background image

BIPAC 6500W Wireless Broadband VPN Firewall Router 

 

Select 

TCP

 if you want to scope for the connection-based application service on the remote 

server using the port number. Or select 

UDP 

if you want to scope for the connectionless 

application service on the remote server using the port number. 

Log:

 Choose “Yes” if you want to generate logs when the filer rule is applied to a packet. 

Action When Matched:

 If any packet matches this filter rule, 

Forward

 or 

Drop

 this packet. 

Source IP Address:

 Enter the incoming or outgoing packet’s source IP address(es). 

Source Port:

 Check the TCP or UDP packet’s source port number(s). 

Destination IP Address:

 Enter the incoming or outgoing packet’s destination IP address(es). 

Destination Port:

 Check the TCP or UDP packet’s destination port number(s). 

 

If the DHCP server option is enabled, you have to be very careful in assigning the IP 
addresses of filtered private IP range in order to avoid conflicts because you do not 
know which PC in LAN is assigned to which IP address. The easiest and safest way 
is that the filtered IP address is assigned to specific PC that is not allowed to access 
outside resource such as Internet. You configure the filtered IP address manually to 
this PC, but it is still in the same subnet with the router. 

 

3.4.3.5.2 MAC Filter 

MAC filtering function enables you to configure your router to block specified internal user (

MAC 

address

) from Internet access. You must check the 

“Enable”

 radio button to make the 

following figure appear for further configuration. 

 

MAC Address :

 Enter the MAC address you want to configure. Then, click the “Add” button to 

add this MAC address into the following list. If you want to eliminate the MAC address you have 

Summary of Contents for BIPAC 6500W

Page 1: ...BIPAC 6500W Wireless Broadband VPN Firewall Router with 4 port 10 100M Switch User Manual ...

Page 2: ......

Page 3: ... 3 4 3 3 WAN 22 3 4 3 4 System 25 3 4 3 4 1 Password 25 3 4 3 4 2 Time Zone 26 3 4 3 4 3 Upgrade 27 3 4 3 4 4 Factory Setting 27 3 4 3 5 Firewall 28 3 4 3 5 1 Packet Filter 28 3 4 3 5 2 MAC Filter 30 3 4 3 5 3 Block Hacker Attack 31 3 4 3 5 4 Block WAN Request 32 3 4 3 5 5 URL Blocking 33 3 4 3 6 VPN 35 3 4 3 7 Virtual Server 35 3 4 3 8 Advanced 37 3 4 3 8 1 Remote Config 37 3 4 3 8 2 Dynamic Rout...

Page 4: ...rld to make sure it works fine 52 How can I check the active IP settings for my WAN port 53 Where can I find the WAN port s MAC address 53 How can I explore a local server to be visible to outside users 53 What is DMZ host 54 How to configure my MacOS to surf Internet through the BIPAC 6500W 54 How can I do if I forget the password for accessing Router 54 How can I do if there is already a DHCP se...

Page 5: ...e services that outside users can access For example to ensure that games and other Internet applications will run properly user can open some specific ports for outside users to access internal services in network Finally it can also detect and block many Hacker Patterns and not allow hacker into your network Integrated DHCP services client and server allow up to 253 users to get their IP address...

Page 6: ...ures BIPAC 6500W provides the following features Network Protocols and Features PPPoE PPTP and DHCP client connection to ISP NAT static routing and RIP 1 2 Supports multiple Application Level Gateway ALG algorithms for multimedia applications such as ICQ NetMeeting MS Messenger QUAKE Real Player etc Universal Plug and Play compliant UPnP Dynamic Domain Name System DDNS Virtual Server and DMZ SNTP ...

Page 7: ...etc Packet filtering port source IP address destination IP address MAC address URL filtering string or domain name detection in URL string Virtual Private Network VPN Embedded IPSec PPTP client Embedded L2TP and L2TP over IPSec future release IKE key management DES and 3DES encryption for IPSec L2TP PPTP IPSec pass through ...

Page 8: ...Router 1 4 BIPAC 6500W Application Be noted the router provides a 10 100Mbps Ethernet port 10Base T in the WAN site it will not detect MDI and MDIX automatically Therefore an Ethernet cross over cable should be used to connect to DSL CABLE modem ...

Page 9: ...Place the router on the stable surface Only use the power adapter that comes with the package 2 2 The Front LEDs LED Meaning 1 Power Lit green when power ON 2 SYS Lit when system is ready 3 4 WLAN LAN 1 5 LAN 2 6 LAN 3 7 LAN 4 Lit green when wireless connection is established Flashes when sending receiving data Lit green when connected at 100 Mbps Lit orange when connected at 10 Mbps Flashes when ...

Page 10: ...ork RESET After the device is powered on press it to reset the device or restore to factory default settings 0 3 seconds reset the device 3 6 seconds no action 6 seconds or above restore to factory default settings this is used when you can not login to the router e g forgot the password PWR jack Connect the supplied power adapter to this jack Power Switch A Power ON OFF switch 2 4 Cabling Please ...

Page 11: ...n an IP address through a DHCP server or a fixed IP address which must be in the same subnet of the router The default IP address of router is 192 168 1 254 and subnet mask is 255 255 255 0 The best and easy way is to configure the PC to get an IP address from the router Please follow the steps below for PC s network environment installation First of all please check your PC s network components T...

Page 12: ...BIPAC 6500W Wireless Broadband VPN Firewall Router 3 In the Local Area Connection Status window click Properties 4 Select Internet Protocol TCP IP and click Properties ...

Page 13: ... and the Obtain DNS server address automatically radio buttons 6 Click OK to finish the configuration Configuring PC in Windows 2000 1 Go to Start Settings Control Panel In the Control Panel double click on Network and Dial up Connections 2 Double click Local Area Connection ...

Page 14: ...BIPAC 6500W Wireless Broadband VPN Firewall Router 3 In the Local Area Connection Status window click Properties 4 Select Internet Protocol TCP IP and click Properties ...

Page 15: ...cally radio buttons 6 Click OK to finish the configuration Configuring PC in Windows 95 98 ME 1 Go to Start Settings Control Panel In the Control Panel double click on Network and choose the Configuration tab 2 Select TCP IP NE2000 Compatible or the name of your Network Interface Card NIC in your PC 3 Click Properties ...

Page 16: ...N Firewall Router 4 Select the IP Address tab In this page click the Obtain an IP address automatically radio button 5 Then select the DNS Configuration tab 6 Select the Disable DNS radio button and click OK to finish the configuration ...

Page 17: ...indows NT4 0 1 Go to Start Settings Control Panel In the Control Panel double click on Network and choose the Protocols tab 2 Select TCP IP Protocol and click Properties 3 Select the Obtain an IP address from a DHCP server radio button and click OK ...

Page 18: ...lly 4 DHCP server DHCP server is enabled IP address pool from IP Address 192 168 1 100 to IP Address 192 168 1 199 3 2 1 Password The password is left blank as the default setting When configuring your router with Web browser just click OK and then you are logged in for the first time It is recommended that you set a password for security and management purpose BIPAC 6500W maintains the password o...

Page 19: ...e you have to check with your ISP what kind of service is provided such as PPPoE Fixed IP obtain an IP address automatically or PPTP client Gather the information as illustrated in the following table and keep it for reference PPPoE Username Password Service Name Domain Name System DNS IP address it can be automatically assigned from ISP or be set fixed Fixed IP IP address Subnet mask Gateway addr...

Page 20: ...he default password is left blank If you have set a password enter that and click OK to continue At the configuration homepage the left navigation pane where bookmarks are provided links you directly to the desired setup page including Quick Start Configuration LAN WAN Firewall System VPN Virtual Server Advanced and Help Status System Status Device Info System Logs Security Logs ARP Cache Table DH...

Page 21: ... Logout the device when you finish configuring the router 3 4 2 Quick Start If you use this device to access the Internet through the ISP this web page is enough for you to configure this router and access the Internet without a problem Please check Chapter 3 3 Information from the ISP then enter the proper values into this web page click the Apply button and then click the Save Config button to s...

Page 22: ...er 3 4 3 Configuration When you click this item you get following sub items to configure the ADSL router LAN WAN Firewall System VPN Virtual Server Advanced and Help 3 4 3 1 LAN This screen contains settings for LAN interface attached to the LAN port ...

Page 23: ...e sure your PC is also located at the same IP subnet Otherwise you may not be able to access the router Subnet Mask Default at 255 255 255 0 If you ever forget the LAN IP address we provide an utility running in MS Windows to find it automatically It is included in the installation CD named RouterFinder exe The PC with RouterFinder EXE and device should locate at the same local area network LAN ...

Page 24: ...Enter the start address of this local IP network address pool The pool is a piece of continuous IP address segment The default value is 192 168 1 100 To Enter the last address of this local IP network address pool that you want the DHCP server to assign IP addresses to The default value is 192 168 1 199 With this case the DHCP pool is from 192 168 1 100 to 192 168 1 199 Therefore the local compute...

Page 25: ... over the network the wireless broadband VPN Router offers highly secure data encryption known as WEP If you require high security in transmission there are two alternatives WEP64 and WEP128 for your selection Encryption Key Enter the key to encrypt wireless data To allow encrypted data transmission the WEP Encryption Key values on all wireless stations must be the same as that of the device Hide ...

Page 26: ...lly when logon Host Name Enter the host name provided by your ISP The maximum input is 20 alphanumeric characters case sensitive Domain Name Enter the domain name provided by your ISP The maximum input is 20 alphanumeric characters case sensitive MAC Address Specify the MAC address if your ISP needs it The Default MAC address is router s MAC address NAT The NAT feature allows multiple users to acc...

Page 27: ...rpose If it is required your ISP will provide you the information Maximum input is 20 alphanumeric characters Specify an IP address Specify the router IP address if your ISP needs to use it NAT The NAT feature allows multiple users to access Internet through a single IP account sharing the single IP address If users in the LAN site have public IP addresses and can access Internet directly the NAT ...

Page 28: ...sharing the single IP address If users in the LAN site have public IP addresses and can access Internet directly the NAT function can be disabled PPTP Client Some DSL Cable modems only support PPTP tunnel method to access Internet such as Alcatel s DSL modem Therefore configure this WAN interface to use PPTP client carrying PPP information to make a tunnel with the DSL modem then DSL modem will fo...

Page 29: ...ber so that you may just enter the friendly name www yahoo com and DNS converts it to its equivalent IP address You can obtain Domain Name System DNS IP address automatically if ISP provides it when you logon This Obtain DNS address automatically selection is set as default when you choose Obtain an IP Address Automatically PPPoE or PPTP Client as your WAN ISP protocol Or your ISP may provide you ...

Page 30: ...at your Caps Lock is off 3 4 3 4 2 Time Zone BIPAC 6500W does not have a real time clock on board instead it uses the simple network time protocol SNTP to get the current time from the SNTP server in outside network Please choose your local time zone and click Apply button You will get the correct time information after you really establish a connection to Internet The current time of selected tim...

Page 31: ...ur local environment first Press the Browse button to specify the path of the firmware file Then click Upgrade to start upgrading When the procedure is completed the router will reset automatically to make the new firmware work 3 4 3 4 4 Factory Setting If for any reason you have to reset this router back to factory default settings be careful that the current settings will be lost and the setting...

Page 32: ...function enables you to configure your router to block specified internal external user IP address from Internet access or you can disable specific service request Port number to from Internet You must check the Enable radio button to make the following figure appear for further configuration This configuration program allows you to set up different filter rules up to 10 for different users based ...

Page 33: ...dit Then click the Edit button Delete Check the Rule No you want to delete Then click the Delete button Outgoing Incoming Determine whether the rule is for outgoing packets or for incoming packets Active Choose Yes to enable the rule or choose No to disable the rule Packet Type Specify the packet type TCP UDP ICMP or any that the rule will be applied to ...

Page 34: ...et s destination port number s If the DHCP server option is enabled you have to be very careful in assigning the IP addresses of filtered private IP range in order to avoid conflicts because you do not know which PC in LAN is assigned to which IP address The easiest and safest way is that the filtered IP address is assigned to specific PC that is not allowed to access outside resource such as Inte...

Page 35: ...ress listed in the list 3 4 3 5 3 Block Hacker Attack BIPAC 6500W can automatically detect and block the DoS Denial of Service attack if user enables this function This kind of attack is not to achieve the confidential data of this network instead it aims to crush specific equipment or the entire network If this happens the users will not be able to access the network resources The following hacke...

Page 36: ...e informed by emails when hackers attack the router E mail address The alert mail will be sent to this address SMTP server Enter the SMTP server of the above E mail address 3 4 3 5 4 Block WAN Request Check Enable if you want to exclude outside PING request from reaching on this router ...

Page 37: ... Block From to Check this button if you only wish to block a URL in a specific time interval For example if you wish to temporarily block a URL from Monday 8 00am until Wednesday night at 7 40pm in the space provided above you should select 08 00 Monday to 19 40 Wednesday Domains Filter Check if you want to enable the Domains Filtering function and click the Detail button for further configuration...

Page 38: ...to the domain list Users will no longer be able to access the websites from the LAN To add a domain name enter its host name such as www bad site com into the text field under Domain and click Add The domain will be shown in the Domain List Do not enter the complete URL of the site that is do not include http All subdomains are allowed For instance taking yahoo com as the trusted domain means that...

Page 39: ...twork is a secured Internet protocol to allow users to access the company internal network resources outside the company network If you want to make this function take effect check the Enable button Hence the following fields will be activated There is three items under VPN section PPTP IPSec and L2TP The reference of VPN please refer to VPN Configuration document of CD 3 4 3 7 Virtual Server Bein...

Page 40: ...onnectionless application service on the remote server using the port number DMZ IP Address Regarding the DMZ Host it is a local computer exposed to the Internet Therefore an incoming packet will be checked by Firewall and NAT algorithms in the router then passed to the DMZ host when packet is not sent from hacker and not matched by virtual server list If the DHCP server option is enabled you have...

Page 41: ...rt number please use your own port if you change the default value If for any reason you want to limit the IP addresses for remote login please enter the Start IP and the End IP address But be noted that the range is not allowed to exceed 254 If the NAT function is disabled the URL should be http LAN IP address where LAN IP address is the IP address of the router s LAN port You can find the value ...

Page 42: ...e network 3 4 3 8 3 Static Routing If you have another router with a LAN to LAN connection you may create a static routing on the router that is the gateway to Internet Add Click this button to add a new static routing When you click this button the next figure appears Edit Check the item you want to edit Then click the Edit button ...

Page 43: ...red by this Static Routing function 3 4 3 8 4 Dynamic DNS With Dynamic DNS service a domain name can be translated into a dynamic IP address which is often issued by ISP for dial up service A local server such as Web server Email server or FTP server can then be easily accessed without knowing the changing IP address Check the Enable button to access the Dynamic DNS service ...

Page 44: ...utomatically whenever the assigned IP changes 3 4 3 8 5 Check Email The router may set a Email account to periodically check up incoming mail LED flashes green when there is Email Account Enter your Email account in the field Password Enter your Email password in the field Incoming Mail Server Specify your incoming mail server name or IP address Interval to Check Periodical timer checks up incomin...

Page 45: ...N Messenger will discover that they are behind a NAT router learn the external IP address and configure port mappings on the router to forward packets from the external ports of the router to the internal ports used by the application 3 4 3 9 Help After click on the hyperlink of Help in the left pane the following html page will jump out This page would be a good reference as you proceed the confi...

Page 46: ...current LAN and WAN connection status The first line under the WAN segment displays the ISP protocol you set You can see the status of connection from its right side column If you choose Obtain an IP Address Automatically as your protocol there will be a Renew button beside the connection status description Click this Renew button whenever you want to get a new IP Address rather than the existent ...

Page 47: ...SP You will see the system status changing from connecting authenticating to connected if the procedure of connecting works smoothly When you want to disconnect from your ISP under connected status just click the Disconnect button In the PPTP Client protocol you can press the Connect button when the line is disconnected or press the Disconnect button when the line is connected ...

Page 48: ...utomatically every 15 seconds which enables you to get the most updated status of your system You can also click the Refresh button to get the latest information of system status manually 3 4 4 2 Device Info Display the current Firmware version and MAC addresses of your router ...

Page 49: ...al information through this function Refresh Click Refresh to get the latest information of system logs 3 4 4 4 Security Logs Display the information of security logs If hacker attacks your sever he will be isolated by the firewall function and the router will record related information Hence you know where the hacker comes from ...

Page 50: ...of system logs 3 4 4 5 ARP Cache Table From this table you can see the IP address of each PC in your LAN as well as its associated MAC address 3 4 4 6 DHCP Table If you enable the DHCP server function of this device you can see the assigned IP addresses and their associated MAC addresses from this table ...

Page 51: ...Chapter 3 Configuration 47 3 4 4 7 Routing Table Display the current routing paths of the router 3 4 4 8 VPN Connect Status Display the current VPN connection status ...

Page 52: ...BIPAC 6500W Wireless Broadband VPN Firewall Router ...

Page 53: ...ault settings go to the Web configuration window Enter Factory Setting under System and then click Reset to begin the process Why do I get IP conflict information in my computer When you see the message box prompted for IP address conflict in your computer it could be caused by rebooting the router or by two or more workstations occupying the same IP address Please run the winipcfg utility to rele...

Page 54: ...n t find the necessary information call the software maker and ask what ports need to be opened for the software to work through a firewall Can I upgrade the gateway s firmware We provide two firmwares one bfw is for boot code and the other afw is application code Usually you do not need to upgrade boot code in stead there is a specific description to upgrade boot code first for upgrading applicat...

Page 55: ...leases if allowed by the network and get the current IP address assignments through this program 1 From Windows go to Start Run enter WINIPCFG and click OK 2 The following figure displays the adapter address and current TCP IP address Select the correct Ethernet adapter that is installed in this computer at the Ethernet Adapter Information Select the correct Ethernet adapter 3 Click the More Info ...

Page 56: ...should list the product s local port address the device s IP address 3 The DNS server IP addresses should match the DNS server IP addresses set in the device IPCONFIG EXE For WinNT Win2000 and WinXP go to Start Programs Accessories Command Prompt to open the Command Prompt Type in IPCONFIG ALL and hit Enter to see the adapter s information Type in IPCONFIG RELEASE to release all adapters IP addres...

Page 57: ...here can I find the WAN port s MAC address When you need this WAN port MAC address you can refer the MAC label in the enclosure But the easiest way is to use Web based GUI to check it Please enter Status Device Info or WAN Obtain an IP address automatically then you will see the MAC address for WAN port Usually some cable operators need this information for registration How can I explore a local s...

Page 58: ...ll rules Virtual Server rules and then DMZ host How to configure my MacOS to surf Internet through the BIPAC 6500W Please make sure the MacOS open transport networking protocols is installed We will suggest that the router has DHCP server enabled and MacOS gets an IP address automatically because MacOS will get the other information at that same time such as DNS IP address subnet mask and Gateway ...

Page 59: ...rname Password Service Name Domain Name System DNS IP address it can be automatically assigned from ISP or be set fixed Fixed IP IP address Subnet mask Gateway address Domain Name System DNS IP address it is fixed IP address Obtain an IP Address Automatically Domain Name System DNS IP address it can be automatically assigned from ISP or be set fixed PPTP Client Username password PPTP server s IP a...

Page 60: ...ervices please refer below for details Application Settings for Outgoing Connection Setting for Incoming connection ICQ98a 99b None None Netmeeting 2 1 3 0 None 1503 tcp 1720 tcp AOE 2300 2400 tcp 2300 2400 udp 47624 tcp 2300 2400 tcp 2300 2400 udp 47624 tcp VDO Live None None mIRC None None Cu Seeme 7648 tcp 7648 udp 24032 udp 7648 tcp 7648 udp 24032 udp PCAnywhere 5632 udp 22 udp 5631 tcp 65301 ...

Page 61: ...e solved by using the Troubleshooting in Chapter 4 If you continue to have problems you should contact the dealer where you bought this product For further assistances with the product please feel free to contact and visit us at http www billion com T ...

Reviews: