background image

17

Virtual Server Settings 

 

Virtual Servers

 are computers connected using the 

DMZ

 port. They act as servers 

to provide services to your LAN ports or other Internet users on the WAN ports. The 
Virtual Server setting page maps one global IP address 

-

 an IP address that is valid 

on the Internet, usually assigned by your ISP 

-

 to one local IP address from the IP 

address range assigned to the MH-5000

DMZ

 port. The default DMZ IP address is 

10.1.1.254, so the servers

 IP must range from 10.1.1.1 to 10.1.1.253, with a subnet 

mask of 255.255.255.0. 
 

 

 

Figure 2  Internet host connects to the Virtual Server behind MH-5000.

 

 
As the above Figure 2 illustrated, the server 10.1.1.5 provides FTP service and is 
located on the DMZ region behind MH-5000. By this way, MH-5000 will act as a 
Virtual Server role which redirects the packets to the real server 10.1.1.5. And you 
can announce to the internet users that the ftp server ip/port is 61.2.1.1/44444. So, 
all of the internet users can connect the 61.2.1.1/44444 to get ftp service. 
 

An  example  virtual  server:

  Customize  the  rule  name  as  the  ftpServer.  For  any 

packets  with  its  destination  IP  equaling  to  the WAN1  IP  (61.2.1.1)  and  destination 
port  equaling  to  44444,  ask  MH-5000  to  translate  the  packet

s  destination  IP/port 

into  10.1.1.5/21.  Check  the 

Passive FTP client

  at  this  port  to  maximize  the 

compatibility of the FTP protocol. This is useful if you want to provide connectivity to 
passive FTP clients. For passive FTP clients, the server will return them the private 
IP address and the port number for them to connect back to do data transmissions. 
Since the private IP from them cannot be routed to our zone, the data connections 
would fail. After enabling this feature, the MH-5000 will translate the private IP/port 
into an IP/port of its own. Thus the problem is gracefully solved. 

Summary of Contents for MH-5000

Page 1: ...1 Multi Homing Security Gateway MH 5000 Quick Installation Guide ...

Page 2: ... ____ ____ Subnet Mask ____ ____ ____ ____ Gateway IP ____ ____ ____ ____ Primary DNS ____ ____ ____ ____ Fixed IP Secondary DNS ____ ____ ____ ____ PPPoE Username ____ ____ ____ ____ PPPoE PPPoE Password ____ ____ ____ ____ WAN1 Port 1 DHCP Not initialized IP Address ____ ____ ____ ____ Subnet Mask ____ ____ ____ ____ Gateway IP ____ ____ ____ ____ Primary DNS ____ ____ ____ ____ Fixed IP Seconda...

Page 3: ...spection Firewall NAT VPN Intrusion Detection System Dynamic Routing Content Filtering Bandwidth Management WAN load balancer Anti Virus and Anti Spam in a single box It also features high performance accelerator and wire speed VPN encryption decryption It is the most cost effective solution for enterprise Figure 1 MH 5000 default topology and port value settings ...

Page 4: ...ndicate proper operation B Using an Ethernet cable insert one end of the cable to the WAN port on the front panel of the MH 5000 and the other end of the cable to a DSL Cable modem or other internet access devices C Computers with an Ethernet adapter can be directly connected to any of the LAN ports using a cross over Ethernet cable D Computers that act as servers to provide Internet services shou...

Page 5: ...ddress between 192 168 1 1 and 192 168 1 253 with a subnet mask of 255 255 255 0 to be able to connect to the MH 5000 This address range can be changed later There are instructions in the MH 5000 User s Guide if you do not know how to set the IP address and subnet mask for your computer Step 1 Login Type admin in the account field admin in the Password field and click Login Step 2 Run Setup Wizard...

Page 6: ... access the Internet Here we have four types to select This will determine how the IP address of WAN1 is obtained Click Next to proceed BASIC SETUP Wizard Next Step 4 a DHCP client If DHCP is selected MH 5000 will request for IP address netmask and DNS servers from your ISP You can use your preferred DNS by clicking the DNS IP Address and then completing the Primary DNS and Secondary DNS server IP...

Page 7: ...E client If PPP over Ethernet is selected enter the ISP given User Name Password and the optional Service Name Click Next to proceed BASIC SETUP Wizard Next PPPoE Step 4 d Alert Message Please Note that an alert message box When changing to none fixed ip mode system will delete all ip alias will appear while you change Get IP Automatically DHCP or PPP over Ethernet but not Fixed IP Address as your...

Page 8: ...we select Fixed IP method in WAN1 port Then the MH 5000 provides a short summary of the system Please check if anything mentioned above is properly set into the system Click Finish to close the wizard BASIC SETUP Wizard Next Next ...

Page 9: ...ust have the configuration information applied before going on to the next page WAN Settings The WAN Settings page allows you to modify the protocol that the MH 5000 will use to connect to your ISP and obtain the necessary network address information The usage of these pages is essentially the same as those introduced in the wizard pages The ISP Settings page allows you to modify the way that the ...

Page 10: ...will never change choose this option When this option is chosen the following fields appear to allow you to enter the network address information The example shows that the ISP assigns an IP 61 2 1 1 a netmask 255 255 255 248 a default gateway 61 2 1 6 and DNS 168 95 1 1 ...

Page 11: ...nk is enabled All the packets sent out from MH 5000 will be via this port Get DNS Automaticaslly or DNS IP Address Get DNS Automatically à Get DNS related information from DHCP Server DNS IP Address à manually specify these Primary and Secondary DNS Server information Routing Protocol Determine to enable the dynamic routing protocol to receive RIP message to send out the RIP message if the RIP mes...

Page 12: ...the packets sent out from MH 5000 will be via this port Service Name ISP vendor Optional User Name The user name of PPPoE account Password The password of PPPoE account Get DNS Automatically DNS IP Address Get DNS Automatically à Get DNS related information from PPPoE ISP DNS IP Address à manually specify these Primary and Secondary DNS Server information PPP over Ethernet Disconnect button Throug...

Page 13: ... s IP address above The default is 255 255 255 0 The IP address assigned to the MH 5000 here must be on the same subnet be within the same IP address range specified on the DHCP Servers The DHCP Server fields allow you to configure the MH 5000 to be a DHCP Server on your LAN The MH 5000 can then automatically assign IP addresses subnet masks default gateway and DNS server addresses to computers on...

Page 14: ...the DHCP IP address 1 253 Primary DNS Server Specify the Primary DNS Server IP address of the DHCP information IPv4 format Secondary DNS Server Specify the Secondary DNS Server IP address of the DHCP information IPv4 format Lease time sec Specify DHCP information lease time greater than 0 Routing Protocol Determine to enable the dynamic routing protocol RIP to receive RIP message to send out RIP m...

Page 15: ... address above The default is 255 255 255 0 The IP address assigned to the MH 5000 here must be on the same subnet be within the same IP address range specified on the DHCP Servers The DHCP Server fields allow you to configure the MH 5000 to be a DHCP Server on your DMZ The MH 5000 can then automatically assign IP addresses subnet masks default gateway and DNS server addresses to computers on your...

Page 16: ...the DHCP IP address 1 253 Primary DNS Server Specify the Primary DNS Server IP address of the DHCP information IPv4 format Secondary DNS Server Specify the Secondary DNS Server IP address of the DHCP information IPv4 format Lease time sec Specify DHCP information lease time greater than 0 Routing Protocol Determine to enable the dynamic routing protocol RIP to receive RIP message to send out RIP m...

Page 17: ...e packets to the real server 10 1 1 5 And you can announce to the internet users that the ftp server ip port is 61 2 1 1 44444 So all of the internet users can connect the 61 2 1 1 44444 to get ftp service An example virtual server Customize the rule name as the ftpServer For any packets with its destination IP equaling to the WAN1 IP 61 2 1 1 and destination port equaling to 44444 ask MH 5000 to ...

Page 18: ...tatus Rule name The Virtual Server rule name Sessions from Internet connecting to Which interface does the connected session come from External IP The public IP address of the Virtual Server Service TCP or UDP protocol Type Port is Single or Range Dest Port The port number in the internet Condition Passive FTP client If the Passive FTP client is checked it will connect to the internal DMZ FTP serv...

Page 19: ...d dest port The port number which is actually transferred to the internal DMZ Auto update to Firewall rules when you Apply this page If you checked this it will add a Firewall rule automatically when you add a virtual server rule Action Auto update to NAT rules when you Apply this page If you checked this it will add a NAT rule automatically when you add a virtual server rule ...

Reviews: