ParkerVision Horizons 1500WR Скачать руководство пользователя

Страница: 81 / 106

Horizons 1500WR Wireless 4-Port Router

ParkerVision

Chapter 11

Introduction to Firewalls

This chapter gives some background information on firewalls and introduces the 1500WR Wireless

Router firewall.

11.1 Firewall Overview

Originally, the term Firewall referred to a construction technique designed to prevent the spread of

fire from one room to another. The networking term “firewall” is a system or group of systems that

enforces an access-control policy between two networks. It may also be defined as a mechanism

used to protect a trusted network from an untrusted network. Of course, firewalls cannot solve every

security problem. A firewall is one of the mechanisms used to establish a network security perimeter in

support of a network security policy. It should never be the only mechanism or method employed. For

a firewall to guard effectively, you must design and deploy it appropriately. This requires integrating

the firewall into a broad information-security policy. In addition, specific policies must be implemented

within the firewall itself.

11.2 Types of Firewalls

There are three main types of firewalls:

1. Packet Filtering Firewalls

2. Application-level Firewalls

3. Stateful Inspection Firewalls

11.2.1 Packet Filtering Firewalls

Packet filtering firewalls restrict access based on the source/destination computer network address

of a packet and the type of application.

11.2.2 Application-level Firewalls

Application-level firewalls restrict access by serving as proxies for external servers. Since they use

programs written for specific Internet services, such as HTTP, FTP and telnet, they can evaluate

network packets for valid application-specific data. Application-level gateways have a number of

general advantages over the default mode of permitting application traffic directly to internal hosts:
i. Information hiding prevents the names of internal systems from being made known via DNS to

outside systems, since the application gateway is the only host whose name must be made known to

outside systems.

ii. Robust authentication and logging pre-authenticates application traffic before it reaches internal

hosts and causes it to be logged more effectively than if it were logged with standard host logging.

Filtering rules at the packet filtering router can be less complex than they would be if the router needed

to filter application traffic and direct it to a number of specific systems. The router need only allow

application traffic destined for the application gateway and reject the rest.

Содержание Horizons 1500WR

Страница 1: ...Horizons Model 1500WR Wireless 4 Port Router User s Guide www direct2data com REVISION 1 VERSION 030104A DATE March 2004 PRELIMINARY ...

Страница 2: ... not used in accordance with the instructions may cause harmful interference to radio communications If this equipment does cause harmful interference to radio television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one of more of the following measures Reorient or relocate the receiving antenna Increase the sepa...

Страница 3: ...for any expenses you may incur This Guarantee is void if failure of the Hardware Device results from any accident abuse or misapplication Any replacement Hardware Device shall be guaranteed for the remainder of the original Guarantee period or thirty 30 days whichever is longer Direct2Data Technologies shall not be liable for any loss or damage that you could have reasonably avoided for example by...

Страница 4: ...uarantee is only made to you the first user of the Hardware Device and there are no third party beneficiaries of this Guarantee It is not intended for and does not apply to anyone else except as required by law GOVERNING LAW If you acquired the Hardware Device in the United States of America the laws of the State of Florida U S A apply to this agreement QUESTIONS Should you have any questions conc...

Страница 5: ...ws XP Information 13 Chapter 3 ParkerVision Horizons 1500WR Wireless Router Hardware Installation 15 3 1 System Requirements 15 3 2 Installing the Horizons 1500WR Wireless Router 15 PART II ADVANCED MANAGEMENT 17 Chapter 4 D2D Horizons Management Utility 18 4 1 Configuration 18 4 2 Using the D2D Horizons Management Utility 19 4 3 Available Connections Section 20 4 4 Current Connection Selection 21...

Страница 6: ...hat may block the radio signal A wireless network adapter that tests outdoors at 200 feet could in an indoor environment provide 20 feet in one direction and as little as 5 or 10 feet in another direction Factors such as building materials floor plans and furnishings can greatly impact the signal range quality and rate of data transmission The extent to which your signal is affected varies greatly...

Страница 7: ...0WR Wireless 4 Port Router 7 ParkerVision The following chapters are structured as a step by step guide to help you connect install and setup your ParkerVision Horizons 1500WR Wireless Router Part I Getting Started ...

Страница 8: ...to the LAN ports on you 1500WR Wireless Router without the cost of a hub 10 100M Auto negotiating Ethernet Fast Ethernet Interface This auto negotiating feature allows the 1500WR Wireless Router to detect the speed of incoming transmissions and adjust appropriately without manual intervention It allows data transfer of either 10 Mbps or 100 Mbps in either half duplex or full duplex mode depending ...

Страница 9: ...ey to encrypt data that s transmitted over an SSL connection Both Netscape Navigator and Internet Explorer support SSL and many web sites use the protocol to obtain confidential user information such as credit card numbers By convention URLs that require an SSL connection start with https instead of http The 1500WR Wireless Router allows SSL connections to take place through the 1500WR Wireless Ro...

Страница 10: ...r the cost of a single IP account NAT supports popular Internet applications such as MS traceroute CuSeeMe IRC RealPlayer VDOLive Quake and PPTP No configuration is needed to support these applications DHCP Dynamic Host Configuration Protocol DHCP Dynamic Host Configuration Protocol allows the individual clients computers to obtain the TCP IP configuration at start up from a centralized DHCP serve...

Страница 11: ... connection Logging and Tracing Built in message logging and packet tracing Unix syslog facility support Diagnostics Capabilities The 1500WR Wireless Router can perform self diagnostic tests These tests check the integrity of the following circuitry FLASH memory DRAM LAN port Wireless port Embedded FTP and TFTP Servers The 1500WR Wireless Router s embedded FTP and TFTP servers enable fast firmware...

Страница 12: ...ter Here is an application example of what you can do with your 1500WR Wireless Router 1 3 1 Internet Access Application Add a wireless LAN to your existing network without expensive network cables Wireless stations can move freely anywhere in the coverage area and use resources on the wired network ...

Страница 13: ...s are explained in detail in later chapters of this manual 1 4 2 Box Contents The box your 1500WR came in should contain the following items 1500WR Wireless Router Unit Two Antennas One AC Power Adapter Printed Quick Start Guide CD ROM containing the electronic version of this manual 1 4 3 What You Will Need to Install and Setup the 1500WR It is possible to setup the 1500WR using an existing Wi Fi...

Страница 14: ...ctrical outlet Your Cable or DSL modem s Ethernet cable plugged into the Internet In port as shown above An Ethernet cable plugged into the router port 1 as shown above and the other end of this cable plugged into your computer s Ethernet port Now Proceed to the Next Page to Begin Setting Up Your 1500WR Plug the AC Adapter into this port Plug your computer s Ethernet cable into Port 1 The remainin...

Страница 15: ...r 1500WR Wireless Router hardware is properly connected refer to the Chapter 1 of this manual Step 2 Prepare your computer to connect to the 1500WR Wireless Router refer to the Setting Up Your Computer s IP Address appendix Step 3 Launch your web browser Step 4 Type http 192 168 1 1 as the URL Address field Step 5 Type 1234 default as the password and click Login In some versions the default passw...

Страница 16: ...the SYS LED begins to blink the defaults have been restored and the 1500WR Wireless Router restarts Otherwise go to step 2 Step 2 Turn the 1500WR Wireless Router off Step 3 While pressing the RESET button turn the 1500WR Wireless Router on Step 4 Continue to hold the RESET button The SYS LED will begin to blink and flicker very quickly after about 10 or 15 seconds This indicates that the defaults ...

Страница 17: ...ter successful firmware upload enter atgo to restart the 1500WR Wireless Router 2 4 Navigating the 1500WR Wireless Router Web Web Configuration Utility The following summarizes how to navigate the web Web Configuration Utility from the MAIN MENU screen Follow the instructions you see in the MAIN MENU screen or click the IBs icon located in the top right corner of most screens to view online help ...

Страница 18: ...ve channels away from a channel that an adjacent AP is using For example if your region has 11 channels and an adjacent AP is using channel 1 then you need to select a channel between 6 or 11 The 1500WR Wireless Router s Scan function is especially designed to automatically scan for a channel with the least interference 3 1 2 ESS ID An Extended Service Set ESS is a group of Wireless Routers or wir...

Страница 19: ...te the entry for the Computer name field and enter it as the System Name In Windows XP click Start My Computer View system information and then click the Computer Name tab Note the entry in the Full computer name field and enter it as the 1500WR Wireless Router System Name This name can be up to 30 alphanumeric characters long Spaces are not allowed but dashes and underscores _ are accepted Domain...

Страница 20: ...nd select a channel with the least interference WEP Encryption Select Disable allows all wireless computers to communicate with the Wireless Routers without any data encryption Select 64 bit WEP or 128 bit WEP to allow data encryption ASCII Select this option in order to enter ASCII characters as the WEP keys HEX Select this option to enter hexadecimal characters as the WEP keys The preceding Ox i...

Страница 21: ...ccess Encapsulation You must choose the Ethernet option when the WAN port is used as a regular Ethernet Otherwise choose PPPoE or PPTP for a dial up connection Service Type Select from Standard RR Toshiba RoadRunner Toshiba authentication method RR Manager Roadrunner Manager authentication method RR Telstra or Telia Login Choose a Roadrunner service type if your ISP is Time Warner s Roadrunner oth...

Страница 22: ...ver logs the 1500WR Wireless Router out if the 1500WR Wireless Router does not log in periodically Type the number of minutes from 1 to 59 30 recommended for the 1500WR Wireless Router to wait between logins This field is not available on all models Next Click Next to proceed to the next page Back Click Back to go back to the previous page 3 4 2 PPTP Encapsulation Point to Point Tunneling Protocol...

Страница 23: ...net Engineering Task Force draft standard specifying how a host personal computer interacts with a broadband modem for example xDSL cable wireless etc to achieve access to high speed data networks It preserves the existing Microsoft Dial Up Networking experience and requires no new learning or procedures For the service provider PPPoE offers an access and authentication method that works with exis...

Страница 24: ...E forms a dial up connection Service Name Type the name of your service provider User Name Type the user name given to you by your ISP Password Type the password associated with the user name above Nailed Up Connection Select Nailed Up Connection if you do not want the connection to time out Idle Timeout Type the time in seconds that elapses before the 1500WR Wireless Router automatically disconne...

Страница 25: ... do computers on a LAN share one common network number Where you obtain your network number depends on your particular situation If the ISP or your network administrator assigns you a block of registered IP ad dresses follow their instructions in selecting the IP addresses and the subnet mask If the ISP did not explicitly give you an IP network number then most likely you have a single user accoun...

Страница 26: ...ccess Control address The MAC address is as signed at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C5 00 00 02 You can configure the WAN port s MAC address by either using the factory default or cloning the MAC address from a workstation on your LAN Once it is successfully configured the address will be copied to the rom file ZyNOS configuration file It will no...

Страница 27: ... ISP does not give you DNS server addresses This option is selected by default Use fixed IP address DNS Server IP Address Select this option If your ISP provides you a DNS server address Primary Secondary DNS Server If you selected the Use fixed IP address Primary Secondary DNS Server option enter the provided DNS addresses in these fields WAN MAC Address The MAC address field allows you to config...

Страница 28: ...ck Finish to complete and save the wizard setup If you are currently using a wireless LAN adapter to access this Horizons Router Wireless Router and you made changes to the ESSID then you will need to make the same changed to your wireless LAN adapter after you click the Finish button ...

Страница 29: ...Horizons 1500WR Wireless 4 Port Router 29 ParkerVision This part discusses the System LAN and Wireless Setup Screens Part II System LAN and Wireless ...

Страница 30: ...tion on the System screens 4 1 System Overview This section provides information on general system setup 4 2 Configuring General Setup Click ADVANCED and then SYSTEM to open the General screen The table on the next page describes the labels in the above screen Chapter 4 System Screens ...

Страница 31: ...leave the IP address set to 0 0 0 0 User Defined changes to None after you click Apply If you set a second choice to User Defined and enter the same IP address the second User Defined changes to None after you click Apply Select None if you do not want to configure DNS servers If you do not configure a DNS server you must know the IP address of a machine in order to access it Apply Click Apply to ...

Страница 32: ...Password Type the password assigned to you Enable Wildcard Your Horizons supports DYNDNS wildcard Select the check box to enable Off Line This option is available when CustomDNS is selected in the DDNS Type field Check with your dynamic DNS service provider to have traffic redirected to a URL that you can specify while you are off line Edit Update IP Address Server Auto Detect Select this option t...

Страница 33: ...on file via console port See the Resetting the Wireless Router section for details The following table describes the labels in this screen LABEL DESCRIPTION Old Password Type in your existing system password 1234 is the default password New Password Type your new system password up to 31 characters Note that as you type a password the screen displays an asterisk for each character you type Retype ...

Страница 34: ...zons Router Each time you reload this page the Horizons Router synchronizes the time with the time server New Time hh mm ss This field displays the last updated time from the time server When you select None in the Time Protocol field enter the new time in this field and then click Apply Current Date yyyy mm dd This field displays the date of your Horizons Router Each time you reload this page the...

Страница 35: ...tup chapter for the background information about Primary and Secondary DNS Server and IP Address and Subnet Mask 5 2 LANs and WANs A LAN is a computer network limited to the immediate area usually the same building or floor of a building A WAN Wide Area Network on the other hand is an outside connection to another net work or the Internet 5 2 1 LANs WANs and the 1500WR Wireless Router The actual p...

Страница 36: ...ty help regarding what fields need to be configured 5 5 RIP Setup RIP Routing Information Protocol RFC 1058 and RFC 1389 allows a router to exchange routing information with other routers RIP Direction controls the sending and receiving of RIP packets When set to 1 Both the 1500WR Wireless Router will broadcast its routing table periodically and incorporate the RIP information that it receives 2 I...

Страница 37: ...ge 224 0 0 0 to 239 255 255 255 The address 224 0 0 0 is not assigned to any group and is used by IP multicast comput ers The address 224 0 0 1 is used for query messages and is assigned to the permanent group of all IP hosts including gateways All hosts must join the 224 0 0 1 group in order to participate in IGMP The address 224 0 0 2 is assigned to the multicast routers group The 1500WR Wireles...

Страница 38: ...R Wireless Router s LAN IP address displays in the field to the right read only The 1500WR Wireless Router tells the DHCP clients on the LAN that the 1500WR Wireless Router itself is the DNS server When a computer on the LAN sends a DNS query to the 1500WR Wireless Router the 1500WR Wireless Router forwards the query to the 1500WR Wireless Router s system DNS server configured in the SYSTEM Genera...

Страница 39: ...rs within range of each other that from an independent wireless network without the need of an Wireless Router AP 6 1 2 BSS A Basic Service Set BSS exists when all communications between wireless stations or between a wireless station and a wired network client go through one Wireless Router AP Intra BSS traffic is traffic between wireless stations in the BSS When Intra BSS is enabled wireless sta...

Страница 40: ... each containing an Wireless Router with each Wireless Router connected together by a wired network This wired connection between APs is called a Distribution System DS An ESSID ESS IDentification uniquely identifies each ESS All Wireless Routers and their associated wireless stations within the same ESS must have the same ESSID in order to communicate ...

Страница 41: ...fore an RTS Request To Send CTS Clear to Send handshake is invoked When a data frame exceeds the RTS CTS value you set between 0 to 2432 bytes the station that wants to transmit this frame must first send an RTS Request To Send message to the AP for permission to send it The AP then responds with a CTS Clear to Send message to all other stations within its range to notify them to defer their trans...

Страница 42: ... Threshold value is smaller than the RTS CTS value see previously you set then the RTS Request To Send CTS Clear to Send handshake will never occur as data frames will be fragmented before they reach RTS CTS size 6 3 Configuring Wireless If you are configuring the 1500WR Wireless Router from a computer connected to the wireless LAN and you change the 1500WR Wireless Router s ESSID or WEP settings ...

Страница 43: ...obtain the ESSID through passive scanning using a site survey tool Choose Channel ID Set the operating frequency channel depending on your particular region To manually set the 1500WR Wireless Router to use a channel select a channel from the drop down list box Click MAINTENANCE WIRELESS and then the Channel Usage tab to open the Channel Usage screen to make sure the channel is not already used by...

Страница 44: ...nge It requires interaction with a RADIUS Remote Authentication Dial In User Service server either on the WAN or your LAN to provide authentication service for wireless stations IMPORTANT If you do not enable any wireless security on your 1500WR Wireless Router your network is accessible to any wireless networking device that is within range 7 2 WEP Overview WEP Wired Equivalent Privacy as specifi...

Страница 45: ...age procedure A wireless station sends a shared key authentication request to the AP which will then reply with a challenge text message The wireless station must then use the AP s default WEP key to encrypt the challenge text and return it to the AP which attempts to decrypt the message using the AP s default WEP key If the decrypted message matches the challenge text the wireless station is auth...

Страница 46: ...tion field Select Auto Open System or Shared Key from the drop down list box ASCII Select this option in order to enter ASCII characters as the WEP keys Hex Select this option in order to enter hexadecimal characters as the WEP keys The preceding Ox that identifies a hexadecimal key is entered automatically Key 1 to Key 4 The WEP keys are used to encrypt data Both the 1500WR Wireless Router and th...

Страница 47: ...ed Output Power Set the output power of the 1500WR Wireless Router in this field If there is a high density of APs within an area decrease the output power of the 1500WR Wireless Router to reduce interference with other APs The options are 11dBm 50mW 13dBm 32mW 15dBm 20mW or 17dBm 12 6mW Apply Click Apply to save your changes back to the 1500WR Wireless Router Reset Click Reset to reload the previ...

Страница 48: ...ck access to the 1500WR Wireless Router MAC addresses not listed will be allowed to access the 1500WR Wireless Router Select Allow Association to permit access to the 1500WR Wireless Router MAC addresses not listed will be denied access to the 1500WR Wireless Router MAC Address Enter the MAC addresses in XX XX XX XX XX XX format of the wireless station that are allowed or denied access to the 1500...

Страница 49: ... The Wireless Router sends a proper response from the user and then sends another Access Request message The following types of RADIUS messages are exchanged between the Wireless Router and the RADIUS server for user accounting Accounting Request Sent by the Wireless Router requesting accounting Accounting Response Sent by the RADIUS server to indicate that it has started or stopped accounting In ...

Страница 50: ...and determines whether or not to authenticate the wireless station 7 7 Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server This key expires when the wireless connection times out disconnects or reauthentication times out A new WEP key is generated each time reauthentication is performed If this feature is enabled it is not necessary to configure a default enc...

Страница 51: ...s is the default setting Authentication Required means that all wireless stations have to enter usernames and passwords before access to the wired network is allowed No Access Allowed blocks all wireless stations access to the wired network ReAuthentication Timer in seconds Specify how often wireless stations have to reenter usernames and passwords in order to stay connected This field is activate...

Страница 52: ...the 1500WR Wireless Router then checks the user database on the specified RADIUS server Select RADIUS first then Local to have the 1500WR Wireless Router first check the user database on the specified RADIUS server for a wireless station s username and password If the 1500WR Wireless Router cannot reach the RADIUS server the 1500WR Wireless Router then checks the local user database on the 1500WR ...

Страница 53: ... Database To change your 1500WR Wireless Router s local user database click ADVANCED WIRELESS and then the Local User Database tab The screen appears as shown some of the screen s blank rows are not shown The descriptions for the settings in this screen are described on the next page ...

Страница 54: ... to 31 characters for this user profile Note that as you type a password the screen displays a for each character you type Apply Click Apply to save your changes back to the 1500WR Wireless Router Reset Click Reset to reload the previous configuration for this screen 7 11 Configuring RADIUS Use RADIUS if you want to authenticate wireless users using an external server To specify a RADIUS server cl...

Страница 55: ...r The key must be the same on the external authentication server and your 1500WR Wireless Router The key is not sent over the network Accounting Server Active Select Yes from the drop down list box to enable user accounting through an external authentication server Server IP Address Enter the IP address of the external accounting server in dotted decimal notation Port Number Enter the port number ...

Страница 56: ...Horizons 1500WR Wireless 4 Port Router 56 ParkerVision This part discusses Wide Area Network WAN Setup Screens Part III WAN s Wide Area Networks ...

Страница 57: ...rd Setup chapter for more background information on most fields in the WAN screens Background information on WAN fields not included in the Wizard is described here 8 2 Configuring WAN ISP To change your 1500WR Wireless Router s WAN ISP settings click ADVANCED WAN and then the ISP tab The screen differs by the encapsulation 8 2 1 Ethernet Encapsulation The screen shown next is for Ethernet encapsu...

Страница 58: ...er Toshiba authentication method RR Manager Roadrunner Manager authentication method RR Telstra or Telia Login Choose a Roadrunner service type if your ISP is Time Warner s Roadrunner otherwise choose Standard Apply Click Apply to save your changes back to the 1500WR Wireless Router Reset Click Reset to begin configuring this screen afresh Service Type The screen varies according to the service ty...

Страница 59: ...l find the Roadrunner Server IP address if this field is left blank If it does not then you must enter the authentication server IP address Login Server Telia Login only Type the domain name of the Telia login server for example logini telia com This field is not available on all models Relogin Every min Telia Login only The Telia server logs the 1500WR Wireless Router out if the 1500WR Wireless R...

Страница 60: ...to identify and reach the PPPoE server User Name Type the username given to you by your ISP Password Type the password associated with the user name above Retype to Confirm Type your password again here to ensure that what you entered in the Password field above was what you intended Nailed Up Connection Select Nailed Up Connection if you do not want the connection to time out Idle Timeout Specify...

Страница 61: ...ransfer of data from a remote client to a private server creating a Virtual Private Network VPN using TCP IP based networks PPTP supports on demand multi protocol and virtual private networking over public networks such as the Internet The screen shown below is for PPTP encapsulation The descriptions for the labels in the screen above are shown on the next page ...

Страница 62: ...on to time out Idle Timeout Specify the time in seconds that elapses before the 1500WR Wireless Router automatically disconnects from the PPTP server PPTP Configuration My IP Address Type the static IP address assigned to you by your ISP My IP Subnet Mask Type the subnet mask assigned to you by your ISP if given Server IP Address Type the IP address of the PPTP server Connection ID Name Type your ...

Страница 63: ...less Router s WAN IP settings click ADVANCED WAN and then the IP tab The table on the following page describes the labels in this screen LABEL DESCRIPTION WAN IP Address Assignment Get automatically from ISP option Select this selection if your ISP did not assign you a fixed IP address This is the default ...

Страница 64: ...ubnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical to the host ID Network Address Translation Network Address Translation NAT allows the translation of an Internet protocol address used within one network to a different IP address known within another network SUA Single User Account is a subset of NAT that supports two types of mapping Many to One an...

Страница 65: ...eing that RIP 2B uses subnet broadcasting while RIP 2M uses multicasting Multicasting can reduce the load on non router machines since they generally do not listen to the RIP multicast address and so will not receive the RIP packets However if one router uses multicasting then all routers on your network must use multicasting also By default the RIP Version field is set to RIP 1 Multicast Choose N...

Страница 66: ...N MAC settings click ADVANCED WAN and then the MAC tab The screen appears as shown The MAC address screen allows users to configure the WAN port s MAC address by either using the factory default or cloning the MAC address from a computer on your LAN Choose Factory Default to select the factory assigned default MAC address ...

Страница 67: ...rizons 1500WR Wireless 4 Port Router 67 ParkerVision This part covers the information about SUA NAT and Static Route setup Part IV SUA Single User Account NAT Network Address Translation and STATIC ROUTE ...

Страница 68: ...xample the local address refers to the IP address of a host when the packet is in the local network while the global address refers to the IP address of the host when the same packet is traveling in the WAN side Note that inside outside refers to the location of a host while global local refers to the IP address of a host used in a packet Thus an inside local address ILA is the IP address of an in...

Страница 69: ... servers for Many to One and Many to Many Over load mapping NAT offers the additional benefit of firewall protection With no servers defined your 1500WR Wireless Router filters out all incoming inquiries thus preventing intruders from probing your network For more information on IP address translation refer to RFC 1631 The IP Network Address Translator NAT 9 1 3 How NAT Works Each packet has two a...

Страница 70: ...ontinued 9 1 4 NAT Application The following figure illustrates a possible NAT application where three inside LANs logical LANs us ing IP Alias behind the 1500WR Wireless Router can communicate with three distinct WAN networks More examples follow at the end of this chapter ...

Страница 71: ...e the 1500WR Wireless Router maps the multiple local IP addresses to shared global IP addresses Many One to One In Many One to One mode the 1500WR Wireless Router maps each local IP address to a unique global IP address Server This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world Port numbers do not change for One to One and Many ...

Страница 72: ... address that corresponds to a port or a range of ports Many residential broadband ISP accounts do not allow you to run any server processes such as a Web or FTP server from your location Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location If you are unsure refer to your ISP Default Server IP Address In addition to the serve...

Страница 73: ... Hyper Text Transfer protocol or WWW Web 80 P0P3 Post Office Protocol 110 NNTP Network News Transport Protocol 119 SNMP Simple Network Management Protocol 161 SNMP trap 162 PPTP Point to Point Tunneling Protocol 1723 9 2 2 Configuring Servers Behind SUA Example Let s say you want to assign ports 22 25 to one server port 80 to another and assign a default server IP address of 192 168 1 35 as shown ...

Страница 74: ...ss then all packets received for ports not specified in this screen will be discarded This field displays the number of an individual SUA server entry Active Select this check box to enable the SUA server entry Clear this checkbox to disallow forwarding of these ports to an inside server without having to delete the entry Name Enter a name to identify this port forwarding rule Start Port End Port ...

Страница 75: ... appears as shown The table below describes the setting in the above screen LABEL DESCRIPTION This field displays the index number of the address mapping rule Local Start IP This refers to the Inside Local Address ILA that is the starting local IP address Local IP addresses are N A for Server port mapping Local End IP This is the end local IP address If the rule is for all local IP addresses then ...

Страница 76: ...cal End IP This is the end local IP address ILA If your rule is for all local IP addresses then enter 0 0 0 0 as the Local Start IP address and 255 255 255 255 as the Local End IP address This field is N A for One to One and Server mapping types Global Start IP This is the starting global IP address IGA Enter 0 0 0 0 here if you have a dynamic IP address from your ISP Global End IP This is the end...

Страница 77: ...of the networks beyond For instance the 1500WR Wireless Router knows about network N2 in the following figure through remote node Router 1 However the 1500WR Wireless Router is unable to route a packet to network N3 because it doesn t know that there is a route through the same remote node Router 1 via gateway Router 2 The static routes are for you to tell the 1500WR Wireless Router about the netw...

Страница 78: ...tion Routing is always based on network number Gateway This field displays the IP address of the gateway The gateway is an immediate neighbor of your 1500WR Wireless Router that will forward the packet to the destination On the LAN the gateway must be a router on the same segment as your 1500WR Wireless Router over the WAN the gateway must be the IP address of one of the remote nodes Edit To set u...

Страница 79: ...is an immediate neighbor of your 1500WR Wireless Router that will forward the packet to the destination On the LAN the gateway must be a router on the same segment as your 1500WR Wireless Router over the WAN the gateway must be the IP address of one of the remote nodes Metric Type a number that approximates the cost for this link Metric represents the cost of transmission for routing purposes IP r...

Страница 80: ...er 80 ParkerVision This part introduces firewalls in general and the 1500WR Wireless Router firewall It also explains custom ports and gives example firewall rules and information on Remote Management Part V Firewall and Remote Management ...

Страница 81: ...ation level Firewalls 3 Stateful Inspection Firewalls 11 2 1 Packet Filtering Firewalls Packet filtering firewalls restrict access based on the source destination computer network address of a packet and the type of application 11 2 2 Application level Firewalls Application level firewalls restrict access by serving as proxies for external servers Since they use programs written for specific Inter...

Страница 82: ...ParkerVision s Firewall The 1500WR Wireless Router firewall is a stateful inspection firewall and is designed to protect against Denial of Service attacks when activated in SMT menu 21 2 or in the web Web Configuration Utility The 1500WR Wireless Router s purpose is to allow a private Local Area Network LAN to be securely connected to the Internet The 1500WR Wireless Router can be used to prevent ...

Страница 83: ... a TCP IP implementation 2 Those that exploit weaknesses in the TCP IP specification 3 Brute force attacks that flood a network with useless data 4 IP Spoofing 1 Ping of Death and Teardrop attacks exploit bugs in the TCP IP implementations of various computer and host systems 1 a Ping of Death uses a ping utility to create an IP packet that exceeds the maximum 65 536 bytes of data allowed by the I...

Страница 84: ...In a LAND Attack hackers flood SYN packets into the network with a spoofed source IP address of the targeted system This makes it appear as if the host computer sent the packets to itself making the system unavailable while the target system tries to respond to itself 3 A brute force attack such as a Smurf attack targets a feature in the IP specification known as directed or subnet broadcasting to...

Страница 85: ...ed incorrectly an attacker can traceroute the firewall gaining knowledge of the network topology inside the firewall 4 Often many DoS attacks also employ a technique known as IP Spoofing as part of their attack IP Spoofing may be used to break into systems to hide the hacker s identity or to magnify the effect of the DoS attack IP Spoofing is a technique used to gain unauthorized access to compute...

Страница 86: ...es the response depending on your firewall rules The default rules allow LAN to WAN traffic and deny traffic initiated from WAN to LAN The previous figure shows the 1500WR Wireless Router s default firewall rules in action as well as demonstrates how stateful inspection works User A can initiate a Telnet session from within the LAN and responses to this request are allowed However other Telnet tra...

Страница 87: ...uter WAN to LAN LAN to WAN WAN to WAN 1500WR Wireless Router By default the 1500WR Wireless Router s stateful packet inspection allows packets traveling in the following directions LAN to LAN 1500WR Wireless Router This allows computers on the LAN to manage the 1500WR Wireless Router and communicate between networks or subnets connected to the LAN interface LAN to WAN By default the 1500WR Wireles...

Страница 88: ...Lotus Notes server to synchronize over the Internet to an inside Notes server 2 Is the intent of the rule to forward or block traffic 3 What direction of traffic does the rule apply to refer to 12 2 1 4 What IP services will be affected 5 What computers on the Internet will be affected The more specific the better For example if traffic is being allowed from the Internet to the LAN it is better to...

Страница 89: ... 12 4 Connection Direction Examples This section describes examples for firewall rules for connections going from LAN to WAN and from WAN to LAN LAN to LAN 1500WR Wireless Router and WAN to WAN 1500WR Wireless Router rules apply to packets coming in on the associated interface LAN or WAN respectively LAN to LAN 1500WR Wireless Router means policies for LAN to 1500WR Wireless Router the policies fo...

Страница 90: ...ated from WAN to LAN You may block traffic initiated from the LAN by configuring blocked services in the Services screen You may allow traffic initiated from the WAN by configuring port forwarding rules one to one many one to one mapping rules and or allow remote management The firewall is automatically enabled when you configure blocked services When you configure a remote management menu to allo...

Страница 91: ...AN to WAN services appear in the Blocked Services textbox in the Services screen with Enable Services Blocking selected Log All log all LAN to WAN packets WAN to LAN To log packets related to firewall rules make sure that Access Control under Log is selected in the Logs Log Settings screen Packets to Log Choose what WAN to LAN and WAN to WAN Prestige packets to log Choose from No Log Log Forwarded...

Страница 92: ...web sites with the word bad in the URL by specifying bad as a keyword You can also block access to web proxies and pages containing Active X components Java applets and cookies Finally you can schedule when the 1500WR Wireless Router performs content filtering by day and time Click ADVANCED FIREWALL and then the Filter tab to open the Filter screen The settings in the screen above are described on...

Страница 93: ...ent filtering by pointing to this proxy server Enable URL Keyword Blocking Select this check box to block the URL containing the keywords in the keyword list Keyword Type a keyword in this field You may use any character up to 64 characters Wildcards are not allowed Keyword List This is a list of keywords that will be inaccessible to computers on your LAN once you enable URL keyword blocking Add T...

Страница 94: ...ist and click Add to add the port to the Blocked Service field Please see Table 12 4 for more information on services available Blocked Services This is a list of services ports that will be inaccessible to computers on your LAN once you enable service blocking Choose the IP port TCP UDP orTCP UDP that defines your customized port from the drop down list box Custom Port A custom port is a service ...

Страница 95: ... effect all day by selecting the All Day check box You can also configure specific times that by entering the start time in the Start hr and Start min fields and the end time in the End hr and End min fields Enter times in 24 hour format for example 3 00pm should be entered as 15 00 Apply Click Apply to save your customized settings Reset Click Reset to reload the previous configuration for this s...

Страница 96: ...ckets to a specific group of hosts NEWS TCP 144 A protocol for news groups NFS UDP 2049 Network File System NFS is a client server distributed file service that provides transparent file sharing for network environments NNTP TCP 119 Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service PING ICMP O Packet INternet Groper is a protocol that sends out ICMP echo re...

Страница 97: ...ange systems UNIX systems and network servers SSH TCP UDP 22 Secure Shell Remote Login Program STRM WORKS UDP 1558 Stream Works Protocol TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments It operates over TCP IP networks Its primary function is to allow users to log into remote host systems TFTP UDP 69 Trivial File Transfer Protocol is...

Страница 98: ...AN WAN you still need to configure a firewall rule to allow access To disable remote management of a service select Disable in the corresponding Server Access field 13 1 1 Remote Management Limitations Remote management over LAN or WAN will not work when 1 A filter in SMT menu 3 1 LAN or in menu 11 5 WAN is applied to block a Telnet FTP or Web service 2 You have disabled that service in one of the...

Страница 99: ... of five minutes three hundred seconds for either the console port or telnet web FTP connections Your 1500WR Wireless Router automatically logs you out if you do nothing in this timeout period except when it is continuously updating the status in menu 24 1 or when sys stdio has been changed on the command line 13 2 Telnet You can telnet into the 1500WR Wireless Router to perform remote management ...

Страница 100: ...ugh which a computer may access the 1500WR Wireless Router using this service Secured Client IP Address A secured client is a trusted computer that is allowed to communicate with the 1500WR Wireless Router using this service Select All to allow any computer to access the 1500WR Wireless Router using this service Choose Selected to just allow the computer with the IP address that you specify to acc...

Страница 101: ...he server port number for a service if needed however you must use the same port number in order to use that service for remote management Server Access Select the interface s through which a computer may access the 1500WR Wireless Router using this service Secured Client IP Address A secured client is a trusted computer that is allowed to communicate with the 1500WR Wireless Router using this ser...

Страница 102: ...e for remote management Server Access Select the interface s through which a computer may access the 1500WR Wireless Router using this service Secured Client IP Address A secured client is a trusted computer that is allowed to communicate with the 1500WR Wireless Router using this service Select All to allow any computer to access the 1500WR Wireless Router using this service Choose Selected to ju...

Страница 103: ...ork administrators perform network management functions It executes applications that control and monitor managed devices The managed devices contain object variables managed objects that define each piece of information to be collected about a device Examples of variables include the number of packets received node port status etc A Management Information Base MIB is a collection of managed objec...

Страница 104: ...RFC 1215 A trap is sent after booting power on 2 warmStart defined in RFC 1215 A trap is sent after booting software reboot 3 NnkUp defined in RFC 1215 A trap is sent when the port is up 4 authenticationFailure defined in RFC 1215 A trap is sent to the manager when receiving any SNMP get or set requirements with wrong community password 6 NnkDown defined in RFC 1215 A trap is sent when the port is...

Страница 105: ...from the management station Trusted Host If you enter a trusted host your 1500WR Wireless Router will only respond to SNMP messages from this address A blank default field means your 1500WR Wireless Router will respond to all SNMP messages it receives regardless of source Trap Community Type the trap community which is the password sent with each trap to the SNMP manager Destination Type the IP ad...

Страница 106: ...n DNS LABEL DESCRIPTION Server Port The DNS service port number is 53 and cannot be changed here Server Access Select the interface s through which a computer may send DNS queries to the 1500WR Wireless Router Secured Client IP Address A secured client is a trusted computer that is allowed to send DNS queries to the 1500WR Wireless Router Select All to allow any computer to send DNS queries to the...

Результаты поиска

Содержание Horizons 1500WR

Отзывы:

Похожие инструкции для Horizons 1500WR

Бренды по названию

Популярные бренды

ParkerVision Horizons 1500WR, Руководство пользователя

Результаты поиска

Содержание Horizons 1500WR

Отзывы:

Похожие инструкции для Horizons 1500WR

Бренды по названию

Популярные бренды