manualshive.com logo in svg

Metacom MC601, Руководство пользователя, Страница: 22 / 41

Поделиться
Скачать
Metacom MC601 Скачать руководство пользователя страница 22

Metacom MC601 Router

Page 22

User Manual

3.5 Firewall panel

This panel contains all the firewall related settings. The firewall is based on Linux’s netfilter and 
iptables which allows the user to create rules for the packet filtering (both inbound and outbound) 

and NAT modules. The firewall is a stateful firewall which allows connection tracking. In the current 
version the LAN ports are both deemed to be trusted meaning that any traffic originating from them 

may pass to and through the router. This might change in future versions. 

3.5.1 Firewall status

Firewall status

Current state of the firewall: Disabled or Enabled

Firewall Active        

Setting this will enable the firewall the next time the service is restarted.

Default masquerading rule

Only available from version l2tp-20080218-2205.

If selected a default masquerading rule on ppp0 is executed when the firewall is inactive. On the 
Metacom APN this lets any attached PCs on the Ethernet ports have access to the internet.

Restart the service 

Disables or enables the firewall.

Note:

If the firewall is disabled, there will still be a default firewall in place. This will be the 

following:

o

Only the IPs on the Management panel may connect to the router.

o

A masquerading rule might be added that allows a PC on the LAN port to access the 

internet.

o

Any already established connections are allowed over the WAN interface.

Cellular Continuum Series

Copyright © Metacom (Pty) Ltd

Содержание MC601

Страница 1: ...Router User Manual 6 Ndabeni Business Park Inyoni Avenue Ndabeni 7405 South Africa PO Box 1582 Cape Town 8000 South Africa Telephone 27 0 21 531 9900 Facsimile 27 0 21 531 9901 info metacom co za www...

Страница 2: ...P configuration 18 3 4 5 VPN settings 19 3 4 6 Management 20 3 5 FIREWALL PANEL 22 3 5 1 Firewall status 22 3 5 2 Firewall log 23 3 5 3 Firewall access 24 3 5 4 Firewall rules 26 3 5 5 Firewall NAT 29...

Страница 3: ...Feb 2008 Updated reboot network and firewall status tab l2tp 20080218 2205 1 1 28 Feb 2008 DHCP updated l2tp 20080218 2206 1 2 12 Feb 2009 Firewall updated l2tp 20080218 2216 1 3 Document Name MC601_u...

Страница 4: ...ession of any copy of the Product or Product Update to another party 1 2 A Product Update replaces part or all of a Product Update previously licensed Use of a Product Update terminates the license to...

Страница 5: ...However except as specifically stated above METACOM MAKES NO WARRANTY OR PRESENTATION EITHER EXPRESSED OR IMPLIED INCLUDING WARRANTIES OF MERCHANTIBILITY OR FITNESS FOR PARTICULAR PURPOSE WITH RESPECT...

Страница 6: ...onfigured on a virtual private network VPN This will give the users a secure tunnel over which data can be transmitted The router can be configured and interrogated remotely via a web front end The MC...

Страница 7: ...ing the router is done either over the WAN or the LAN via the web front end on the device 3 1 Getting an IP To access the router over the WAN you will need to be on the same GPRS network via an APN Th...

Страница 8: ...This will bring up the following login dialog The default username and password is admin Please use the correct case Please try connecting to the device again if invalid login details have been suppl...

Страница 9: ...is updated via the time server E g Wed 30 Jan 2008 11 28 31 0200 System Uptime The number of days and hours that the device has been up without being rebooted e g 21 39 WAN Status The status of the GP...

Страница 10: ...ter login the following page is displayed 3 3 1 Administration user Admin User Name Admin User Password These specify the login parameters when accessing this administration front end Save Stores the...

Страница 11: ...vice E g gprs datalinx co za Time Server IP address of the NTP server on the network The NTP server is accessed every hour to update the time on the router E g 196 25 1 1 Time Zone The timezone takes...

Страница 12: ...3 3 3 Reboot system Reboot Reboots the router You will then need to connect to the device again It is advisable to reboot the router if major changes have been done E g changing the LAN IPs Cellular C...

Страница 13: ...only be enabled if this checkbox is selected Primary DNS Server Primary DNS server on the WAN E g 209 212 96 1 Secondary DNS Server Backup DNS server on the WAN E g 209 212 97 1 Restart the service I...

Страница 14: ...might have to be changed as well LAN1 and LAN2 must be 2 totally separated networks Please try not to use the following IP address ranges as they could clash with the WAN VPN IP addresses 10 3 0 0 16...

Страница 15: ...the client beyond the expiry of the lease period it will put that address back in the pool ready to be re used Start Address The last octet in the LAN1 IP address that is used as the first IP in the D...

Страница 16: ...red on the Metacom APNs Primary APN username APN username for SIM1 which is ignored on the Metacom APN Primary APN password APN password for SIM1 which is ignored on the Metacom APN Secondary APN The...

Страница 17: ...service if selected Reset Reverts the settings back to their original values Note If you are attached remotely to the device then you must make sure that one of the SIM cards can always get onto the A...

Страница 18: ...anagement Information base MIB that can be accessed and contains the properties of this device E g public System Contact Administrator email address Restart the service Restarts the SNMP service Save...

Страница 19: ...sable the VPN At least one VPN server must have been configured Primary VPN Server This router normally connects to this VPN server Primary VPN User Name Username to connect to the primary VPN server...

Страница 20: ...mask used with the previous network address Update server IP Address IP of the server from which software updates are downloaded Heartbeat server IP Address Every hour this device sends the serial nu...

Страница 21: ...le to access the device you need to leave the 209 212 98 162 29 as the backup management network The update server address should also be left untouched if you wish to receive software updates for the...

Страница 22: ...or Enabled Firewall Active Setting this will enable the firewall the next time the service is restarted Default masquerading rule Only available from version l2tp 20080218 2205 If selected a default m...

Страница 23: ...om the WAN are the only ones to be stored and listed Traffic between the LAN ports is not logged E g sample log data Jan 31 06 17 31 MC60100576 user debug kernel fw_Dropped IN IN ppp0 OUT MAC SRC 65 5...

Страница 24: ...IP on WAN interface E g 207 46 19 254 Protocol The protocol to which this rule applies to i e all tcp udp Dest port Destination port on the router Action Action to take if this rule matches i e ACCEP...

Страница 25: ...ing the firewall Note The order of the rules is important as they are applied in the same order that they are displayed This panel will be replaced in future version by a firewall management list cont...

Страница 26: ...e all tcp udp Router port Listening port on the router Dest port Listening port on destination LAN Action Action to take if this rule matches i e ACCEPT or DROP the packet Interface 1 This field is us...

Страница 27: ...ess Set up management access backup Set up primary VPN access Set up backup VPN access Set up DNS primary server access Set up DNS backup server access Set up NTP access Set up radius access Setting u...

Страница 28: ...direction may not be Internally eth0 eth1 or eth0 eth0 will generate a forward rule between the interfaces using protocol IPs and destination port New connections should be allowed if the destination...

Страница 29: ...ginating network IP e g 192 168 2 0 24 Outgoing interface Interface where the traffic will leave the firewall It can either be eth0 LAN1 eth1 LAN2 ppp0 GPRS and ppp1 VPN Usually you specify ppp0 as th...

Страница 30: ...LAN2 ppp0 GPRS ppp1 VPN or all interfaces Dest IP Destination IP on internal network E g 192 168 2 0 Protocol The protocol to which this rule applies to i e all tcp udp Dest port Listening port on des...

Страница 31: ...urrently committed NAT rules Please make sure you have committed them before restarting the firewall Note If there are errors in one of the rules the rule number will be displayed in the output i e In...

Страница 32: ...P address see Network configuration tab Broadcast Broadcast IP for this network Net Mask Network mask as configured on the Network configuration tab MTU Maximum transmission unit This is the maximum n...

Страница 33: ...on zero then the router might be too far from the tower and communication with the router could become slow Cells Lists the neighbouring tower information with the active one on top Cell tower id in h...

Страница 34: ...0 0 0 0 for the default route Flags Possible flags U route is up H target is a host G use gateway R reinstate route for dynamic routing D dynamically installed by daemon or redirect M modified from ro...

Страница 35: ...these should always be reachable This basic test will show whether the router is on the GPRS network and can send and accept ICMP packets jh rad 1 datalinx co za jp rad 1 datalinx co za Select a radiu...

Страница 36: ...y connected users to the router Local address LAN address of the router Foreign address Your IP address and source port 3 6 6 System load This page displays the average number of jobs in the Linux run...

Страница 37: ...dress to a physical machine address that is recognized in the local network The ARP table will only contain entries from the LAN1 or LAN2 networks IP address IP address on the LAN HW address The MAC a...

Страница 38: ...2 x Serial Ports Dual Network Connectivity for ultra reliability SMA Antenna Connector Hardware Watchdog GPRS EDGE specification Quad Band o Class 4 2W for EGSM850 o Class 4 2W for EGSM900 o Class 1 1...

Страница 39: ...3 seconds Registered on GSM network o Double flash every 3 seconds Registered on GPRS EDGE Status Orange Red o On if WAN interface is up Transmit Green o Application specific Receive Green o Applicat...

Страница 40: ...vated use LAN1 PC not on the same network as the router start DHCP server on the router or use static IP settings Symptom Router cannot be accessed via the GPRS virtual IP address Causes Router is not...

Страница 41: ...Emitting Diode MSISDN Mobile Station Integrated Services Digital Network SIM Subscriber Identity Module SMS Short Message Service VPN Virtual Private Network LAN Local area network WAN Wide area netwo...

Отзывы:

Нет отзывов