manualshive.com logo in svg

Contemporary Controls CTRLink EIAR-10T, User Manual, Page: 44 / 78

Share
Download
Contemporary Controls CTRLink EIAR-10T User Manual Download Page 44

 

Configuration

 

 

4-42

4.3.1.8

 

Menu option "Firewall" 

The firewall of the router offers two data filtering options: 

 

a packet filter 

 

a port filter 

The packet filter always considers the IP addresses. It only passes IP 
packets with permitted IP addresses, and blocks packets of illegal 
addresses. As a rule, complete network(s) (areas) are enabled or 
disabled in order to prohibit or permit individual hosts selectively as 
required. 

The router offers three preconfigured packet filters: 

 

Masqueraded networks 
These subnets are masked externally, i.e. these networks appear 
externally as a host. 

 

Routed networks 
Packets sent into these subnets are forwarded, but not masked. 

 

Trusted networks 
Packets exchanged between these subnets are forwarded 
unobstructed and are not masked. This makes sense, in particular, 
with reference to the port filter and to the black/white lists (see 
below). 

In addition, the router keeps a black or white list of hosts for which the 
access to the routed / masked networks is to be permitted / prohibited 
explicitly.  

A port filter assesses packets not by their source or target address, but 
by their target port. For example, all packets aimed at a certain port are 
discarded, or all packets of a certain port are transferred to another 
computer. 

 

CAUTION !!! 

Any settings in the "Firewall" area pertain directly to the security 
of your network. 

Any modifications should therefore only be made if you have the 
appropriate knowledge. 

 

 

CAUTION 

Summary of Contents for CTRLink EIAR-10T

Page 1: ...CTRLink Router EIAR 10T Internet Access Router Contemporary Controls GmbH Fuggerstra e 1 B 04158 Leipzig Tel 341 520359 0 Fax 341 520359 16 Version 2 4 1 Oktober 2005...

Page 2: ...ecked the content of this manual for conformity with the hardware and software described Nevertheless because deviations cannot be ruled out we cannot accept any liability for complete conformity The...

Page 3: ...sposal 1 8 1 10 Liability 1 9 2 Use as Prescribed 2 10 2 1 Range of application 2 10 3 Description of Functions 3 11 3 1 General Description of Functions 3 11 3 2 Functioning of Dial on Demand 3 11 3...

Page 4: ...39 4 3 1 7 Menu option Logging 4 40 4 3 1 8 Menu option Firewall 4 42 4 3 1 9 Menu option Firewall Masquerading 4 43 4 3 1 10 Menu option Firewall Routing 4 43 4 3 1 11 Menu option Firewall Trusted Ne...

Page 5: ...1 2 Top hat rail 5 65 5 1 3 Swirl mounting 5 66 5 2 Installation notes 5 67 5 2 1 Mounting the router on the top hat rail 5 67 5 2 2 Functional earthing of the Internet Access Router 5 67 5 3 Installa...

Page 6: ...Contents 4 7 Standards and Certifications 7 74 7 1 Harmonised standards 7 74 7 2 Certification to DIN EN ISO 9001 7 74 7 3 Approbations 7 74 7 4 CE marking 7 74 8 Symbols Used 8 75...

Page 7: ...is used to draw your attention to an important recommendation to be observed 1 3 Hazards resulting from use other than as described Use other than as prescribed may result in personal injuries to the...

Page 8: ...er It must only be started up by an electrical expert Service and maintenance as well as troubleshooting must only be carried out by qualified expert personnel 1 5 1 Operator The operator is an instru...

Page 9: ...fuse is installed in the incoming supply feeder For operation of the Internet Access Router please refer to the information provided in Chapter 6 Technical Data 1 7 Safety regulations The Internet Ac...

Page 10: ...ective covering and safety devices immediately after completion of service and maintenance work and check their functioning Spare parts The use of inappropriate spare parts may result in loss of life...

Page 11: ...notices and instructions contained in this Instruction Manual Use other than prescribed exclusion of liability Contemporary Controls will not be liable for damage resulting from use or application of...

Page 12: ...network can be controlled via IP based services Telnet SSH Any errors in configuring in the execution of any work or operations as well as inadvertent false operation may impair the proper functionin...

Page 13: ...onnection the router can be monitored and configured Since the router shows a transparent behaviour with such a direct PPP connection the clients working in the Ethernet can be addressed directly and...

Page 14: ...ternal modem Check whether there are services in your network which put queries to the Internet automatically at cyclic intervals e g Netscape Mail Such queries may result in an undesired connection o...

Page 15: ...he Internet To address the router using its domain name it is recommended to configure also an appropriate dynamic DNS provider when selecting this function see Section 4 3 1 14 To provide a secure co...

Page 16: ...POWER connection on the front side of the device Directly after connecting the power the status display of the LEDs may vary only the Power LED must be lit in green The LED will only indicate the stat...

Page 17: ...E ETHERNET off ERROR red POWER green A check is carried out to see whether the ETHERNET connection can be addressed States of the LEDs ACTIVE MODEM off ACTIVE ETHERNET red ERROR red POWER green All re...

Page 18: ...2 168 1 x or else the address 192 168 1 100 may already exist The router can be set to any address via a serial connection using a terminal program to allow access via a browser Any further configurat...

Page 19: ...Example setip 192 168 1 150 255 255 255 0 The change is written to the configuration file of your router and stored permanently using the command save see the following illustration For subnetting a s...

Page 20: ...l modem cable The relevant procedure is described in Section 4 2 2 Either a standard web browser recommended or an SSH client not recommended can be used for configuring the router 4 1 3 Configuring v...

Page 21: ...of the router itself Access to the underlying network however is not possible It is also possible however to reload the original default settings if the router is configured not correctly if you pres...

Page 22: ...use the configuring options via the telephone network or via the serial interface not recommended 4 2 1 1 Windows 2000 To assign a network card one or several IP addresses under Windows2000 administr...

Page 23: ...255 0 for the subnet mask Then click on OK the result should look as follows The computer you have just configured can now be seen both in the network 192 168 101 0 and in the network 192 168 1 0 It...

Page 24: ...e and assign your self temporary root rights su Password Type ifconfig to check the status of your network condition ifconfig eth0 lo Select the card you want to assign a second IP address here eth0 a...

Page 25: ...terface as well as a zero modem cable are required Connect the zero modem cable to the free serial connection on the PC side and to the RS 232 jack labelled External on the router side It is not relev...

Page 26: ...ion 4 24 Set the role you want to choose for this computer in the next tab to Host Now select the connection to which your zero modem cable is connected Answer the next question with Use connection ex...

Page 27: ...ttempts to establish a new connection immediately this should first be cancelled To process the connection just established choose Properties from the context menu On the General tab click on the Conf...

Page 28: ...Configuration 4 26 Now you can establish a connection If you double click on the zero modem connection the following screen should appear...

Page 29: ...2 3 Configuring via the telephone network Prerequisites You will need a PC on which a Web browser is installed and a modem The PC must be connected to a different telephone connection with a separate...

Page 30: ...tly to another computer for the type of connection Enter the number of the telephone connection to which the router is connected If you are prompted to specify the availability of the connection choos...

Page 31: ...configure the modem such that it does not wait for the dialling tone To this end the initialisation command ATX3 must additionally be entered in the tab Advanced settings in the modem configuration in...

Page 32: ...r is configured incorrectly and no longer boots correctly it is possible to restore the original default settings To do so press ENTER after you have been prompted to do so on the console while the ro...

Page 33: ...dem or 192 168 7 1 for direct serial line or 192 168 1 100 for Ethernet as the URL The dialog box for you to enter your user name and the password is displayed The default user name is admin and the d...

Page 34: ...so displayed The dialog language for the menus and help texts can be selected by clicking on the appropriate flag on the home page Currently German and English are supported default language is Englis...

Page 35: ...for the client For IP addresses any numbers between 1 and 254 are permissible If a higher address is set the router will not be found in the network by the browser In this case either restore the fact...

Page 36: ...enu is divided into two parts Set local date and local time Configure the time zone rules for daylight saving time Configuring date time Here you must enter the local date and the local time Setting o...

Page 37: ...General modem settings The menu shown below can be used to make general settings for configuring your modem Configuring the internal modem analogue The menu shown above can be used to configure the sp...

Page 38: ...and the MSN Multiple Subscriber Number of the internal modem The MSN is the dialling number of the modem connected to a multiple device port Configuring the external modem The configuration depends o...

Page 39: ...ly upon completion of configuring and with each start If an error occurs during these processes check first the status of your GSM modem If it is already logged in to your provider the PIN will be den...

Page 40: ...st in your network to be dissolved by the router itself and assign the name the appropriate IP address 4 3 1 5 Menu option SSH Here you can configure the SSH daemon If you want to use the SSH daemon t...

Page 41: ...er Any changes you make here will only come into effect after restarting the router In other words You may first finish configuring the router without undue problems before you restart the router It i...

Page 42: ...one network to a log host in a different network To define which status messages are to be forwarded appropriate rules can be defined Each rule specifies the type of service to be logged source the ty...

Page 43: ...f the user notice Creates status messages with reference to things that are to be handled in a special manner no errors warning Creates status messages that incorporate warnings err Creates status mes...

Page 44: ...ese subnets are forwarded but not masked Trusted networks Packets exchanged between these subnets are forwarded unobstructed and are not masked This makes sense in particular with reference to the por...

Page 45: ...hat any network addresses always contain xxx xxx xxx 0 i e always end with zero For each network specified either the appropriate subnet address must also be specified or else the number of bits set i...

Page 46: ...u option Firewall Trusted Nets By using this configuration menu the disabling of routing for certain ports see below and the black white list can be disabled for certain networks Here you can specify...

Page 47: ...ion Network Address Translation briefly DNAT Port access The routing via certain IP ports can be prevented For example it makes sense to prohibit the routing for the NETBIOS ports 137 to 139 Thus not...

Page 48: ...out modem commands For automatic hang up a wait time in seconds can be set in the field Dial out Timeout More than one destination can be defined If more than one destination is defined the function D...

Page 49: ...supports the following providers FreeDNS http freedns afraid org CJB NET http cjb net Companity http www staticip de DHS International http www dhs org DNS2Go http dns2go deerfield com The Art of DNS...

Page 50: ...e for dial in It is also possible however that both modems wait for incoming calls simultaneously The difference between dial in and call back is that in dial in the dialling computer establishes a di...

Page 51: ...N client must be started on the opposite side This can be either also a router see Section 4 3 1 17 or a Linux PC on which the relevant software is installed BSD Solaris http vtun sourceforge net 4 3...

Page 52: ...ation if the following LEDs are lit in green Power Error and Ethernet To activate a changed country code for the internal modem the router must be disconnected from the mains temporarily warm restart...

Page 53: ...Save current file Ctrl X then C Quit editor Only the command spiwr will save all settings in the flash of your router If you then reboot the system your changes come into effect A large part of the co...

Page 54: ...is included in the scope of supply The command setCountry h in the command line indicates all country codes possible setCountry device code will set the modem specified in device to code device must b...

Page 55: ...ARDERS 145 253 2 11 corresponds to External DNS server of provider company HOST_1_NAME kai first host name of the LIST OF HOSTS FOR DNS HOST_1_IP 192 168 101 44 the IP which is to be assigned to the a...

Page 56: ..._NETWORK 192 168 6 0 24 192 168 7 0 24 networks to be routed separate by spaces TRUSTED_NETS trusted networks separate by spaces either at least 2 or none FORWARD_HOST_WHITE no host list is white list...

Page 57: ...rnal modem is to be used for dial out enter here ttyS1 otherwise ttyS2 MODEM_SPEED 115200 speed of the modem MODEM_DIALOUT 0 0192658 number of the Internet provider MODEM_TIMEOUT 200 time of inactivit...

Page 58: ...n EXT_CALLBACK no Configuring the external modem for call back CAUTION If both dial in and call back are activated the modem will be configured to Dial in EXT_NULLMODEM yes Instead of a modem a zero m...

Page 59: ...l DNS2GO for DNS2Go DNSART for The Art of DNS DTDNS for DtDNS net DYNACCESS for dynaccess de DYNDNSDK for DynDNS dk DYNDNS for DynDNS org DYNEE for dyn ee DYNEISFAIR for eisfair net FIDOSOFT for fidos...

Page 60: ...ERVER_1_SERVERIP 192 168 1 254 virtual local IP address of the VPN server VTUND_SERVER_1_CLIENTIP 192 168 2 254 virtual remote IP address of the VPN client VTUND_SERVER_1_CLIENTNETMASK 255 255 255 0 v...

Page 61: ..._INTERVALL 60 time interval for the logging time marks in minutes SYSLOGD_DEST_N 1 number of logging rules SYSLOGD_DEST_2 192 168 1 123 First logging rule Structure source type targethost Which source...

Page 62: ...n the supplied CD Putty The following settings are nessesary in the PuTTY in menu Session Host Name or IP address IP Address of the router see chapter Fehler Verweisquelle konnte nicht gefunden werden...

Page 63: ...tical to those for configuring via the Serial console see Section 4 3 2 After configuration clear the SSH connection using the EXIT command SSH is a telnet like access to a remote computer The only di...

Page 64: ...outside must always be routed via the router This must be known to all clients Therefore the Ethernet IP address of the router default 192 168 1 100 must be specified as the standard gateway off all c...

Page 65: ...ard gateway of this computer is also adapted automatically To access the clients in the routers network with their host name the IP address of the DNS server factory default 192 168 1 100 has to be se...

Page 66: ...is Chapter provides all relevant information on the dimensions of Internet Access Router Top hat rail 5 1 1 Internet Access Router The sketch below shows the dimensions of the Internet Access Router D...

Page 67: ...To the montage hangs the appliance on the top hat rail at the desired position and locks through pressure to the back Releasing The top hat rail adapter is offered in two variants resulting in the di...

Page 68: ...e swirls When mounting at top hat rail adapters on the rear of the housing it is imperatives to observe the correct position of the retaining jumps Plastic variant Retaining jumps at the bottom Alumin...

Page 69: ...Functional earth terminal on the housing of the router and the equipotential bonding of the control cubicle The connection Functional earth serves purely operational functions modem function Make sur...

Page 70: ...5 4 Storage and storage temperatures The following values apply for storage Storage temperature 20 to 60 C Humidity 30 to 95 non condensing 5 5 Operating temperature humidity The following values appl...

Page 71: ...Hardware 5 69 5 6 Status display A total of four LEDs are to be found on the front side of the Internet Access Router to display the current operating condition...

Page 72: ...iption OFF Not connected Green steady light Ethernet interface active Red steady light Connected but no Ethernet interface found 5 6 3 Display Error LED Description OFF Green steady light The phase of...

Page 73: ...for the power supply and four interfaces are to be found on the front side of the Internet Access Router 5 7 1 Power supply The router can be powered either with 10 36 V DC or 8 24 V AC The power con...

Page 74: ...ule possesses an analog modem or an ISDN modem It is connected to the local telephone network via an RJ11 connector 5 7 3 Ethernet interface The device possesses a 10 Mbit Ethernet controller It is co...

Page 75: ...ections of the power supply Modem Ethernet Plug connectors with self disengaging screw terminals Connector type RJ11 Connector type RJ45 Conductor cross sections of the power supply connections min 0...

Page 76: ...ssion for residential commercial and light industrial environment EN 61000 6 2 Noise immunity for the industrial environment 7 2 Certification to DIN EN ISO 9001 Contemporary Controls GmbH is certifie...

Page 77: ...Symbols Used 8 75 8 Symbols Used Connection for the functional earthing Mains transformer d c power supply source Battery emergency power...

Page 78: ...Notes 8 76...

Reviews:

No comments