ...ed time exceeded 12 Parameter problem 13 Timestamp request 14 Timestamp reply 15 Info request information request 16 Info reply information reply 17 Addr mask req address mask request 18 Addr mask reply address mask reply 9 5 Conﬁguring ACL Rules Firewall ACL By creating ACL rules in the ACL conﬁguration page as shown in Figure 9 4 you can perform access control allow or deny to both the trusted a...

Page 87: ...rafﬁc originated from LAN and destined to WAN then choose LAN WAN option 3 Select Add New from the ID drop down list 4 Set desired action Allow or Deny from the Action drop down list 5 Select from the Route To drop down list if you intend to direct the trafﬁc to a speciﬁc interface Choose AUTO if you want to have RX3042H route the trafﬁc automatically 6 Choose NAT type and enter the required infor...

Page 88: ...h 1 being the highest Higher priority rules will be examined prior to the lower priority rules by the ﬁrewall 9 Click on the Add button to create the new ACL rule The new ACL rule will then be displayed in the inbound access control list table at the bottom half of the Inbound ACL Conﬁguration page Figure 9 5 illustrates how to create a rule to deny outbound HTTP trafﬁc originated from the host w ...

Page 89: ... this ACL rule will then be displayed in the inbound access control list table at the bottom half of the Inbound ACL Conﬁguration page 9 5 3 Delete an ACL Rule To delete an inbound ACL rule click on the in front of the rule to be deleted 9 5 4 Display ACL Rules To see existing ACL rules just open the ACL Rule Configuration page by clicking Firewall NAT ACL menu and then select a trafﬁc direction f...

Page 90: ...the Move to drop down list Note that the number indicates the priority of the rule with 1 being the highest Higher priority rules will be examined prior to the lower priority rules by the ﬁrewall 5 Make desired changes to any or all of the following fields source destination IP service time and log Please see Table 9 3 for explanation of these ﬁelds 6 Click on the Add button to create the new Self...

Page 91: ...D drop down list 3 Make desired changes to any or all of the following ﬁelds action source destination IP service time and log Please see Table 9 3 for explanation of these ﬁelds 4 Click on the Modifiy button to save the changes The new settings for this Self Access rule will then be displayed in the Existing Self Access ACL table located at the bottom half of the Self Access ACL conﬁguration page...

Page 92: ...ccessible to the external users the router is able to identify the service requested by the service port number and redirects the request to the appropriate internal server Note RX3042H supports only one server of any particular type at a time 9 6 4 View Conﬁgured Self Access Rules To see existing Self Access Rules just open the Self Access ACL configuration page by clicking Firewall NAT Self Acce...

Page 93: ...allows you to set the destination network to which this rule should apply Use the drop down list to select one of the following options Any IP Address Enter the IP address of the virtual server if the virtual server has a known public IP address Interface Use the IP address of the selected interface as the destination IP address Available options are eth1 WAN1 eth2 WAN2 ppp1 WAN1 unnumbered ppp2 W...

Page 94: ... this option and create a proper ACL rule to control access to the virtual server Table 9 6 Port Numbers for Popular Applications Application Service Port Numbers AOE II Server 2300 2400 AUTH 113 Baldurs Gate II 2300 2400 Battle Isle 3004 3004 Counter Strike 27005 27015 Cu See Me 7648 7648 56800 24032 Diablo II 4000 4000 DNS UDP 53 53 FTP TCP 21 21 FTP TCP 20 ALG 21 GOPHER TCP 70 70 HTTP TCP 80 80...

Page 95: ...C UDP 5800 5800 9 7 2 Virtual Server Example 1 Web Server Figure 9 10 illustrates the network topology for the web server deployment This web server provides HTTP service using TCP port 8080 Figure 9 10 Virtual Server Deployment Topology Following describes the procedure to setup the web server as illustrated in Figure 9 10 1 Open the Virtual Server conﬁguration page as shown in Figure 9 9 by clic...

Page 96: ...ding the http service a new service type must be created for http service using TCP port 80 Click on the Edit button on the redirect service ﬁeld to create a new service type In the popped up Service conﬁguration page enter the service name protocol and port number as shown in Figure 9 12 and then click on the Add to list to create the new service type HTTP_8080 Finally click the Save Exit button ...

Page 97: ...he procedure to setup the FTP server as illustrated in Figure 9 10 1 Open the Virtual Server conﬁguration page as shown in Figure 9 9 by clicking the Firewall NAT Virtual Server menu 2 Enter the needed information as shown in Figure 9 13 3 Click Add to save the virtual server settings Figure 9 13 Virtual Server Example 2 FTP Server 9 8 Conﬁgure Special Application Some applications use multiple TC...

Page 98: ...corresponding inbound packets with the incoming port numbers speciﬁed in the Incoming Port Range ﬁeld to pass through the router For a list of port numbers used by some popular applications please refer to Table 9 8 Incoming Protocol The protocol that the corresponding inbound packet used The available options are TCP UDP and TCP UDP Incoming Port The port range that the corresponding inbound pack...

Page 99: ...ial Application Example Figure 9 14 Special Application Conﬁguration Page Following describes the procedure to setup a special application for MSN Gaming Zone 1 Open the Special Application conﬁguration page as shown in Figure 9 14 by clicking the Firewall NAT Special Application menu 2 Check Enabled checkbox 3 Select TCP UDP from the trigger protocol drop down list If you are not sure whether the...

Page 100: ...ou are not sure whether the application uses TCP or UDP protocol you may select TCP UDP in this ﬁeld 6 Enter incoming port range in this case 2300 2400 and 28800 29000 7 In the Comment ﬁeld enter the name identifying this application which is MSN Gaming Zone in this instance 8 Click Apply to save the settings ...

Page 101: ...ion Restart system Update ﬁrmware 10 1 Conﬁgure System Services As shown in Figure 10 1 you can use the System Services conﬁguration page to enable or disable services supported by the RX3042H All services except DDNS SNTP UPnP and RIP are all enabled at the factory To disable or enable individual service follow the steps below 1 Open the System Services configuration page by clicking Management S...

Page 102: ... and password is only used for logging into the Conﬁguration Manager it is not the same login password that you use to connect to your ISP Figure 10 2 System Administration Conﬁguration Page Follow the steps below to change password 1 Open the System Administration conﬁguration page as shown in Figure 10 2 by clicking the Router Setup Administration menu 2 Changing login password a Type the new pa...

Page 103: ...r ISP for Internet access check the Clone WAN MAC check box and enter the registered MAC address here 3 Allow Administration from WAN check or uncheck the check box to enable or disable remote management via WAN port 4 Allow Ping Interface This option allows user to control access to the router using ping via the LAN or WAN ports Check the respective check box to enable ping from the respective in...

Page 104: ...s data Although there is a real time clock inside RX3042H you may also rely on external time servers to maintain correct time RX3042H allows you to configure up to three external time servers Make sure that the Enable check box is checked to activate the SNTP Simple Network Time Protocol service for time keeping Note Changing the date and time on RX3042H does not affect the date and time on your P...

Page 105: ...button to save the settings The synchronize the time between the real time clock and the external time servers 1 Open the Time Zone configuration page by clicking the Management Time Zone menu 2 Select your time zone from the drop down list 3 Check the Enable check box to activate the SNTP service 4 Enter IP addresses for the SNTP servers that will be used to update the system time 5 Click on Appl...

Page 106: ...Security Router This Read Only community name is used by the SNMP management station to read the settings in the Internet Security Router RW Community Name Community string is a clear text string that is used as password between the SNMP management station and the Internet Security Router This Read and Write community name is used by the SNMP management station to read and configure the settings i...

Page 107: ...ress of the SNMP management station that receives trap messages from the RX3042H 5 Click on Apply button to save the settings 10 6 Log Setup Log messages are stored in dynamic memory and will disappear after system is rebooted To keep a copy of the log messages you can setup a syslog server and have RX3042H send out the log messages to the server 10 6 1 Setting Up Remote Logging Using a Syslog Ser...

Page 108: ...shows a sample log You may click on the Reload button at the bottom of the Log configuration page to see the updated log messages To clear the log messages just click on the Clear Log button Figure 10 7 Sample Log 10 7 Conﬁguration Management 10 7 1 Restore System Conﬁguration to Factory Default Settings At times you may want to restore system configuration to the factory default settings to elimi...

Page 109: ... up to ask for conﬁrmation Click on the OK button to proceed otherwise click on the Cancel button to cancel the action Figure 10 9 Factory Reset Conﬁrmation 4 RX3042H will then reboot thereafter to make the factory default conﬁguration in effect Note a count down timer such as the one shown in Figure 10 8 will display to indicate when the reboot process will be completed Figure 10 10 Factory Reset...

Page 110: ... reset button for at least 5 seconds The system conﬁguration will be reverted back to the factory default settings after RX3042H is rebooted 10 7 2 Backup System Conﬁguration Follow the steps below to backup system conﬁguration 1 Open the Configuration Backup page by clicking the Management Conﬁguration Backup menu 2 Click on Apply button to backup the system conﬁguration Figure 10 11 Backup Syste...

Page 111: ...licking the Management Conﬁguration Restore menu Figure 10 12 Restore System Conﬁguration Page 2 Enter the path and name of the system conﬁguration ﬁle that you want to restore in the Conﬁguration File text box Alternatively you may click on the Browse button to search for the system configuration file on your hard drive A window similar to the one shown in Figure 10 13 will pop up for you to sele...

Page 112: ...ion Click the OK button to proceed otherwise click the Cancel button to cancel the action Note that the RX3042H will reboot to make the new system conﬁguration in effect Figure 10 14 System Conﬁguration Restoration Conﬁrmation 4 A system reboot count down timer will display as shown in Figure 10 15 Youʼll be reconnected back to RX3042H when the counter returns to zero You may need to manually conn...

Page 113: ...uration Manager provides an easy way to upload the new ﬁrmware image To upgrade the image follow this procedure 1 Open the Firmware Upgrade page as shown in Figure 10 16 by clicking the System Firmware Upgrade menu Figure 10 16 Firmware Upgrade Page 2 In the Select Firmware text box enter the path and name of the firmware image file Alternatively you may click on Browse button to open a ﬁle manage...

Page 114: ... dialog window such as the one below will pop up to ask for conﬁrmation of the firmware upgrade Click the OK button to proceed otherwise click the Cancel button to cancel the action Figure 10 18 Firmware Upgrade Conﬁrmation 4 Firmware upgrade status and progress will be shown as illustrated in Figure 10 19 Figure 10 19 Firmware Upgrade Progress ...

Page 115: ... 6 When you are reconnected to the RX3042H click Status menu to check if the new ﬁrmware is properly upgraded Note that you probably need to clear the cache of your web browser to see the new System Information page Following is the procedure to clear the browser cache for Microsoft Internet Explorer a Click on Tools menu b Click on Internet Options menu c Click on Delete Files button to clear the...

Page 116: ...uration Manager open the Logout page by clicking the Logout menu and click on the Apply button If you are using IE as your browser a window similar to the one shown in Figure 10 22 will prompt for confirmation before closing your browser Figure 10 22 Conﬁguration Manager Logout Page Figure 10 23 Conﬁrmation for Closing Browser IE ...

Page 117: ...addresses as decimal numbers separated by dots is called dotted decimal notation The IP address 20 56 0 211 is read twenty dot ﬁfty six dot zero dot two eleven 11 1 1 Structure of an IP address IP addresses have a hierarchical design similar to that of telephone numbers For example a 7 digit telephone number starts with a 3 digit preﬁx that identiﬁes a group of thousands of telephone lines and end...

Page 118: ...osts Up to 126 of these huge networks can exist for a total of over 2 billion hosts Because of their huge size these networks are used for WANs and by organizations at the infrastructure level of the Internet such as your ISP Class B networks are smaller but still quite large each able to hold over 65 000 hosts There can be up to 16 384 class B networks in existence A class B network might be appr...

Page 119: ...nto two subnets you would use the subnet mask 255 255 255 128 Itʼs easier to see whatʼs happening if we write this in binary 11111111 11111111 11111111 10000000 As with any class C address all of the bits in ﬁeld1 through ﬁeld 3 are part of the network ID but note how the mask speciﬁes that the ﬁrst bit in ﬁeld 4 is also included Since this extra bit has only two values 0 and 1 this means there ar...

Page 120: ...Masks and Subnets RX3042H User s Manual 108 Class A 255 0 0 0 Class B 255 255 0 0 Class C 255 255 255 0 These are called default because they are used when a network is initially conﬁgured at which time it has no subnets ...

Page 121: ...e RX3042H to negotiate a connection with your broadband modem LINK LAN LED does not illuminate after Ethernet cable is attached Verify that the Ethernet cable is securely connected to your LAN hub or PC and to the RX3042H Make sure the PC and or hub is turned on Verify that your cable is sufficient for your network requirements A 100 Mbit sec network 100BaseTx should use cables labeled Cat 5 10Mbi...

Page 122: ... with your ISPʼs DNS server Conﬁguration Manager Program You forgot lost your Conﬁguration Manager user ID or password If you have not changed the password from the default try using admin as the user ID and admin for the password Otherwise you can reset the device to the default configuration by following the instructions provided in section 10 6 1 Restore System Configuration WARNING Resetting t...

Page 123: ...uter with which you are trying to communicate On Windows based computers you can execute a ping command from the Start menu Click the Start button and then click Run In the Open text box type a statement such as the following ping 192 168 1 1 Click OK You can substitute any private IP address on your LAN or a public IP address for an Internet site if known If the target computer receives the messa...

Page 124: ...ookup You can use the nslookup command to determine the IP address associated with an Internet site name You specify the common name and the nslookup command looks up the name on your DNS server usually located with your ISP If that name is not an entry in your ISPʼs DNS table the request is then referred to another higher level server and so on until the entry is found The server then returns the...

Page 125: ...ty There may be several addresses associated with an Internet name This is common for web sites that receive heavy traffic they use multiple redundant servers to carry the same information To exit from the nslookup utility type exit and press Enter at the command prompt ...

Page 126: ......

Page 127: ...gned addresses 48 DHCP Server Conﬁguration page 46 Diagnosing problems after installation 20 DMZ IP address 29 DNS 50 deﬁned 50 relay 51 Domain Name System See DNS Dynamically assigned IP addresses 36 Eth 0 interface deﬁned 22 Ethernet cable 12 Features 1 Firmware Upgrade page 101 Firmware upgrades 101 Front panel 5 Gateways in DHCP pools 45 Gateway deﬁned 53 Hardware connections 11 12 Host ID 105...

Page 128: ...d 68 PAT 65 Reverse NAPT 67 Virtual Server 67 Navigating 26 Netmask See Network mask Network classes 107 Network ID 107 Network interface card 1 Network mask 107 Network Setup 28 Network Setup Configuration page 28 Node on network deﬁned 27 Notational conventions 1 nslookup 112 Packet ﬁltering 63 Pages DHCP Address Table 47 DHCP Lease Table 49 DHCP Server Conﬁguration 46 Firmware Upgrade Upgrade 1...

Page 129: ...Route Conﬁguration page 56 Static routes adding 57 Statically assigned IP addresses 45 Subnet masks 107 System requirements for Conﬁguration Manager 23 System requirements 1 System Status page 20 Testing setup 20 Time and date changing 92 Troubleshooting 109 Typographical conventions 1 Upgrading ﬁrmware 101 User Password Conﬁguration page 90 Username default 19 24 WAN DHCP 29 WAN IP address 29 Web...

Search results

Summary of Contents for RX3042H

Reviews:

Brands by name

Popular brands

Asus RX3042H, User Manual

Search results

Summary of Contents for RX3042H

Reviews:

Brands by name

Popular brands