manualshive.com logo in svg

Contemporary Controls CTRLink EIAR-10T, Руководство пользователя, Страница: 46 / 78

Поделиться
Скачать
Contemporary Controls CTRLink EIAR-10T Скачать руководство пользователя страница 46

 

Configuration

 

 

4-44

Host filter 

 

Certain computers may be granted access specifically to other networks 
(white list) or else, conversely, it is possible to prohibit some computers 
access to other networks (black list). In this case, the packet filter will 
merely pass packets of the specified computers or else it will block 
precisely these.  

If no computer is to be prohibited communication via the router, define 
an empty black list. This is also the default configuration. 

4.3.1.11

 

Menu option "Firewall - Trusted Nets" 

 

By using this configuration menu, the disabling of routing for certain 
ports (see below) and the black/white list can be disabled for certain 
networks. Here you can specify subnets which are trusted.  

A typical example is the routing of NetBios ports (Windows enables) 
between two LANs which are assigned data via two network cards of 
the Linux fli4l router. In this case, all trusted networks must be specified. 

In this conjunction, contrary to the masked or routed networks, all 
networks must be specified between which packets are to be 
forwarded. Therefore, at least two networks must be specified to ensure 
that correct firewall rules can be generated. 

Содержание CTRLink EIAR-10T

Страница 1: ...CTRLink Router EIAR 10T Internet Access Router Contemporary Controls GmbH Fuggerstra e 1 B 04158 Leipzig Tel 341 520359 0 Fax 341 520359 16 Version 2 4 1 Oktober 2005...

Страница 2: ...ecked the content of this manual for conformity with the hardware and software described Nevertheless because deviations cannot be ruled out we cannot accept any liability for complete conformity The...

Страница 3: ...sposal 1 8 1 10 Liability 1 9 2 Use as Prescribed 2 10 2 1 Range of application 2 10 3 Description of Functions 3 11 3 1 General Description of Functions 3 11 3 2 Functioning of Dial on Demand 3 11 3...

Страница 4: ...39 4 3 1 7 Menu option Logging 4 40 4 3 1 8 Menu option Firewall 4 42 4 3 1 9 Menu option Firewall Masquerading 4 43 4 3 1 10 Menu option Firewall Routing 4 43 4 3 1 11 Menu option Firewall Trusted Ne...

Страница 5: ...1 2 Top hat rail 5 65 5 1 3 Swirl mounting 5 66 5 2 Installation notes 5 67 5 2 1 Mounting the router on the top hat rail 5 67 5 2 2 Functional earthing of the Internet Access Router 5 67 5 3 Installa...

Страница 6: ...Contents 4 7 Standards and Certifications 7 74 7 1 Harmonised standards 7 74 7 2 Certification to DIN EN ISO 9001 7 74 7 3 Approbations 7 74 7 4 CE marking 7 74 8 Symbols Used 8 75...

Страница 7: ...is used to draw your attention to an important recommendation to be observed 1 3 Hazards resulting from use other than as described Use other than as prescribed may result in personal injuries to the...

Страница 8: ...er It must only be started up by an electrical expert Service and maintenance as well as troubleshooting must only be carried out by qualified expert personnel 1 5 1 Operator The operator is an instru...

Страница 9: ...fuse is installed in the incoming supply feeder For operation of the Internet Access Router please refer to the information provided in Chapter 6 Technical Data 1 7 Safety regulations The Internet Ac...

Страница 10: ...ective covering and safety devices immediately after completion of service and maintenance work and check their functioning Spare parts The use of inappropriate spare parts may result in loss of life...

Страница 11: ...notices and instructions contained in this Instruction Manual Use other than prescribed exclusion of liability Contemporary Controls will not be liable for damage resulting from use or application of...

Страница 12: ...network can be controlled via IP based services Telnet SSH Any errors in configuring in the execution of any work or operations as well as inadvertent false operation may impair the proper functionin...

Страница 13: ...onnection the router can be monitored and configured Since the router shows a transparent behaviour with such a direct PPP connection the clients working in the Ethernet can be addressed directly and...

Страница 14: ...ternal modem Check whether there are services in your network which put queries to the Internet automatically at cyclic intervals e g Netscape Mail Such queries may result in an undesired connection o...

Страница 15: ...he Internet To address the router using its domain name it is recommended to configure also an appropriate dynamic DNS provider when selecting this function see Section 4 3 1 14 To provide a secure co...

Страница 16: ...POWER connection on the front side of the device Directly after connecting the power the status display of the LEDs may vary only the Power LED must be lit in green The LED will only indicate the stat...

Страница 17: ...E ETHERNET off ERROR red POWER green A check is carried out to see whether the ETHERNET connection can be addressed States of the LEDs ACTIVE MODEM off ACTIVE ETHERNET red ERROR red POWER green All re...

Страница 18: ...2 168 1 x or else the address 192 168 1 100 may already exist The router can be set to any address via a serial connection using a terminal program to allow access via a browser Any further configurat...

Страница 19: ...Example setip 192 168 1 150 255 255 255 0 The change is written to the configuration file of your router and stored permanently using the command save see the following illustration For subnetting a s...

Страница 20: ...l modem cable The relevant procedure is described in Section 4 2 2 Either a standard web browser recommended or an SSH client not recommended can be used for configuring the router 4 1 3 Configuring v...

Страница 21: ...of the router itself Access to the underlying network however is not possible It is also possible however to reload the original default settings if the router is configured not correctly if you pres...

Страница 22: ...use the configuring options via the telephone network or via the serial interface not recommended 4 2 1 1 Windows 2000 To assign a network card one or several IP addresses under Windows2000 administr...

Страница 23: ...255 0 for the subnet mask Then click on OK the result should look as follows The computer you have just configured can now be seen both in the network 192 168 101 0 and in the network 192 168 1 0 It...

Страница 24: ...e and assign your self temporary root rights su Password Type ifconfig to check the status of your network condition ifconfig eth0 lo Select the card you want to assign a second IP address here eth0 a...

Страница 25: ...terface as well as a zero modem cable are required Connect the zero modem cable to the free serial connection on the PC side and to the RS 232 jack labelled External on the router side It is not relev...

Страница 26: ...ion 4 24 Set the role you want to choose for this computer in the next tab to Host Now select the connection to which your zero modem cable is connected Answer the next question with Use connection ex...

Страница 27: ...ttempts to establish a new connection immediately this should first be cancelled To process the connection just established choose Properties from the context menu On the General tab click on the Conf...

Страница 28: ...Configuration 4 26 Now you can establish a connection If you double click on the zero modem connection the following screen should appear...

Страница 29: ...2 3 Configuring via the telephone network Prerequisites You will need a PC on which a Web browser is installed and a modem The PC must be connected to a different telephone connection with a separate...

Страница 30: ...tly to another computer for the type of connection Enter the number of the telephone connection to which the router is connected If you are prompted to specify the availability of the connection choos...

Страница 31: ...configure the modem such that it does not wait for the dialling tone To this end the initialisation command ATX3 must additionally be entered in the tab Advanced settings in the modem configuration in...

Страница 32: ...r is configured incorrectly and no longer boots correctly it is possible to restore the original default settings To do so press ENTER after you have been prompted to do so on the console while the ro...

Страница 33: ...dem or 192 168 7 1 for direct serial line or 192 168 1 100 for Ethernet as the URL The dialog box for you to enter your user name and the password is displayed The default user name is admin and the d...

Страница 34: ...so displayed The dialog language for the menus and help texts can be selected by clicking on the appropriate flag on the home page Currently German and English are supported default language is Englis...

Страница 35: ...for the client For IP addresses any numbers between 1 and 254 are permissible If a higher address is set the router will not be found in the network by the browser In this case either restore the fact...

Страница 36: ...enu is divided into two parts Set local date and local time Configure the time zone rules for daylight saving time Configuring date time Here you must enter the local date and the local time Setting o...

Страница 37: ...General modem settings The menu shown below can be used to make general settings for configuring your modem Configuring the internal modem analogue The menu shown above can be used to configure the sp...

Страница 38: ...and the MSN Multiple Subscriber Number of the internal modem The MSN is the dialling number of the modem connected to a multiple device port Configuring the external modem The configuration depends o...

Страница 39: ...ly upon completion of configuring and with each start If an error occurs during these processes check first the status of your GSM modem If it is already logged in to your provider the PIN will be den...

Страница 40: ...st in your network to be dissolved by the router itself and assign the name the appropriate IP address 4 3 1 5 Menu option SSH Here you can configure the SSH daemon If you want to use the SSH daemon t...

Страница 41: ...er Any changes you make here will only come into effect after restarting the router In other words You may first finish configuring the router without undue problems before you restart the router It i...

Страница 42: ...one network to a log host in a different network To define which status messages are to be forwarded appropriate rules can be defined Each rule specifies the type of service to be logged source the ty...

Страница 43: ...f the user notice Creates status messages with reference to things that are to be handled in a special manner no errors warning Creates status messages that incorporate warnings err Creates status mes...

Страница 44: ...ese subnets are forwarded but not masked Trusted networks Packets exchanged between these subnets are forwarded unobstructed and are not masked This makes sense in particular with reference to the por...

Страница 45: ...hat any network addresses always contain xxx xxx xxx 0 i e always end with zero For each network specified either the appropriate subnet address must also be specified or else the number of bits set i...

Страница 46: ...u option Firewall Trusted Nets By using this configuration menu the disabling of routing for certain ports see below and the black white list can be disabled for certain networks Here you can specify...

Страница 47: ...ion Network Address Translation briefly DNAT Port access The routing via certain IP ports can be prevented For example it makes sense to prohibit the routing for the NETBIOS ports 137 to 139 Thus not...

Страница 48: ...out modem commands For automatic hang up a wait time in seconds can be set in the field Dial out Timeout More than one destination can be defined If more than one destination is defined the function D...

Страница 49: ...supports the following providers FreeDNS http freedns afraid org CJB NET http cjb net Companity http www staticip de DHS International http www dhs org DNS2Go http dns2go deerfield com The Art of DNS...

Страница 50: ...e for dial in It is also possible however that both modems wait for incoming calls simultaneously The difference between dial in and call back is that in dial in the dialling computer establishes a di...

Страница 51: ...N client must be started on the opposite side This can be either also a router see Section 4 3 1 17 or a Linux PC on which the relevant software is installed BSD Solaris http vtun sourceforge net 4 3...

Страница 52: ...ation if the following LEDs are lit in green Power Error and Ethernet To activate a changed country code for the internal modem the router must be disconnected from the mains temporarily warm restart...

Страница 53: ...Save current file Ctrl X then C Quit editor Only the command spiwr will save all settings in the flash of your router If you then reboot the system your changes come into effect A large part of the co...

Страница 54: ...is included in the scope of supply The command setCountry h in the command line indicates all country codes possible setCountry device code will set the modem specified in device to code device must b...

Страница 55: ...ARDERS 145 253 2 11 corresponds to External DNS server of provider company HOST_1_NAME kai first host name of the LIST OF HOSTS FOR DNS HOST_1_IP 192 168 101 44 the IP which is to be assigned to the a...

Страница 56: ..._NETWORK 192 168 6 0 24 192 168 7 0 24 networks to be routed separate by spaces TRUSTED_NETS trusted networks separate by spaces either at least 2 or none FORWARD_HOST_WHITE no host list is white list...

Страница 57: ...rnal modem is to be used for dial out enter here ttyS1 otherwise ttyS2 MODEM_SPEED 115200 speed of the modem MODEM_DIALOUT 0 0192658 number of the Internet provider MODEM_TIMEOUT 200 time of inactivit...

Страница 58: ...n EXT_CALLBACK no Configuring the external modem for call back CAUTION If both dial in and call back are activated the modem will be configured to Dial in EXT_NULLMODEM yes Instead of a modem a zero m...

Страница 59: ...l DNS2GO for DNS2Go DNSART for The Art of DNS DTDNS for DtDNS net DYNACCESS for dynaccess de DYNDNSDK for DynDNS dk DYNDNS for DynDNS org DYNEE for dyn ee DYNEISFAIR for eisfair net FIDOSOFT for fidos...

Страница 60: ...ERVER_1_SERVERIP 192 168 1 254 virtual local IP address of the VPN server VTUND_SERVER_1_CLIENTIP 192 168 2 254 virtual remote IP address of the VPN client VTUND_SERVER_1_CLIENTNETMASK 255 255 255 0 v...

Страница 61: ..._INTERVALL 60 time interval for the logging time marks in minutes SYSLOGD_DEST_N 1 number of logging rules SYSLOGD_DEST_2 192 168 1 123 First logging rule Structure source type targethost Which source...

Страница 62: ...n the supplied CD Putty The following settings are nessesary in the PuTTY in menu Session Host Name or IP address IP Address of the router see chapter Fehler Verweisquelle konnte nicht gefunden werden...

Страница 63: ...tical to those for configuring via the Serial console see Section 4 3 2 After configuration clear the SSH connection using the EXIT command SSH is a telnet like access to a remote computer The only di...

Страница 64: ...outside must always be routed via the router This must be known to all clients Therefore the Ethernet IP address of the router default 192 168 1 100 must be specified as the standard gateway off all c...

Страница 65: ...ard gateway of this computer is also adapted automatically To access the clients in the routers network with their host name the IP address of the DNS server factory default 192 168 1 100 has to be se...

Страница 66: ...is Chapter provides all relevant information on the dimensions of Internet Access Router Top hat rail 5 1 1 Internet Access Router The sketch below shows the dimensions of the Internet Access Router D...

Страница 67: ...To the montage hangs the appliance on the top hat rail at the desired position and locks through pressure to the back Releasing The top hat rail adapter is offered in two variants resulting in the di...

Страница 68: ...e swirls When mounting at top hat rail adapters on the rear of the housing it is imperatives to observe the correct position of the retaining jumps Plastic variant Retaining jumps at the bottom Alumin...

Страница 69: ...Functional earth terminal on the housing of the router and the equipotential bonding of the control cubicle The connection Functional earth serves purely operational functions modem function Make sur...

Страница 70: ...5 4 Storage and storage temperatures The following values apply for storage Storage temperature 20 to 60 C Humidity 30 to 95 non condensing 5 5 Operating temperature humidity The following values appl...

Страница 71: ...Hardware 5 69 5 6 Status display A total of four LEDs are to be found on the front side of the Internet Access Router to display the current operating condition...

Страница 72: ...iption OFF Not connected Green steady light Ethernet interface active Red steady light Connected but no Ethernet interface found 5 6 3 Display Error LED Description OFF Green steady light The phase of...

Страница 73: ...for the power supply and four interfaces are to be found on the front side of the Internet Access Router 5 7 1 Power supply The router can be powered either with 10 36 V DC or 8 24 V AC The power con...

Страница 74: ...ule possesses an analog modem or an ISDN modem It is connected to the local telephone network via an RJ11 connector 5 7 3 Ethernet interface The device possesses a 10 Mbit Ethernet controller It is co...

Страница 75: ...ections of the power supply Modem Ethernet Plug connectors with self disengaging screw terminals Connector type RJ11 Connector type RJ45 Conductor cross sections of the power supply connections min 0...

Страница 76: ...ssion for residential commercial and light industrial environment EN 61000 6 2 Noise immunity for the industrial environment 7 2 Certification to DIN EN ISO 9001 Contemporary Controls GmbH is certifie...

Страница 77: ...Symbols Used 8 75 8 Symbols Used Connection for the functional earthing Mains transformer d c power supply source Battery emergency power...

Страница 78: ...Notes 8 76...

Отзывы:

Нет отзывов