Asus RX3041H User Manual

RX3041H Userâs Manual Revision 1.3 Aug. 19, 200 4
ii
Table of Contents 1 Introduction .............................................. 1 1.1 Features ................................................................................................................ 1 1.2 System Requirements .......................................................................................... 1 1.3 Using this Document ............................................................................................ 1 1.3.1 Notational conventions ............................................................................... 1 1.3.2 Typographical conventions ........................................................................ 1 1.3.3 Special messages ...................................................................................... 2 2 Getting to Know the RX3041H ................. 3 2.1 Parts List ............................................................................................................... 3 2.2 Front Panel ........................................................................................................... 3 2.3 Rear Panel ............................................................................................................ 4 2.4 Major Features...................................................................................................... 4 2.4.1 Firewall and NAT Features ........................................................................ 4 2.4.1.1 Address Sharing and Management .............................................. 5 2.4.1.2 ACL (Access Control List) ............................................................. 5 2.4.1.3 Stateful Packet Inspection ............................................................. 5 2.4.1.4 Defense against DoS Attacks........................................................ 6 2.4.1.5 Application Command Filtering ..................................................... 6 2.4.1.6 Application Level Gateway (ALG) ................................................. 7 2.4.1.7 URL Filtering .................................................................................. 7 2.4.1.8 Log and Alerts ................................................................................ 7 2.4.1.9 Remote Access .............................................................................. 7 3 Quick Start Guide ..................................... 9 3.1 Part 1 â Connecting the Hardware ..................................................................... 9 3.1.1 Step 1. Connect an ADSL or a c able modem. .......................................... 9 3.1.2 Step 2. Connect computers or a LAN ........................................................ 9 3.1.3 Step 3. Attach the AC adapter. .................................................................. 9 3.1.4 Step 4. Turn on the R X3041H, the ADSL or cab le modem and pow er up your computers. ........................................................................................ 10 3.2 Part 2 â Configuring Your Com puters .............................................................. 11 3.2.1 Before you begin ...................................................................................... 11 iii
3.2.2 WindowsÂ® XP PCs: ................................................................................. 11 3.2.3 WindowsÂ® 2000 PCs: .............................................................................. 11 3.2.4 WindowsÂ® 95, 98, and Me PCs .............................................................. 12 3.2.5 WindowsÂ® NT 4.0 workstations:.............................................................. 12 3.2.6 Assigning static IP addresses to your PCs ............................................. 13 3.3 Part 3 â Quick Configuration of the RX3041H ................................................. 13 3.3.1 Buttons Used in Setup Wizard ................................................................. 14 3.3.2 Setting Up the RX3041H.......................................................................... 14 3.3.3 Testing Your Setup .................................................................................. 20 3.3.4 Default Router Settings ............................................................................ 20 4 Getting Started with the Configuration Manager ................................................. 21 4.1 Log into the Configuration Manager .................................................................. 21 4.2 Functional Layout ............................................................................................... 22 4.2.1 Setup Menu Navigation Tips.................................................................... 22 4.2.2 Commonly Used Buttons and Icons ........................................................ 22 4.3 Overview of System Configuration .................................................................... 23 5 Configuring LA N Settings....................... 25 5.1 LAN IP Address .................................................................................................. 25 5.1.1 LAN IP Configuration Parameters ........................................................... 25 5.1.2 Configuring the LAN IP Address.............................................................. 25 5.2 DHCP (Dynamic Host Control Protocol) ............................................................ 26 5.2.1 Introduction ............................................................................................... 26 5.2.1.1 What is DHCP? ............................................................................ 26 5.2.1.2 Why use DHCP?.......................................................................... 26 5.2.2 DHCP Server Configurat ion..................................................................... 27 5.2.2.1 DHCP Configuration Parameters ................................................ 27 5.2.2.2 Configuring DHCP Server ........................................................... 27 5.2.2.3 Viewing Existing IP Address Lease............................................. 28 5.2.3 Fixed DHCP Lease .................................................................................. 28 5.2.3.1 Fixed DHCP Lease Configuratio n Parameters........................... 28 5.2.3.2 Add a Fixed DHCP Lease ........................................................... 29 5.2.3.3 Delete a Fixed DHCP Lease ....................................................... 29 iv
5.2.3.4 Viewing Fixed DHCP Lease Table.............................................. 29 5.3 DNS..................................................................................................................... 29 5.3.1 About DNS................................................................................................ 29 5.3.2 Assigning DNS Addresses....................................................................... 30 5.3.3 Configuring DNS Relay ............................................................................ 30 5.4 Viewing LAN Statistics........................................................................................ 31 6 Configuring WA N Settings ..................... 33 6.1 WAN Connection Mode...................................................................................... 33 6.2 PPPoE ................................................................................................................ 33 6.2.1 WAN PPPoE Configuration Para meters ................................................. 33 6.2.2 Configuring PPPoE for WAN ................................................................... 35 6.3 Dynamic IP.......................................................................................................... 36 6.3.1 WAN Dynamic IP Configuration Pa rameters .......................................... 36 6.3.2 Configuring Dynamic IP for WA N ............................................................ 36 6.4 Static IP ............................................................................................................... 37 6.4.1 WAN Static IP Conf iguration Parameters ............................................... 37 6.4.2 Configuring Static IP for WAN ................................................................. 37 6.5 Viewing WAN Statistics ...................................................................................... 38 7 Configuring Routes ................................ 41 7.1 Overview of IP Routes........................................................................................ 41 7.1.1 Do I need to define IP routes? ................................................................. 41 7.2 Dynamic Routing us ing RIP (Routing Information Protocol) ............................. 41 7.2.1 Dynamic Routing (RIP) Conf iguration Parameters ................................. 41 7.2.2 Configuring RIP ........................................................................................ 42 7.3 Static Routing...................................................................................................... 43 7.3.1 Static Route Configuration Parameters ................................................... 43 7.3.2 Adding a Static Route .............................................................................. 43 7.3.3 Deleting a Static Route ............................................................................ 43 7.3.4 Viewing the Routin g Table ....................................................................... 44 8 Configuri ng DDNS ................................. 45 8.1 DDNS Configuration Parameters....................................................................... 46 8.2 Configuring RFC-2136 DDNS Client ................................................................. 47 v
8.3 Configuring HTTP DDNS Client ......................................................................... 48 8.4 Configuring Local Host Table ............................................................................. 48 8.4.1.1 Add a Host Table Entry ............................................................... 49 8.4.1.2 Modify a Host Table Entry ........................................................... 49 8.4.1.3 Delete a Host Table Entry ........................................................... 49 8.4.1.4 View the Host Table..................................................................... 49 9 Configuring Firewall/NAT Settings ......... 51 9.1 Firewall Overview ............................................................................................... 51 9.1.1 Stateful Packet Inspection ....................................................................... 51 9.1.2 DoS (Denial of Service) Protection .......................................................... 51 9.1.3 Firewall and Access Control Li st (ACL) ................................................... 51 9.1.3.1 Priority Order of ACL Rule ........................................................... 51 9.1.3.2 Tracking Connection State .......................................................... 52 9.1.4 Default ACL Rules .................................................................................... 52 9.2 NAT Overview..................................................................................................... 52 9.2.1 Static (One to One) NAT .......................................................................... 52 9.2.2 Dynamic NAT ........................................................................................... 53 9.2.3 NAPT (Network Address and Por t Translation) or PAT (Port Address Translation) ............................................................................................... 54 9.2.4 Reverse Static NAT.................................................................................. 55 9.2.5 Reverse NAPT / Virtual Server ................................................................ 55 9.3 ACL Rule Configuration Parame ters ................................................................. 55 9.4 Configuring Inbound ACL Rules ........................................................................ 57 9.4.1 Add an Inbound ACL Rule ....................................................................... 58 9.4.2 Modify an Inbound ACL Rule ................................................................... 58 9.4.3 Delete an Inbound ACL Rule ................................................................... 59 9.4.4 Display Existing Inbound ACL Rules ....................................................... 59 9.5 Configuring Outbound ACL Rules ..................................................................... 59 9.5.1 Add an Outbound ACL Rule .................................................................... 59 9.5.2 Modify an Outbound ACL Rule ................................................................ 60 9.5.3 Delete an Outbound ACL Rule ................................................................ 60 9.5.4 Display Existing Outbound ACL Rules .................................................... 61 9.6 Configuring URL Filters ...................................................................................... 61 9.6.1 URL Filter Configuration Para meters ...................................................... 61 9.6.2 Add an URL Filter Rule ............................................................................ 61 9.6.3 Modify an URL Filter Rule ........................................................................ 62 vi
9.6.4 Delete an URL F ilter Rule ........................................................................ 62 9.6.5 View Existing URL Filter Rules ................................................................ 62 9.7 Configuring A dvanced Fire wall Features â (Fir ewall Ã Advanced)................. 62 9.7.1 Configuring Self Access Rules ................................................................ 63 9.7.1.1 Self Access Configuration P arameters ....................................... 63 9.7.1.2 Add a Self Access Rule ............................................................... 63 9.7.1.3 Modify a Self Access Rule ........................................................... 64 9.7.1.4 Delete a Self Access Rule ........................................................... 64 9.7.1.5 View Configured Self Access Rules ............................................ 64 9.7.2 Configuring Service List ........................................................................... 64 9.7.2.1 Service List Configuration P arameters ....................................... 64 9.7.2.2 Add a Service ............................................................................... 65 9.7.2.3 Modify a Service .......................................................................... 65 9.7.2.4 Delete a Service ........................................................................... 66 9.7.2.5 View Configured Services ........................................................... 66 9.7.3 Configuring DoS Settings......................................................................... 66 9.7.3.1 DoS Protection Configuration Parameters.................................. 66 9.7.3.2 Configuring DoS Settings ............................................................ 67 9.8 Firewall Policy List â (Fi rewall Ã Policy List) .................................................... 68 9.8.1 Configuring Application Filter ................................................................... 69 9.8.1.1 Application Filter Configurat ion Parameters ............................... 69 9.8.1.2 Add an Application Filter .............................................................. 70 9.8.1.2.1 FTP Example: Add a FTP Fi lter Rule to Blo ck FTP DE LETE Command..................................................................................... 71 9.8.1.2.2 HTTP Example: Add a HTTP Filter Rule to Block JAVA Applets and Java Archives ....................................................................... 73 9.8.1.3 Modify an Application Filter ......................................................... 74 9.8.1.4 Delete an Application Filter .......................................................... 75 9.8.2 Configuring IP Pool .................................................................................. 75 9.8.2.1 IP Pool Configuration Parameters............................................... 75 9.8.2.2 Add an IP Pool ............................................................................. 75 9.8.2.3 Modify an IP Pool ......................................................................... 76 9.8.2.4 Delete an IP Pool ......................................................................... 76 9.8.2.5 IP Pool Example .......................................................................... 77 9.8.3 Configuring NAT Pool .............................................................................. 78 9.8.3.1 NAT Pool Configuration Para meters........................................... 78 9.8.3.2 Add a NAT Pool ........................................................................... 79 9.8.3.3 Modify a NAT Pool ....................................................................... 79 vii
9.8.3.4 Delete a NAT Pool ....................................................................... 80 9.8.3.5 NAT Pool Example ...................................................................... 80 9.8.4 Configuring Time Range .......................................................................... 81 9.8.4.1 Time Range Configuration Parameters ...................................... 81 9.8.4.2 Add a Time Range ....................................................................... 82 9.8.4.3 Modify a Time Range .................................................................. 82 9.8.4.4 Delete a Time Range ................................................................... 82 9.8.4.5 Delete a Schedule in a Time Range ........................................... 82 9.8.4.6 Time Range Example .................................................................. 83 9.9 Firewall Statistics â Firewall Ã Stat istics........................................................... 83 10 Configuring Remote Access .................. 85 10.1 Remote Access .................................................................................................. 85 10.2 Manage User Groups and Users ....................................................................... 85 10.2.1 User Group Configuration Parameters .................................................... 85 10.2.2 Add a User Group and/or a User ............................................................. 86 10.2.3 Modify a User Group or a User ................................................................ 87 10.2.4 Delete a User Group or a Us er ................................................................ 87 10.2.5 User Group and User s Configuration Example ...................................... 88 10.3 Configure Group ACL Rules .............................................................................. 88 10.3.1 Group ACL Specific Configuratio n Parameters ...................................... 88 10.3.2 Add a Group ACL Rule ............................................................................ 88 10.3.3 Modify a Group ACL Rule ........................................................................ 89 10.3.4 Delete a Group ACL Rule ........................................................................ 90 10.3.5 Display Existing Group ACL Rules .......................................................... 90 10.4 Remote User Login Process .............................................................................. 90 10.5 Configure Firewall for Remote Access .............................................................. 91 11 System M anagement ............................. 93 11.1 Configure System Services ................................................................................ 93 11.2 Change the Login Password and Manage ment Station IP Addresses ............ 93 11.2.1 Change the Login Password....................................................................93 11.2.2 Configure Management Stations ............................................................. 94 11.2.2.1 Management Station Configuratio n Parameters..................................... 94 11.2.2.2 Add a Management Station Group .......................................................... 95 viii
11.2.2.3 Modify a Management Station Group ..................................................... 96 11.2.2.4 Delete a Management Station Group ...................................................... 96 11.3 Configure System Identity .................................................................................. 96 11.4 Setup Date and Time ......................................................................................... 96 11.4.1 Date/Time Configuration Parameters ...................................................... 97 11.4.2 Maintain Date and Time ........................................................................... 97 11.4.3 View the System Date and Time ............................................................. 98 11.5 SNMP Setup ....................................................................................................... 98 11.5.1 SNMP Configuration Parameters ............................................................ 98 11.5.2 Configuring SNMP ................................................................................... 99 11.6 System Configuration Management .................................................................. 99 11.6.1 Reset to Factory Settings ......................................................................... 99 11.6.1.1 Reset to Factory Settings Using Configuration Manager ....................... 99 11.6.1.2 Reset to Factory Settings Using Reset Button ...................................... 100 11.6.2 Backup System Configuration ............................................................... 100 11.6.3 Restore System Configuration ............................................................... 100 11.7 Upgrade Firmware ............................................................................................ 101 11.8 Reset the RX3041H ......................................................................................... 102 11.9 Logout Configuration Manager ........................................................................ 102 A ALG Configur ation ............................... 105 B System Specif ications .......................... 109 B.1 Hardware Specification .................................................................................... 109 B.2 Default Settings ................................................................................................ 109 C IP Addresses, Network Masks, and Subnets ................................................ 113 C.1 IP Addresses .................................................................................................... 113 C.1.1 Structure of an IP address ..................................................................... 113 C.2 Network classes................................................................................................ 113 C.3 Subnet masks ................................................................................................... 114 D Troubleshoot ing ................................... 117 ix
D.1 Diagnosing Problem using IP Utilit i es .............................................................. 118 D.1.1 Ping ......................................................................................................... 118 D.1.2 Nslookup ................................................................................................. 119 E Glossary ............................................... 121 F Index .................................................... 127 List of Figures Figure 2. 1. Front Panel LEDs............................................................................................................ .......................3 Figure 2. 2. Rear Panel Connections...................................................................................................... ..................4 Figure 3.1. Overview of Hardware Connections ................................................................................... ............... 10 Figure 3.2. Login Screen ....................................................................................................... ................................ 14 Figure 3.3. Setup Wizard Home Page ............................................................................................. ..................... 15 Figure 3.4. Setup Wizard â Password Conf iguration Page ......................................................................... ........ 15 Figure 3.5. Setup Wizard â System Identit y Configuration Page .................................................................. ...... 16 Figure 3.6. Setup Wizard â Date/Time Conf iguration Page........................................................................ ......... 16 Figure 3.7. Setup Wizard â LAN IP Conf iguration Page ........................................................................... ........... 17 Figure 3.8. Setup Wizard â LAN DHCP S erver Configuration Page .................................................................. .1 7 Figure 3.9. Setup Wizard â WAN PPPoE Conf iguration Page ........................................................................ .... 18 Figure 3.10. Setup Wizard â WAN Dynamic IP Configuration Page .................................................................. .1 8 Figure 3.11. Setup Wizard â WA N Static IP Conf iguration Page ................................................................... ..... 19 Figure 4.1. Configuration Manager Login Screen ................................................................................. ............... 21 Figure 4.2. Typical Configuration Manager Page ................................................................................. ................ 22 Figure 4.3. System Information P age ............................................................................................ ....................... 23 Figure 5.1. LAN IP A ddress Configuration ....................................................................................... .................... 26 Figure 5.2. DHCP Configuration ................................................................................................. .......................... 28 Figure 5.3. Sample DHCP Lease Table ............................................................................................ ................... 28 Figure 5.4. Fixed DHCP Lease Configur ation P age ................................................................................ ............ 29 Figure 5.5. LAN Statist ics Page ................................................................................................ ............................ 31 Figure 6.1. WAN PPPoE Conf iguration Page ....................................................................................... ............... 35 Figure 6.2. WAN PPPoE Conf iguration Summary .................................................................................... ........... 35 Figure 6.3. WAN Dynamic IP (DHCP client) Configuration ......................................................................... ........ 36 Figure 6.4. WAN Dynamic IP (DHCP client) Conf iguration Summary ................................................................ 3 7 Figure 6.5. WAN Static IP Configuration ........................................................................................ ...................... 38 x
Figure 6.6. WAN Static IP Configuration ........................................................................................ ...................... 38 Figure 6.7. WAN Statistics Page................................................................................................ ........................... 39 Figure 7.1. RIP Configuration................................................................................................. .............................. 42 Figure 7.2. Static Route Configuration ........................................................................................ ......................... 43 Figure 7.3. Routing Table ..................................................................................................... ................................ 44 Figure 8.1. Network Diagram for RF C-2136 DDNS .................................................................................. ........... 45 Figure 8.2. Network Diagram for HTTP DDNS ...................................................................................... .............. 46 Figure 8.3. RFC-2136 DDNS Configuration ........................................................................................ ................. 47 Figure 8.4. HTTP DDNS Configuration ............................................................................................ .................... 48 Figure 8.5. Host Table Configuration ........................................................................................... ......................... 49 Figure 8.6. Host Table ......................................................................................................... .................................. 49 Figure 9.1 Static NAT â Mapping Four Private IP Addr esses to Four Globally Va lid IP Addresses .................. 53 Figure 9.2 Dynamic NA T â Four Priv ate IP addresse s Mapped to Three Valid IP Addresses .......................... 53 Figure 9.3 Dynamic NAT â PC-A can get an NAT association afte r PC-B is disconnected ............................... 53 Figure 9.4 NAPT â Map Any Internal P Cs to a Si ngle Global IP Address .......................................................... 5 4 Figure 9.5 Reverse Static NAT â Map a Global IP Address to A n Internal PC ................................................... 54 Figure 9.6 Reverse NAP T â Relayed Incoming Pa ckets to the Internal Host Base on the Protoco l, Port Number or IP Address ........................................................................................................... ........................ 54 Figure 9.7. Inbound AC L configurati on Ex ample .................................................................................. ............... 58 Figure 9.8. Inbound ACL List ................................................................................................... ............................. 58 Figure 9.9. Outbound ACL Configuratio n Ex ample................................................................................. ............. 60 Figure 9.10. Outbound ACL List ................................................................................................. .......................... 60 Figure 9.11. URL Filter Configurat ion Example.................................................................................. .................. 62 Figure 9.12. URL Filter List ................................................................................................... ................................ 62 Figure 9.13. Self Access Rule Configur ation Example ............................................................................ ............ 63 Figure 9.14. Service List Configuration ........................................................................................ ......................... 65 Figure 9.15. Service List ...................................................................................................... .................................. 65 Figure 9.16. DoS Attack Protection List ........................................................................................ ........................ 68 Figure 9.17. DoS Configuration Page ............................................................................................ ....................... 68 Figure 9.18 Network Diagram for FTP Filter Exampl e â Blocking FTP Delete Command ................................. 71 Figure 9.19. FTP Filter Exampl e â Configuring FTP Filter Rule .................................................................. ........ 71 Figure 9.20 FTP Filter Example â Firewall Co nfiguration Assistant .............................................................. ...... 72 Figure 9.21 FTP Filter Example â Add an FTP Filter to Deny FTP Delete Command ....................................... 72 Figure 9.22. FTP Filter Example â Associate FTP Filter Rule to an ACL Rule ................................................... 72 Figure 9.23. HTTP Filter Exam ple â Configuring H TTP Filter Rule ................................................................ ..... 73 Figure 9.24. HTTP Filter Example â Associate HTTP Filter Rule to an ACL Rule ............................................. 74 Figure 9.25. Modify an Application Filter...................................................................................... ......................... 74 xi
Figure 9.26 IP Pool Configuration .............................................................................................. ........................... 76 Figure 9.27. Network Diagram for IP Po ol Conf iguration ......................................................................... ............ 77 Figure 9.28. IP Pool Example â Add Two IP Pool s â MISgroup1 and MISgroup2 ............................................. 77 Figure 9.29. IP Pool Example â Deny QUAKE-II Co nnection for MISgroup1 ..................................................... 78 Figure 9.30. NAT Pool configuration............................................................................................ ......................... 79 Figure 9.31. Network Diagram for NAT Po ol Example .............................................................................. .......... 80 Figure 9.32. NAT Pool Example â Create a St atic NAT Pool ....................................................................... ....... 80 Figure 9.33. NAT Pool Example â Associate a NAT P ool to an ACL Rule ......................................................... 81 Figure 9.34. Time Range Configurat ion .......................................................................................... ..................... 82 Figure 9.35. Time Range Exam ple â Create a Time Range .......................................................................... ..... 83 Figure 9.36. Time Range Ex ample â Deny FTP A ccess for MISgr oup1 During OfficeHours ............................ 83 Figure 9.37. Firewall Statistics ............................................................................................... ............................... 84 Figure 10.1. User Group Configuration.......................................................................................... ....................... 86 Figure 10.2. User Group and Users Configur ation Ex ample ........................................................................ ....... 88 Figure 10.3. Group ACL Configuration Example................................................................................... ............... 89 Figure 10.4. Group ACL List ................................................................................................................................. 89 Figure 10.5. Login Console ..................................................................................................... .............................. 90 Figure 10.6. Login Status Screen ............................................................................................... .......................... 90 Figure 10.7. Network Diagram for Inbound Re mote Access ......................................................................... ...... 91 Figure 10.8. User and User Group Configur ation Example ......................................................................... ........ 92 Figure 10.9. Group ACL Configuration Example................................................................................... ............... 92 Figure 11.1. System Services Conf iguration ..................................................................................... ................... 93 Figure 11.2. Password Configuration ............................................................................................ ....................... 94 Figure 11.3. Management Station Conf iguration ................................................................................................. 95 Figure 11.4. Management Station Su mmary ........................................................................................ ............... 96 Figure 11.5. System Ident iy Configurat ion ...................................................................................... ..................... 96 Figure 11.6. Date and Time Configur ation Page.................................................................................. ................ 9 8 Figure 11.7. SNMP Configuration ................................................................................................ ......................... 99 Figure 11.8. Existing SNMP Conf iguration ....................................................................................... .................... 99 Figure 11.9. Default Setting Conf iguration..................................................................................... ....................... 99 Figure 11.10. Counter Timer for Default Setti ng Configuration .................................................................. ....... 100 Figure 11.11. Backup System Configuration ...................................................................................................... 100 Figure 11.12. Restore System Configuration ..................................................................................... ................ 101 Figure 11.13. Windows File Browser ............................................................................................. ..................... 101 Figure 11.14. Firmware Upgrade Page ............................................................................................ .................. 102 Figure 11.15. Counter Down Counter for Fi rmware Update ......................................................................... ..... 102 Figure 11.16. Router Reset Page ................................................................................................ ....................... 102 xii
Figure 11.17. Counter Down Counter for Rout er Reset ............................................................................ ........ 102 Figure 11.18. Logout Page...................................................................................................... ............................ 103 Figure 11.19. Confirmation f or Closing Browser (IE) ............................................................................ ............. 103 Figure D.1. Using the ping Utility ............................................................................................. ............................ 119 Figure D.2. Using the nslookup Utility ......................................................................................... ........................ 120 List of Tables Table 2.1. Front Panel Label and LEDs .......................................................................................... ........................3 Table 2.2. Rear Panel Labels a nd LEDs .......................................................................................... .......................4 Table 2.3. DoS Attacks .............................................................................................................................................6 Table 3.1. LED Indicators ...................................................................................................... ................................ 10 Table 3.2. Default Settings Summary ............................................................................................ ....................... 20 Table 4.1. Description of Co mmonly Used Buttons and Icons ...................................................................... ...... 23 Table 5.1. LAN IP Configuration P arameters ..................................................................................... .................. 25 Table 5.2. DHCP Server Configurati on Parameters ................................................................................ ............ 27 Table 5.3. DHCP Address As signment Parameters .................................................................................. .......... 28 Table 5.4. Fixed DHCP Leas e Configuration Parameters ........................................................................... ........ 29 Table 6.1. WAN PP PoE C onfiguration P arameters .................................................................................. ........... 33 Table 6.2. WAN Dyna mic IP Configuration Parameters ............................................................................. ......... 36 Table 6.3. WAN St atic IP Configurati on Parameters .............................................................................. ............. 37 Table 7.1. Dynamic R outing (RIP) Configuration Parameters ...................................................................... ....... 41 Table 7.2. Static Route Configuration Parameters............................................................................... ................ 43 Table 8.1. DDNS Configuration Pa ramet ers ....................................................................................... ................. 46 Table 9.1. ACL Rule Co nfiguration Parameters ................................................................................... ................ 55 Table 9.2. URL Filter Configuratio n P arameters ................................................................................. ................. 61 Table 9.3. Self Access Configurati on Paramet ers ................................................................................ ............... 63 Table 9.4. Service List configuration parameters ............................................................................... .................. 64 Table 9.5. DoS Protection Configuration Paramete rs ............................................................................. ............. 66 Table 9.6. Application Filt er Conf iguration Parameters......................................................................... ............... 69 Table 9.7. IP Pool Co nfiguration Parameters .................................................................................... ................... 75 Table 9.8. NAT Pool Co nfiguration Parameters ................................................................................... ................ 78 Table 9.9. Time Range Configurati on Parameters................................................................................. .............. 81 Table 10.1. User Group Configurati on Parameters................................................................................ .............. 85 Table 10.2. Group ACL Specific Configuration Paramet ers ........................................................................ ........ 88 Table 11.1. Management Station Configurat ion P arameters ........................................................................ ...... 95 Table 11.2. Date/Time Co nfiguration Paramete rs................................................................................. ............... 97 xiii
Table 11.3. Fixed DHCP Lease Configuratio n Parameters .......................................................................... ....... 98 Table A.1. Supported ALG ....................................................................................................... ........................... 105 Table B.1. Hardware Specification.............................................................................................. ........................ 109 Table B.2. System Default Settings ............................................................................................. ....................... 1 09 Table C.1. IP Address structure ................................................................................................ .......................... 113 xiv
RX3041H Userâs Manual Chapter 1. Introduct ion 1 Introduction Congratulati ons on becoming the owner of the high-speed r outer, RX3041H. Yo ur LAN (loc al area netw ork) will now be able to access the Interne t using your broa dband connection s uch as those with AD SL or cable modem. This User Manual will show you how to set up your router, an d how to customize its configurat ion to get the most out of th is product. 1.1 Features î¦ 10/100Base-T router provid ing Internet connectivity for all computers on your LAN î¦ 4-port 10/100Base-T (auto MDI/MDIX, auto speed negotiation) Ethernet swit ch î¦ High performance firewa ll, and NAT (N etwork Address Tr anslation) to provide s ecure Interne t access for your LAN î¦ Automatic network address assignment through DHCP Server î¦ Servi ces includi ng IP route, DNS and DDNS configurati on, RIP, and IP perf ormance monito ring î¦ Config uration program acce ssible via a web browser, such a s Microsoft Internet Explore r 5.5, Netscape 7. 0.2 or ne wer. 1.2 System Requirements In order to use the RX3041H for In ternet access , you must have the following : î¦ ADSL or cable modem and the corresponding serv ice up and running , with at leas t one public Intern et address assign ed to your WAN î¦ One or mo re computer s each containi ng an Ethernet 10 Base-T/100B ase-T network int erface card (NIC) î¦ (Optional) An Ethernet hub/swi tch, if you are connecting the device to mor e than four computers on an Ethernet network. î¦ For system config uration us ing the supplied w eb-based progr am: a web browser such as Inter net Explorer v5.5 or newer. 1.3 Using this Document 1.3.1 Notational conventions î¦ Acronyms are defined the first time the y appear in text and in the glossa ry (Appendix E). î¦ For brevity, the R X3041H is some times referred to as âthe routerâ or âyo ur routerâ. î¦ The t erms LA N and network are used in terchangeably to refer to a group o f Ethernet-c onnected computer s at one site. î¦ Sequence of mouse ac tions is denoted by the â Ã â character. For instance, System Ã System Info means cli ck the Sy stem me nu and then click t he System Info submenu. 1.3.2 Typographica l conventions î¦ Italics is used to identify terms that are define d in the glossary (Appen dix E). î¦ Boldface type text is used for items you select from menus and drop-down lists, and text strings you type when prompted by the program.
Chapter 1. Introduct ion RX3041H Userâs Manual 2 1.3.3 Special messages This docum ent uses t he follo wing ic ons to call your at tention to specific instructions or explanations. Note Provides clarification or non -essential inf ormation on the current topic. Definitio n Explains terms or acro nyms that may be unfamiliar to many readers. T hese terms are also included in the Glossa ry. WARNING Provides messa ges of high importance , including messages relati ng to perso nal safe ty or sys tem inte grity .
RX3041H Userâs Manual Chapter 2. Getting to Know the RX3041H 3 2 Getting to Know the RX3041H 2.1 Parts List In addition to this document, your router should come with the following : î¦ RX3041H High Speed Router î¦ AC adapter î¦ Ethernet cable (âstra ight-throughâ type) 2.2 Front Panel The front panel cont ains LED indi cators that sho w the status of the unit. Figure 2.1. Fr ont Pan el LEDs Table 2.1. F ront Pan el Label and LE Ds LED Label Color Status Indication On Unit is powered on POWER Green Off Unit is powered off On System malfunctioned if this LED stay s on. Note that the LED is lit du ring sy stem bo oting a nd is turn ed off afterwards. Th is LED is also used alon g w/ reset button during sy stem configu ration reset. Plea se refer to the section 11.6.1.2 â Reset to Factory Settings Using Reset Button â for furt her det ail s. ALARM Green Off System functions normally. On WAN link est ablished a nd active Flashing Data is tr ansmitted or r eceived via WAN connection WAN Green Off No WAN link On LAN link is established Flashing Data is tr ansmitted or r eceived via LAN connectio n LAN1 â LAN4 Green Off No LAN link
Chapter 2. Getting to Know the RX3041H RX3041H Userâs Manual 4 2.3 Rear Panel The rear panel con tains the ports for the unit's data and power conn ections. Figure 2.2. Rea r Panel Connecti ons Table 2.2. Rear Pan el Labels and LEDs Label Function POWER Power Input Jack Connects to the supplied AC adapter Reset Reset Button 1. Reboots the device 2. Used for re setting th e syst em co nfigurati on to th e facto ry settings. Please refer to the secti on 11.6.1.2 â Reset to Factory Settings Using Reset Button â for furt her deta ils. CONSOLE Console Port For ASUSTe K interna l use only. WAN WAN Port Connects to your W AN device, s uch as an ADSL or a cable modem. P1 â P4 LAN Ports Connects to your PC's Eth ernet port, or to the uplink port on the hub or the switch 2.4 Major Features 2.4.1 Firewall and NAT Features The firewall imple mented in your rout er provides the follo wing features to prote ct your network from bein g attacked and to pre vent your network from being used as the sprin gboard for attacks . î¦ Address Sharing and Management î¦ Packet Filterin g î¦ Stateful Packet Inspection î¦ Defen se against Deni al of Service Attacks î¦ Appli cation Content Filte ring î¦ Log an d Alert î¦ Remote Acces s
RX3041H Userâs Manual Chapter 2 Getting to Know t he RX3041H 5 î¦ Key word based URL Filte ring 2.4.1.1 Address Sharing and Manage ment The RX3041H Firewall prov ides NAT to share a single hig h-speed Inter net connection and to sa ve the cos t of multiple connectio ns require d for th e hosts on the LAN segmen ts connec ted to the RX3041H. Th is fea ture conceals ne twork address an d prevents them fro m becoming public . It maps unre gistered IP addresses o f hosts connec ted to the LAN w ith va lid ones for Interne t access. The RX3 041H Firewall also provides r everse NAT capability, whic h enables SOHO users to host various services such as e-m ail servers, web servers, et c. The NAT rules d rive the translation me chanism at the NA T router. The fol lowing types of NA T are support ed by the RX3041H. î¦ Static NAT â Maps an internal host address to a globally valid Internet address (one- to-one). All packets are di rectly tran slated with t he inf ormation co ntaine d in the map. î¦ Dynamic NAT â Maps an interna l host address d ynamically to a globally valid Internet address (m- to- n). The map usually contai ns a pool of internal IP ad dresse s (m) and a po ol of glob ally valid I nternet IP addresses (n) with m usually grea ter than n. Eac h interna l IP address is mapped to one external IP address on a first come firs t serve basis. î¦ NAPT (Network Ad dress and Por t Translation ) â Also called IP Masqueradin g. Maps many internal hosts to only one globally v alid Inte rnet addre ss. The m ap usua lly contai ns a pool of network p orts to be used fo r translat ion. Eve ry packet is tr anslated with the globally val id Internet address; the port number is transl ated with a free pool from the p ool of network po rts. î¦ Reverse Static â This is inbound mapp ing that maps a globally va lid Internet addr ess to an interna l host address . All packets coming to that externa l address ar e relayed to the internal a ddress. This is useful when hosti ng services in an inte rnal machine. î¦ Reverse NAPT â Al so calle d inbound m apping, port mapp ing, and vi rtual serve r. Any packet coming to the router can be relayed to the int ernal host ba sed on the protocol, port num ber or IP Address specified in the rul e. This is useful when multip le services are hosted on diff erent internal machi nes. Note For a complete list ing of all NAT AL Gs suppor ted, ref er to Appendix A âALG Co nfiguratio nâ on. 2.4.1.2 ACL (Access Control Li st) ACL rule is on e of the b asic buil ding blo cks for net work secu rity. Fire wall monit ors each i ndividua l packet, decodes the he ader information of inbound and outb ound traffic and then eithe r blocks the packe t from passing or allows it to pass based on the contents of the source address, des tination address , source port, destinatio n port, prot ocol and ot her crite rion, e.g. applica tion filter, ti me ranges, d efined in t he ACL rules. ACL is a very appropriate mea sure for providi ng isolation of one subn et from another. It can be used as the first line of defense in the ne twork to block inbound pa cke ts of spe cific types fr om ever rea ching th e protecte d network. The RX3041H Firewallâs ACL methodology suppo rts: î¦ Filtering based on destinat ion and source IP address , port number and pro tocol î¦ Use of th e wild card for com posing fi lter rules î¦ Filter Rule priorities î¦ Time ba sed filters î¦ Appli cation specific filt ers î¦ User grou p based filters for rem ote access 2.4.1.3 Stateful Packet Inspection The RX3041H Firewall uses âstateful p acket inspec tionâ tha t extracts sta te-related informatio n required for the security decisi on from the packet a nd maintains thi s informati on for evaluat ing subsequ ent connectio n attempts. It has awareness o f application and creates dynamic sess ions that al low dynamic connec tions so
Chapter 2. Getting to Know the RX 3041H RX3041H Userâs Manual 6 that no ports need to be o pened other than the r equired o nes. This provides a solution wh ich is h ighly secure and that offers scal ability and extensibility. 2.4.1.4 Defense against DoS Attacks The RX3041H Firewall has an Attack Defense En gine tha t protects internal ne tworks from kn own types o f Internet attacks. It provid es automatic pr otection from Den ial of Service (DoS) att acks such as SYN flood ing, IP smurfing, LAND, Ping of Death a nd all re-assemb ly attacks. It can dr op ICMP redirects and IP loos e/strict source routing packets. For example, the R X3041H Firewall pro vides protection from âWinNukeâ, a w idely used progr am to remotely cras h unprotec ted Windows syste ms in the In ternet. The R X3041H Firewall a lso provides protectio n from a variety of com mo n Inte rnet attacks su ch a s IP Spoofi ng, Ping of De ath, Land Att a ck, Reassembly and S YN floodi ng. The type of attack prote ctions provided by the RX 3041H are liste d in Table 2.3. Table 2.3. DoS Attacks Type of Attack Name of Attacks Re-assembly attacks Bonk, Boink , Teardrop (New Tear), Overdrop, Ope ntear, Syndrop, Jolt ICMP Attacks Ping of Death, Smurf, Twinge Flooders ICMP Flooder, UD P Flooder, SYN Flooder Port Scans TCP XMAS Scan, TCP Null Scan TCP SYN Scan, TCP Stealt h Scan TCP Attacks TCP sequence number prediction, TC P out-of sequen ce attacks Protec tion wi th PF Ru les Echo-Chargen, Ascend Kill Miscellaneous Attacks IP Spoofing, LAND, Targa, Tentacle MIME Flood, Winnu ke, FTP Bounce, IP unaligned ti me sta mp attack 2.4.1.5 Applica tion Command Filtering The RX3041H Firewall allo ws network administr ators to block, mo nitor, and report on ne twork users access to non-business and objectionable con tent. This h igh-performance content access c ontrol results in increased productivity, lower bandwidt h us age and reduced le gal liability. The RX3041H F irewall has the ability to han dle active co ntent filtering on certain ap plication pro tocols such as HTTP, FTP, SMTP and RPC. î¦ HTTP â You can defi ne HTTP extension ba sed filtering scheme s for blocking î¦ ActiveX î¦ Java Archiv e î¦ Java Ap plets î¦ Microsoft Archives î¦ URLs based on file extensions. î¦ FTP â allo ws you to define and enf orce the file t ransfer poli cy for the site or group of u sers î¦ SMTP â allows you to filter operations such as VRFY, EXPN, etc. which reveal excess information about the re cipient. î¦ RP C â allows you to filter p rograms ba sed on the assigned RP C program nu mbers.
RX3041H Userâs Manual Chapter 2 Getting to Know t he RX3041H 7 2.4.1.6 Application Level Gate way (ALG) Applications such a s FTP, games etc., open conn ections dynam ically based on the resp ective applicati on parameter . To go throug h the firewall on the RX3041H, pack ets pertaining to an application, require a corresponding allow rule. In the abs ence of such rules, the packets w ill be dropped by the RX3041H Firewall. As it is n ot feasib le to crea te policies for numerous applications d ynamically (at the same time with out compromising security), intelligence in the fo rm of Applic ation Leve l Gateways (ALG), is bu ilt to parse packets for applicat ions and open dynamic ass ociations. The R X3041H Firewall pro vides a numb er of ALGs for popular applications such as FTP, H.323, RTSP, Microsoft Games, SIP, etc. 2.4.1.7 URL Filtering A set of keywords that should not a ppear in the URL (Uniform Resource Locator, e.g. www.yahoo.com ) can be defined. Any URL contai ning one or more of these key words will be bloc ked. This is a policy indep endent feature i.e. it cannot be as sociated to AC L rules. This fea ture can be indep endently enabl ed or disabled, b ut works only if fire wa ll is enabled . 2.4.1.8 Log and Alerts Events in the network, that cou ld be attempts to affect its se curity, are recorded in the RX 3041H System lo g file. Event detai ls are recorde d in WELF (WebTr ends Enhanc ed Log Format ) format s o that s tatistical too ls can be used to genera te custom repor ts. The RX3041H Firewall can also forward Syslog informa tion to a Syslog serv er on a private net work. The RX3041H Firewall suppo rts: î¦ Alert s sent to the admini strator via e-mail. î¦ Maint ains at a minimum, log details such as, time of pa cket arrival, descripti on of action taken by Firewall and reason for action. î¦ Supports the UNIX Syslog format. î¦ Sends log report e-mails as scheduled b y the netw ork adminis trator or b y default w hen the log file is full. î¦ All the messa ges are sent in the WELF form at. î¦ ICMP loggi ng to show code and type. 2.4.1.9 Remote Access The RX3041H Firewa ll allows the netw ork administrator to segregate the user community into Acc ess Policies per group. A user can log in us ing the login page (Re fer to âUser Login Processâ on page 67) . After a user is authenticated successfully, the RX3041H Firewall dynamically ac tivates the user-gro upâs set of access po licies. These policies will subsequently be enforce d until the use r logs out of the session or until inactivity timeout period has lapse d.

RX3041H Userâs Manual Chapter 3. Quick Start Guide 9 3 Quick S t art Guide This Quick Sta rt Guide provides bas ic instructions for connecting your router to a computer or a LAN and to the In ternet . î¦ Part 1 provides instructions to set up the hardware. î¦ Part 2 describes how to configu re Interne t properties on your compu ter(s). î¦ Part 3 shows you how to config ure basic settings on the RX3041H to get your LAN connected to the Internet. After setting up and configuring your ro uter, you can follow the instructions on page 20 to v erify that it is working proper ly. This Quick St art Guide a ssumes that y ou have already establi shed ADS L or cable modem serv ice with your Internet ser vice provid er (ISP) . These ins tructions prov ide a basic confi guration tha t should be compati ble with your home or small office n etwork setup. Refe r to the subsequent ch apters for additio nal configurati on instruct ion s. 3.1 Part 1 â Connecting the Hardware In Part 1, yo u connect the device to an ADSL or a cable modem (which in turn is connected to a phone jack or a cable outlet ), the power outlet, and y our computer or n etwork. WARNING Before you begin, turn the power off for all devices. These include your com puter(s), your LA N hub/switch (if ap plicable ), and the rout er. Figure 3.1 illus trates the hardware connections. Please follow the steps that follow for specific ins tructions. 3.1.1 St ep 1. Connect an ADSL or a cab le modem. For the RX3041H: Conn ect one end of the Ethernet cabl e to the port labeled WA N on the rear panel of the device. Conn ect the ot her e nd to the Et hernet port on th e ADSL or cable mod em. 3.1.2 St ep 2. Connect compu ters or a LA N. If your LAN h as no more than 4 co mputers, you can use an Ether net cable to connect comp uters directly to the built-in swit ch on the device. Note that you shou ld attach one end o f the Ethernet cable to any of the port labeled LAN1 â LAN4 on the rear panel of th e device and connect the other end to the Eth ernet port of a computer. If your LAN has more than 4 comput ers, you can atta ch one end of an Ethern et cable to a hub or a switch (probably a n uplink po rt; ple ase refer t o the hu b or switch d ocument ations fo r inst ructions) and the other to th e Ethernet switch port (labeled L AN1 â LAN4) on the RX3041H. Note that either the crossover or straigh t-through Ethernet cable can be used to connec t the built-in switch and computers, hubs or switches as the built- in switch is smart e nough to make c onnections w ith either type of cables. 3.1.3 Step 3. Attach the AC adapter. Connect the AC adapter to the POWER input jack on the rear panel of your router and plug the adapter to a power ou tlet or a power str ip.
Chapter 3. Quick Start Guide RX3041H Userâs Manual 10 3.1.4 St ep 4 â Po wer up devices. Turn on the RX3041H, the ADSL or cable modem and power up your computers. Press the Power switch o n the rear panel of the RX304 1H to the ON position. Turn on your A DSL or cable modem. Turn on and b oot up your comput er(s) and any LAN devices su ch as hubs or switche s. Figure 3.1. Overv iew of Hard ware Connect ions You should verify that the LE Ds are illuminate d as indicated in Tabl e 3.1. If the LEDs illumin ate as expecte d, the RX3041H is working prop erly. Table 3.1. LE D Indica tors This LED: ...should be: POWER Solid green to indicate that the de vice is turned on. If this light is not on, check if the AC adapter is a ttached to the RX3041H and if it is pl ugged int o a po wer sou rce. LAN1 â LAN4 Solid green to indicate that the device c an communicate with your LAN o r flashing wh en the de vice is send ing or rec eiving data to/fro m your LAN com puter. WAN Solid green to indicate that the device has successfully established a connection with your ISP or flashing when the device is sending or receiving da ta to/from th e Interne t.
RX3041H Userâs Manual Chapter 3. Quick Start Guide 11 3.2 Part 2 â Configuring Y our Computers Part 2 of the Quick Start G uide provide s instruct ions for config uring the Int ernet settin gs on your compute rs to work with the RX3041H. 3.2.1 Before you begin By default, the RX3041H automatically assigns all r equired Interne t settings to your PCs . You need only to configure t he PCs t o accept the inf ormati on whe n it is as signed. Note In some cases, you m ay want to configur e network setting s manually to some or all of your compu ters rather than allow the RX3041H to do so. See âAssigning static IP addresses to your PCsâ in page 13 for instructions. î¦ If you h ave connect ed your PC via Ethern et to the RX3041H, f ollow th e instructi ons that correspond to the operating sy stem inst alled on your PC. 3.2.2 Windows [C T6 ] Â® XP PCs: 1. In the Windows task bar, click the <Star t> button, and then click Control Panel . 2. Double-click the Net work Connections icon. 3. In the LAN or High-Speed Internet windo w, ri ght-cli ck on icon correspondin g to your network interface card (NIC) and select Properties . (Often this icon is labeled Loc al Area Conn ection ). The Local Area Co nnection di alog box display s with a list of currently install ed network item s. 4. Ensure that the check box to the left of the it em labeled Internet Protocol T CP/IP is checked, and click <Properties> button. 5. In the Internet Protocol (TCP/IP) Propert ies dial og box, click the radio button labeled Obtain an IP address automatically . Also click the radio button l abeled Obtain DNS server address automatically . 6. Click <OK> button twice to confirm your change s, and close the Control Panel. 3.2.3 WindowsÂ® 2000 PCs: First, check f or the IP protoc ol and, if n ecessary, in stall it: 1. In the Windows task bar, click the <Start> button, point to Settings , and then click Control P anel . 2. Double-click the Network and Dial-up Connection s icon. 3. In the Network and Dial-up Conn ections window, right-cli ck the L oc al Area Connection icon, and then select Properties . The Local Area Connec tion Properties dialog box displays a list of cur rently inst alled network components. If the list includes Internet Prot ocol (TCP/IP), then the protocol has alre ady been enabled. Skip to step 10. 4. If Internet Protocol (TCP/IP) does not display as an installed compo nent, click <Install> button. 5. In the Select Network Com ponent Type dialog box, select Protocol , and then click <Add> button. 6. Select Internet Protocol (TCP/IP) in the Network Protocols list, and then click <O K> button. You may be prompted to install files from yo ur Windows 2000 ins tallation CD or other media. Follow the instr uction s to install the files.
Chapter 3. Quick Start Guide RX3041H Userâs Manual 12 7. If prompted, click <OK> button to restart your computer with the new settings. Next, configure the PCs to accept IP add resses assigned b y the RX3041H: 8. In the Control Panel, double-click the Ne t work and Dial-up Connections i con. 9. In Network and Dial-up Co nnections window, right-click the Local Area Connec ti on icon, and then select Properties . 10. In the Local Area Connection Properties dialog box, select Internet Protocol (TCP/IP), and then click <Properties> button. 11. In the Internet Protocol (TCP/IP) Propert ies dialog b ox, click the radio button labeled Obtain an IP address automatically . Also click the radio button l abeled Obtain DNS server address automatically . 12. Click <OK> button twice to confirm a nd save your changes, and then clo se the Control Panel. 3.2.4 WindowsÂ® 95, 98, and Me PCs 1. In the Windows task bar, click the <Star t> button, point to Settings , and then click Control Panel . 2. Double-click the Net w ork icon. In the Network dial og box, look for an ent ry starte d w/ â TCP/IP -> â and the name of your network adapter, and t hen click <Properties> button. You may have to scroll down the lis t to find this entr y. If the list includes such an entr y, then the TCP/IP protocol has alre ady been enabled. Skip to step 8. 3. If Internet Protocol (TCP/IP) does not display as an installed compo nent, click <Add> button. 4. In the Select Network Com ponent Type dialog box, select Protocol , and then click <Add> button. 5. Select Microsoft in the Manufacturers list box, and then click TCP/IP in the Network Protocols list, box and then click <OK> button. You may be prompted to install files fr om your Windo ws 95, 98 or Me insta llation CD or other me dia. Follow the instructions to install the files. 6. If prompted, click <OK> button to restart your computer with the new settings. Next, configure th e PCs t o accept IP informatio n assigned by the RX 3041H: 7. In the Control Panel, double-click the Ne twork icon. 8. In the Network dialog box, select an entry started with â TCP/IP ->â and the name of your network adapter, and then click <Pr operties> button. 9. In the TCP/IP Properties dialog box, click the radio bu tton labeled Obtain an IP address automatically . 10. In the TCP/IP Properties dialog box, click the â Default Gateway â tab. Enter 192.168.1.1 (the default LAN port IP address of the RX3041H) in the â Ne w gateway â address field and clic k <Add> button to add the default gateway entry. 11. Click <OK> button twice to confirm a nd save your changes, and then clo se the Control Panel. 12. If prompted to restart your computer, click <OK> button to do so with the new settings. 3.2.5 WindowsÂ® NT 4.0 workstations: First, chec k for t he IP protoc ol and, if n ecessary, in stall it: 1. In the Windows NT task bar, click the <Start> button, point to Settings , and then click Control Panel .
RX3041H Userâs Manual Chapter 3. Quick Start Guide 13 2. In the Control Panel window, double cli ck the Network icon. 3. In the Network dialog box, click the Protocols tab. The Protocol s tab displ ays a li st of currentl y installe d network protocol s. If the li st include s TCP/IP Protocol, the n the pr otocol has alrea dy been en abled. Skip to step 9. 4. If TCP/IP does not display as an installed component, click <Add> button. 5. In the Select Network Protocol dialog box, select TCP/IP , and then click <OK> button. You may be prompt ed to install files from yo ur Wi ndows NT installat ion CD or ot her me dia. Follo w the instr uction s to install the files. After all files are inst alled, a window displays to inform you that a TCP /IP service called DHCP can be set up to dynamically assi gn IP information. 6. Click <Yes> button to continue, and then click <OK> button if prompted to restart your computer. Next, configure the PCs to accept IP add resses assigned by the RX3041H : 7. Open the Control Panel wi ndo w, and then double-click the Ne twork icon. 8. In the Network dialog box, click the Protocols tab. 9. In the Protocols tab, select TCP/IP , and then click <Properties> button. 10. In the Microsoft TCP/IP Properties dialog box, click the radio button labeled Obtain an IP address from a DHCP serv er . 11. Click <OK> button twice to confirm a nd save your changes, and then clo se the Control Panel. 3.2.6 Assigning static IP addresses to your PCs In some cases, you m ay want to assign IP addresse s to some or all of your PCs directly (oft en called âstaticallyâ) , rather th an allowing the RX3041H to assign them. This op tion may be d esirable (but n ot required) if: î¦ You h ave obtai ned one or more pu blic IP add resses th at you want to always asso ciate wit h speci fic computers ( for example, if you are using a co mputer as a public web server). î¦ You maintain diffe rent subnets on yo ur LAN. However, du ring the fi rst time configurati on of yo ur RX3041H, you must assign an IP address in th e 192.168.1.0 network for your PC, say 192.168 .1.2, in order to es tablish connec tion between the RX3041H and your PC as th e defaul t LAN IP on RX3041H i s pre-confi gured a s 192.16 8.1.1. Ent er 255. 255.25 5.0 for t he subnet mask an d 192. 168.1. 1 for the d efault gateway. T hese setting s may be ch anged lat er to refle ct your true network environment. On each PC to whic h you want to assign sta tic informa tion, fo llow the instr uctions on p ages 11 throu gh 12 relating on ly to ch eckin g for and/or instal ling th e IP proto col. Once it is i nstall ed, conti nue to foll ow the instructions for displaying each of the Int ernet Prot ocol (TCP/IP) properties. In stead of enabling dynamic assignment of the I P addresse s for the compute r, DNS serv er, and default g ateway, click th e radio button s that enable you to enter the i nformatio n manua lly. Note Your PCs must have IP addr esses that place them in the same subnet as the rou terâs LAN port. If you manu ally assign IP addresses to all your LAN PC s, you can fo llow the i nstructi ons in Chapter 5 to change the router âs LAN port IP address accord ingly. 3.3 Part 3 â Quick Configuration of Y our Router In Part 3, you log into the Confi guration Ma nager on the route r and configure ba sic settings for your Inte rnet connection . Your ISP should provide you w ith the necessa ry informatio n to complete this step. Note the intent
Chapter 3. Quick Start Guide RX3041H Userâs Manual 14 here is to qu ickly get the router up and running, ins tructions are conc ise. You may refer to correspo nding chapters for more de tails. 3.3.1 Buttons Used in Setup Wizard The RX3041H provides a preinstalled software progr am called C onfiguration Manager that enables you to configure the RX3041H via your Web browse r. The settings that you are most likely to need to change before using the device are grouped onto sequ ence of conf iguration pages guided by Setup Wizard. The following table shows the buttons that yo uâll encount er in Setup Wizard. Button Function Click this button to save the info rmation and p roceed to the next configuration page. Click this button to go ba ck to th e previous configuration page . 3.3.2 Setting Up the RX3041H Follow thes e instructions to setup the RX3041H : 1. Before accessing the Configuration Man ager in the RX3041 H, make sure that the HTTP proxy setting is disabled in your browser. In IE, click â Tools â Ã â Internet Optionsâ¦ â Ã â Connections â tab Ã â LAN settings â¦ â and then uncheck â Use proxy server for your LAN â¦ â 2. On any PC connected to one of the four LA N ports on the RX3041H, open you r Web b rowser, and type the following URL in the address/location box , and press <Enter> : http://192.168.1.1 This is the predefined IP address for the LAN port on the RX3041H. A login screen displays , as shown in Figure 3.2. Figure 3.2. L ogin Scree n If you have problem connecting to the RX3041H, you may wan t to check if your PC is configured to accept IP address ass ignment from the RX3041H. Another method is to set the IP address of your PC to any IP address in the 192.16 8.1.0 network, su ch as 192.168.1. 2. 3. Enter your user name and password, an d then cli ck to enter the Configuration Manager. The first time you log into this program, use these defaults: Default User Name: admin
RX3041H Userâs Manual Chapter 3. Quick Start Guide 15 Default Password: admin Note You can change th e password at any time (see sectio n 11.2 Change the Lo gin Password on page 93). The Setup Wi zard hom e page di splays ea ch time you log into t he Con figuratio n Manag er (show n in Figure 3.3 on pag e 15). Figure 3.3. S etup Wiza rd Home Pa ge Figure 3.4. Setu p Wiza rd â Passwor d Configur ation Page 4. Click on the button to enter the password configuration page a s sh own in Fig ure 3.4. Change the password in the spaces prov i ded if desired. Otherwise, proceed to the next configuration page by clicki ng on the button.
Chapter 3. Quick Start Guide RX3041H Userâs Manual 16 When changing passw ords, make sure you enter th e existing login passw ord in the Login Passwo rd field, make any chang es for the passwords and click the button to sav e the change s. 5. Now we are at the System Information se tup page; enter the requested information in the spac es provided and click the button to save the changes. Otherwi se, proceed to the next configuration page by clicki ng on the button. Figure 3 .5. Setup Wizar d â System Ident ity Configurat ion Page Figure 3.6. Setup Wiza rd â Date/Time Config uration Page 6. Set the time zone for your router by select ing one from the Time Zone drop -down list. Click to save the settings and then click on the button to go to the next configuration page. There is no real time clock i nside the rout er. The system date and ti me may be maintaine d by external time servers. The re is no need to set the date and time here unle ss you donât have acce ss to a time server and you wa nt the router to maintai n its own time. 7. It is recommended that you keep the default LAN IP settings for now until after you have completed the rest of the confi gurations and confirm that your In ternet connection is worki ng properly. Click on the button to proceed to the next configuration page.
RX3041H Userâs Manual Chapter 3. Quick Start Guide 17 Figure 3.7. S etup Wiza rd â LAN IP Configura tion Page Figure 3.8. Setup Wizard â LAN DHC P Server Conf iguration Page 8. It is recommended that you keep the default se ttings for the DHCP serv er until after you have completed the rest of the confi gurations and confirm that your In ternet connection is worki ng properly. Click on the button to proceed to the next configuration page. 9. Now we are at the last page of the Setup Wiza rd, whi ch is to configure the WAN settings for the router. Depending on the connection mo de required fo r your ISP, select one from the Connection Mode drop-down list (see Figure 3.9): PPPoE, Dynamic and Static. PPPoE is usually used by ADSL service providers an d Dynami c connection mode is used by most cable modem service providers.
Chapter 3. Quick Start Guide RX3041H Userâs Manual 18 Connection Mode drop- down list Figure 3 .9. Setup Wiz ard â WAN PPPoE Conf iguration Page Connection Mode drop- down list Figure 3.10. Setup Wizard â WAN Dynamic IP Configuration Page
RX3041H Userâs Manual Chapter 3. Quick Start Guide 19 a) PPPoE Connection Mode (see Figure 3.9) â¢ You donât need to enter prim ary/secondary DNS IP addresses as PPPoE is able to automatically obtain this information for you from your ISP. However, if you prefer to use your favorite DNS servers, you may enter them in the space provided. â¢ Host name is optional. You may leave it em pty if your ISP did not provide such information. â¢ Enter the user name and password provided by your ISP. â¢ Click on button to save the PPPoE settings. b) Dynamic IP Connection Mode (see Figure 3.10) â¢ You donât need to enter primary/seco nd ary DNS IP addresses as DHCP client is able to automatically obtain this information for you from your ISP. However, if you prefer to use your favorite DNS servers, you may enter them in the space provided. â¢ Host name is optional. You may leave it em pty if your ISP did not provide such information. â¢ If you had previously registered a specific MAC address with your I SP for Internet connections, enter the registered MAC a ddr ess here and make sure you che ck the MAC cloning check box. â¢ Click on button to save the dynamic IP settings. Connection Mode drop- down list Figure 3.11. Setup Wizard â WA N Static IP Configuration Page c) Static IP Connection Mode â¢ Enter WAN IP address in the IP Address fiel d. This in formation should be provided by your ISP.
Chapter 3. Quick Start Guide RX3041H Userâs Manual 20 â¢ Enter Subnet Mask for the WAN. This info rmation should be provid ed by your ISP. Typically, it is 255.255.255.0. â¢ Enter gateway address pro v ided by y our ISP in the space p rovide d. â¢ Enter at lease the primary DNS IP address provided by your ISP. Secondary DNS IP address is optional. Enter it in the space provided if you have such i nformation from your ISP. â¢ Click to save the static IP settings You have now complete d customizin g basic config uration settin gs. Read the follo wing sectio n to determine if you have access to the Inte rnet. 3.3.3 Testing Your Setup At this point, t he RX3 041H shoul d enab le any comp uter on y our LAN t o use t he RX3 041Hâs A DSL or ca ble modem connection to access th e Internet . To test the Internet con nection, open you r web browser, and type th e URL of any external website (such as http://www.asus.com ). Th e LED labele d WAN should be bl inking rapidly an d may appear solid a s the device connects to the s ite. You should also be able to browse the web site through yo ur web browser . If the LEDs do not illumina te as expected or the we b page does not displa y, see Ap pendix D for troubleshooting suggestions. 3.3.4 Def ault Router Settings In addition to hand ling the DSL connec tion to yo ur ISP, the router provides a variety o f services to your network. The dev ice is pre-conf igured with defau lt settings for us e with a typical home o r small office network. Table 3.2 lists som e of the most important def ault settings; these an d other featu res are described fully in th e subsequent chap ters. For a complete list of de fault settings , please refer to the s ection B.2 â Default Settings â. If you are familiar with netwo rk configuratio n settings, revie w the settings in Table 3.2 to verify that they me et the needs of you r network. Follow th e instructions to change them if necessar y. If you are unfamiliar with these settings, try u sing the dev ice wit hout modif ication. Before modifyin g any settings , review Chapter 4 for ge neral information about access ing and using the Configuration Manager . Table 3.2. Default Settings Summ ary Option Default Setting Explanation/I nstructions DHCP (Dynamic Host Configuratio n Protocol) DHCP server enabled wi th the following pool of addresses: 192.168. 1.10 thro ugh 192. 168. 1.200 The router ma intains a pool of priv ate IP addresses for dynamic assignme nt to your LAN com puters. T o use thi s service, you must have set up yo ur computers to accept IP info rmation dy namically, a s described in Part 2 of the Qu ick Start Guide. See section 5. 2 for a n expl anation of the DHCP service. LAN Port IP Address Static IP address: 192.168 .1.1 subnet mask: 255.255. 255. 0 This is the IP address of the LA N port on the RX3041H . The LAN port co nnects the device to you r Ethernet net work. Ty pically, you will not need to change this address. See section 5. 1 LAN IP Addre ss for instruct ion s.
RX3041H Userâs Manual Chapter 4. Getting Star ted with the Configuration Manager 21 4 Getting S t arted with the Configuration Manager [CT9] Your router includes a preinsta lled program ca lled the Co nfiguration Manag er , which allows you t o customi ze the device setting s to meet the needs of your network. You a ccess the Configuratio n Manager through a web browser from any PC that has access to the router via network connections. This chap ter describes the gener al guidel ines for using the Configur ation Man ager. 4.1 Log into the Configuration Manager To access the Configura tion Manager, you need the following: î¦ A computer that has access to the router via netwo rk connections as desc ribed in the Qu ick Start Guide chapter. î¦ A web browser on your comp uter. Configur ation Manager is compatib le with Microsoft Internet ExplorerÂ® 5. 5, Netsca pe 7.0 .2 or newe r. Although you may log into the Confi guration Manage r from any computer that can rea ch your router via the LAN or WAN connections , the instructions provided here assumes that your computer is connecte d to the LAN port of your router. 1. From a LAN computer, open your web browser, ty pe the following in the web address (or location) box, and press <Enter > : http://192.168.1. 1 This is the predefine d IP address f or the L AN port of your ro uter. A logi n screen display s, as shown in Figure 4.1. Figure 4.1. Configura tion Manager Log in Screen 2. Enter your user name and password, an d then cli ck button. The first time you log int o the prog ram, use the se defaul ts: Default User Name: admin Default Password: admin
Chapter 4. Getting Star ted with the Configuration Manager RX3041H Userâs Manual 22 Note You can change th e password at any time (see sectio n 11.2.1 Change the Lo gin Password on page 93). The Setup Wi zard pag e, as shown i n Figure 3. 3, disp lays ea ch time y ou log int o the Conf iguratio n Manager. 4.2 Functional Layout Typical Conf iguration Manager page consists o f two sepa rate fr ames. The left frame, as s hown in Fi gure 4.2, contains all t he men us avail able fo r device conf ig uration. Men us are i ndicat ed by fil e icons, , and relat ed menus are grou ped into categ ories, such as LAN, WAN and etc., an d indicated by folde r icons, or , depending o n whether the grou p of menus are expand ed or not. You can click o n any of these to display a specific configurati on page. Setup Menu Frame Confi g uration Fram e Figure 4.2. T ypical Config uration Man ager Pag e A separate page di splays in the right -hand-si de frame for ea ch menu. For example, t he configur ation page displayed in F igure 4. 2 is inten ded for DHCP config uration. 4.2.1 Setup Menu Navigation Tips î¦ To expa nd a group of related men us: click on the sign next to the co rrespondin g file folder icon, . î¦ To contract a grou p of relate d menus: click on the â sign ne xt to the âo penedâ file folder icon , . î¦ To op en a spe cific confi guratio n page, cli ck on the fil e icons, , next to the desired menu item. 4.2.2 Comm only Used Buttons and Icons The followi ng butto ns or icon s are used th rougho ut the appl ication. T he follo wing ta ble descri bes the fu nction for each button or icon.
RX3041H Userâs Manual Chapter 4. Getting Star ted with the Configuration Manager 23 Table 4.1. Descrip tion of Commonly Use d Buttons and Icons Button/Icon Function Stores any changes you hav e made on the cu rrent page. Adds the existi ng configurati on to the system, e. g. a static rout e or a firewall ACL rul e and et c. Modifies the exist ing configu ration in the system, e. g. a static route or a firewall ACL rul e and etc. Deletes the sele cted item, e.g. a st atic route or a firewall ACL ru le and etc. Launches the online he lp for the curr ent topic in a sepa rate browser window. Help is available from any ma in topic page. Redisplays the curre nt page w ith upda ted statis tics or settin gs. Selects t he ite m for editi ng. Deletes t he select ed item. 4.3 Overview of System Configuration To view the overall system configurat ion, o pen the System Info pa ge by clicking th e System I nfo menu. Fi gure 4.3 shows the informati on avail able in the System I nfo page. Figure 4.3. System Information Page

RX3041H Userâs Manual Chapter 5. Configuring LAN Setting s 25 5 Configuring LAN Settings This chap ter describes h ow to c onfigure LAN properties for the L AN interface on the RX3041H that communicates with your LAN computer s. Youâll learn to configure IP address, DHCP and DNS server for your LAN in thi s chapte r. 5.1 LAN IP Address If you are using the RX3041H with multiple PCs on your LAN , you must connect the L AN via the Eth ernet ports on the built-i n Ethern et switch. Y ou must assign a uniq ue IP address t o each device re sidin g on your LAN. The LAN IP address identifies the RX3041H as a node on your network mus t be in the same s ubnet as the PCs on your LAN. The default LAN IP for the RX3041H is 192.1 68.1.1. Definitio n A network node can be thought o f as any in terface where a device conne cts to the network, such as the RX 3041Hâs LAN po rt and the netw ork interface cards on your PCs . See Appendix A for an explanati on of subnets. You can cha nge the d efault to reflect t he true IP a ddress that y ou want to use wit h your n etwork. Note The RX3041H itself can function as a DHCP server for your LAN computers, a s described in secti on 5.2.2, but not for its own LAN port . 5.1.1 LAN IP Configuration Parameter s Table 5.1 describes t he co nfigurati on para meter s availa ble for LAN IP conf igurat ion. Table 5.1. LA N IP Configu ration Par ameters Setting Description IP Address The LAN IP address o f the RX3041H. This IP is used by your computers to identify the RX3041Hâs LAN port. Note that the public IP address ass igned to you by your ISP is not your LAN IP addr ess. The pub lic IP address identifies the WAN port on the RX3041H to the Intern et. Subnet Mask The LAN s ubnet mask identifies wh ich parts of the LAN IP Address refer to your network as a whole and which parts refer specifically to nodes on the network. Your device i s preconf igured wit h a def ault subnet mask of 255.255. 255. 0. 5.1.2 Configuring the LAN IP Address Follow thes e steps to change the default LAN IP ad dress. 1. Open the LAN configurat ion pag e by cl icking the LAN Ã IP menu. 2. Enter a LAN IP address an d sub net mask for the RX3041H in the IP Address and Subnet Mask fields as shown in Figure 5.1.
Chapter 5. Configuring LAN Setting s RX3041H Userâs Manual 26 Figure 5 .1. LAN IP Ad dress Conf iguration 3. Click. button to save the LAN IP address. If you change the LAN IP address, th e connection wi ll be terminated. 4. Reconfigure your PCs, if neces sary, so that their IP addre sses pl ace them in the same subn et as the new IP address of the LAN port. See the Quic k Sta rt Guide chapter, âPart 2 â Configuring Your Computers,â for instruction s. 5. Log into Configuration Manager by typing the new IP address in your Web browserâs address/location box. 5.2 DHCP (Dynamic Host Configuration Protocol) 5.2.1 I ntroduct ion 5.2.1.1 What is DHCP? DHCP is a protocol that enabl es network admi nistrators to cent rally manage th e assignment and dist ribution of IP information to computer s on a network. When you enable DHCP on a network, you allow a device â such as the RX3041H â to assign temporary IP addresses to your compu ters whenever they c onnect to yo ur network. T he assigning device is called a DHCP server , and the re ceiving d evice is a DHCP client . Note If you followe d the Q uick Sta rt Guide i nstru ction s, you eit her configured each LAN PC w ith an IP ad dress, or y ou specified that it will receive IP info rmation dyna m ically (automat ically). If you chose to ha ve the inf ormati on assign ed dynam icall y, then you configured your PCs as DHCP clients that will accep t IP addresses ass igned fro m a DCHP server such as th e RX3041H. The DHCP server draws from a defined pool of IP addres s es and â leasesâ them for a spec ified amount of time to your comp uters when they request an Interne t session. It monitors, co llects, and re distributes the addresses as needed. On a DHCP-enab led network , the IP informa tion is assigned dynamically rather than statical ly. A DHCP client can be assigned a different ad dress from the p ool each time it reconn ects to the network. 5.2.1.2 Why use DHCP? DHCP allows you to manage and distribu te IP addresses thr oughout your network from th e RX3041H. Without DHCP, you would have to co nfigure each computer se parately wi th IP addr ess and re lated info rmation. DHCP is commonly use d with large n etworks and th ose that are frequently e xpanded or o therwise upda ted.
RX3041H Userâs Manual Chapter 5. Configuring LAN Setting s 27 5.2.2 DHCP Server Configuration 5.2.2.1 DHCP Configuration Param eters Table 5.2 describes t he con figuratio n para meter s availa ble for DHCP servi ce. Table 5.2. DHCP Server Con figuration Param eters Field Description IP Address Pool Begin/End Specify the lowest and highest addresses in the DHCP address pool. Subnet Mask Enter the s ubnet mask to be used for the DHCP address pool. Lease Time The amount of time the ass igned address will be used by a device co nnected on the LAN. Default Gateway IP Address The address of the default gateway for computers that receive IP address es from this pool. The def ault gateway is t he dev ice that the DHCP clie nt computers fi rst contact ed to comm unicat e with t he Inte rnet. Typi cally, it is t he RX3041Hâs LAN port IP address. Primary/Secondary DNS Ser ver IP Address The IP address of the Domain Name Sys tem server to be used by computers that receive IP addr esses from this pool. The DNS server translates common Internet names that you type into y o ur web browser into their equivalent numeric IP addresses. Typi cally, the server(s) are locat ed with your ISP. However, you may enter LAN IP address of the RX3041H as it will serve as DNS proxy for the LA N comput ers an d forward the DNS request from the LAN to DNS servers and re lay the results ba ck to the LAN comput ers. Note that both the primary and secon dary DNS servers are optio nal. Primary/Secondary WINS Serv er IP Address (o ptional) The IP address of the WINS servers to be used by computers th at receive IP addresses from the DHCP IP address pool. You donât need to ente r this information unless your network has WINS servers . 5.2.2.2 Config uring DHCP Serv er Note By default, the RX3041H is con figured as a DHCP server on the LAN side, with a pred efined I P addre ss pool of 1 92.168. 1.10 through 192. 168.1. 200 (subnet mask 255. 255.25 5.0). To chang e this range of addre sses, follo w the procedures describe d in this section. First, you must conf igure yo ur PCs to a ccept DHCP inf ormatio n assigned by a DHCP server: 1. Open the DHCP server confi guratio n page by clicking the LAN Ã DH menu. You will see the existing DHCP server configurat ion and the IP lease table when you open the page. CP 2. Enter the information for the IP Address Pool (Begin/ E nd Addre ss) , Subnet Mask , Lease Time and Default Gate way IP Address fields; others, such as Primary/Secondary DNS Server IP Address and Pr imary / Secondary WINS Server IP Address are optional. However, it is recommended th at you enter the primary DNS server IP address in the space provided. You may enter the LAN IP or your ISPâs DNS IP addres s in the primary DNS Server IP Address field. For detail s of each configura tion parameter, please refer to Table 5.2.
Chapter 5. Configuring LAN Setting s RX3041H Userâs Manual 28 Figure 5.2. DHCP Conf iguratio n 3. Click to save the DHCP server configurations. 5.2.2.3 Viewing Existing IP Ad dress Lease When the RX3041H func tions as a DHCP server for your LAN, it keeps a record of all the addr esses it has leased to your comp uters. To view the existing lease table, just open the DHCP Server configu ration page by clicki ng th e LAN Ã DHCP menu. A leas e table simi lar to that shown in F igure 5. 3 is displ ayed at the bottom half of the DHCP configurati on page. Figure 5.3. Sample DHCP Leas e Table The DHCP Server Lease Table shows all the IP addresses that are currently provided to the LAN devices. Table 5.3 describes t he inform ation fo r each of t he paramet ers shown in the DHCP lease t able. Table 5.3. DHCP Addres s Assignmen t Paramete rs Field Description MAC Address A hardware ID of the device that leas es an IP address from the DHCP server. Assigned IP Add ress The address th at has been leased from the pool. IP Address Expired on The time when the leas ed address is to be terminated. 5.2.3 Fixed DHCP Lease Fixed DHCP lease is used i n situation wh en a fixed IP address is desi red for a host that get s IP from the DHCP server. First, you should confi gure your PCs to accept DHCP informat ion assigne d by a DHCP server: 5.2.3.1 Fixed DHCP Lease Co nfiguration Parameters Table 5.4 describes t he con figuratio n para meter s availa ble for fix ed DHCP l ease.
RX3041H Userâs Manual Chapter 5. Configuring LAN Setting s 29 Table 5.4. Fixed DHCP Lease Con figuration Param eters Field Description Fixed DHCP Lease MAC A hardware ID of the device that needs a fixed IP a ddress f rom the DHCP server. Fixed DHCP Lease IP The IP addr ess leased from the DHC P server. Note that it is recommended that this IP address be outside of the DHCP IP pool. 5.2.3.2 Add a Fixed DHCP Lease To add a fixed DHCP lease, follow the in struction s below: 1. Open the Fixed DHCP Lease c onfigura tion page by clicking the LAN Ã Fixed DHCP Lease menu. 2. Enter the MAC address and the desi red IP address of the host requ iring a fixed IP address. For details of each configur ation param eter, ple ase refer to Table 5.4. Figure 5.4. Fixed DHCP Le ase Configuratio n Page 3. Click on the button to add the new fixed DHCP lease entry. 5.2.3.3 Delete a Fix ed DHCP Lease To delete a fixed DHCP lea se, just click on the icon in front of t he spe cific fixed DHCP l ease. 5.2.3.4 Viewing Fixed DHCP Lease Table To see existing fixed DHCP lease, just o pen the Fixed DHCP Lea se configurat ion page by clicking t he LAN Ã Fixed DHCP Lease menu. 5.3 DNS 5.3.1 About DNS Domain Name System (DNS) servers map the user-frien dly domain na mes that users type into their Web browsers (e.g., âwww.yahoo.comâ) to th e equivalent numerical IP address es th at are used for Internet routing. When a PC user types a domain name int o a browser, the PC must first sen d a request to a DNS server to obtain the e quival e nt IP ad d re ss. T h e DNS se rver wi ll att em pt t o l ook up th e dom ai n na me in it s o wn d at aba se, and will commun icate with hi gher-leve l DNS servers when the name cann ot be found locally. When the address is foun d, it is sent back to the requesting PC and is referenced in IP packets for the remainder of the communicat ion.
Chapter 5. Configuring LAN Setting s RX3041H Userâs Manual 30 5.3.2 Assigning DNS Addresses Multiple DNS addresse s are useful to prov ide alternatives when on e of the servers is down or i s encountering heavy traffic. ISPs typically provide primary a nd secondary DNS address es, and may provide addition al addresses. Yo ur LAN PC s learn these DNS addre sses in o ne of the fo llowing way s: î¦ Statically : If your ISP provides you with their DNS ser ver addresses, you can assign them to each PC by modifying the PCs' IP properties. î¦ Dy namically from a DHCP Server: You can co nfigure the DNS addre sses in the DHCP server in the RX3041H and al low the DHCP server to distribute the DN S addresses to the PCs. Please refer to the section 5.2.2. 2 for instructio ns on configurin g DHCP server. In either case, you can specify the actual addresses of the ISP's DNS serv ers (on t he PC or in the DHCP pool), or you can specify the ad dress of the LAN por t on the RX3 041H (e.g., 1 92.168.1.1). When you specify the LAN port IP address, th e device performs DN S relay , as described in the fol lowing se ction. Note If you specify th e actual DNS addresses on the PCs or in the DHCP pool, the DNS relay feat ure is not used. 5.3.3 Configuring DNS Relay When you specify the de vice's LAN p ort IP a ddress as the DNS address, then the RX3041H automatically performs âDNS relayâ; i.e., because the device itself is not a DNS server, it forwards doma in name lookup requests from the LAN PCs to a DNS server at the ISP. It then relays the DNS ser verâs response to the PC. When performing DNS relay, th e RX3041H mus t maintain the IP addresses o f the DN S servers it contacts. It can learn these add resses in either or both of the follow ing ways: î¦ Lear ned thro ugh PPPoE o r Dynamic IP Connectio n: If the RX3041H us es a PPPo E (see section 6.2.2 â Confi guring PPPoE for WA N â) or Dynamic IP (see se ction 6.3.2 â Conf iguring Dynamic IP fo r WAN â) con nection to th e ISP, the p rimary an d secon dary DNS ad dresses can be learned via t he PPPoE protocol. Using this option provides the adva ntage that you will not need to reconfigure the PCs or the RX3041H if th e ISP changes their DNS addresses. î¦ Manually configure on the R X3041H: You can al so specify the I SP's DNS ad dresses i n the WA N configuratio n pag e as show n in Figu re 6.1. WAN PPPo E Configu ration Pa ge, Figu re 6.3. WA N Dynamic IP (DHCP client) Configur ation, or Figure 6.5. WAN Static IP Configuration. Follow these steps to conf igure DNS relay: 1. Enter LAN IP in the DNS Server IP Address field in DHCP config uration page as shown in Figure 5.2. 2. Configure the LAN PCs to use the IP addre sse s assigned by the DHCP server on the RX3041H, or enter the RX3041H's LAN IP address as their DNS server address manu ally for each PC on your LAN. Note DNS addresses that are ass igned to L AN PCs prior to enabling DNS relay w ill remain in ef fect until the PC i s rebooted. DNS relay will only take effect when a PC 's DNS address is the LAN IP address. Similarly, if a fter enabling DNS relay, y ou specify a DNS addr ess (other than the LAN IP address) in a DHCP pool or s tatically on a PC, then that address will be us ed instead of th e DNS rel ay address.
RX3041H Userâs Manual Chapter 5. Configuring LAN Setting s 31 5.4 V iewing LAN S tatistics You will not typi cally need to view t he stati s tics data for your LA N, but you may find it helpful when working with your ISP to diagnose ne twork and Internet data transmission p roblems. To view LA N IP st atisti cs, open t he LAN Statisti cs page by cli cking t he LAN Ã Statistics menu. Figu re 5.5 shows a sample LAN Stat istics. To see the updated stat istics, cli ck on the button. Figure 5.5. LAN S tatisti cs Page

RX3041H Userâs Manual Chapter 6. Configuring WAN Settin gs 33 6 Configuring W AN Settings This cha pter describes h ow to c onfigure WAN settings for the WAN interface on the R X3041H that communicat es with y our ISP. Youâl l learn to config ure IP add ress, DHCP and DNS se rver for y our WA N in this chapter. 6.1 W AN Connection Mode Three modes of WAN connection are suppor ted by t he RX3041H â PPPoE, dynamic IP and static IP. The configuratio n of each connecti on mode is described in the d etails in the follo wing sections. 6.2 PPPoE 6.2.1 W AN PPPoE Configurat ion Parameters Table 6.1descr ibes the configuratio n parameters available for W AN PPPoE connection mode. Table 6.1. WAN PPPoE Configur ation Paramete rs Setting Description Channel ID Select the PPPoE channel for this PPPoE session. Note that only t wo simultaneous PPPoE cha nnels are supported. Default Gateway Since more t han one P PPoE sessi on may be active at t he same ti me, a default gate way must be chosen to route packet s addressed to netwo rks not explicitly list ed in t he routin g table. Sel ect from t he drop down li st the int erface to be used as the defau lt gateway. Unnumbered PPPoE Click on the âEnab leâ or âDisa bleâ radio button to enable or disa ble this optio n. Traditionally, ea ch network interf ace must have a uni que IP address. However, an unnumb ered inter face does n ot have to have a unique IP address. Thi s means that when thi s option is enabl ed, the WAN and the LAN use the same IP address . Network resources are therefore conserved because fewe r network IP addr esses ar e used and routi ng table is small er. Host Name Enter the host name provided by yo ur ISP. Host name is optional but may be required by some ISP. User Name an d Password Enter the us ername a nd password y ou us e to log int o your ISP. (Not e: this i s different from the inf ormation you used to log into Configurati on Manager.) Service Name Enter the service name pr ov ided by your I SP. Service name is optional but may be required by some ISP. Access Concen trator Name Enter the access concentrator name provided by your ISP. Access concentrator na me is op tional but may be required b y some ISP.
Chapter 6. Configuring WAN Settin gs RX3041H Userâs Manual 34 Setting Description Primary/ Secondary DNS IP address o f the primary a nd/or second ary DNS are op tional as PPPoE will automatical ly dete ct the DNS IP addr esses conf igured at your ISP. However, if there are ot her DNS serv ers y ou woul d rather use, enter the IP addre sses in the spaces provided. MSS Clamping Click on t he âDis ableâ or âEna bleâ radio butto n to di sable o r enabl e this option. MSS (maximum segmen t size) clamp ing is used to tell remo te networks n ot to send packets ex ceeding the si ze specified by MTU (m aximum transmission unit) and MSS. For example, the MTU of Eth ernet is 1500 bytes and if you sp ecify 40 byte s for MSS clamp ing, then you are t elling oth er networks not to send packets larger than 1460 bytes (i.e . 1500 â 40) . Value Enter value for MSS clamping if MSS clamping is enabled. Connection Op tions The defa ult setting for this optio n is âDis ableâ. You can also selec t either D ial- On-Demand or Keep-Alive if desired. Dial-On-Demand Enter the inactivity timeout period at wh ich you want to disconn ect the Inte rnet connection when there is no traffic . The minimum value of inac tivity timeout is 30 seconds. RIP and SNT P services may in terfere with this function if there are activities fr om these t wo serv ices. Ma ke sure that t he up date inte rval setting of the syst em date and time (i n the System Managem ent / Date/Time Setup configura tion page â see 11.4 Setu p Date and Time fo r details) is greater than t he inactiv ity timeout v alue. Keep Alive Enable this option if you wish to ke ep y our Internet connection a ctive, even when there i s no traffi c. Ente r the v alue for the âEch o Interva lâ at whic h you want the RX30 41H to send ou t some data period ically to your ISP. The default value of âE cho Intervalâ is 60 seco nd. Connection Mode drop- down list
RX3041H Userâs Manual Chapter 6. Configuring WAN Settin gs 35 Figure 6.1. WAN PPPoE Configuration Page 6.2.2 Configurin g PPPoE for WAN Follow the instructions belo w to configure PPPoE settings: 1. Open the WAN configurat ion page by clicking on the WA N menu. 2. Select PPPoE from the Connection Mo de drop-down list as shown in Figure 6.1. 3. Select PPPoE channel ID from the drop-down list. Curre ntly, two channels are supported. 4. Select default gateway in terface â PPPoE:0 or PPPoE:1. 5. Choose to enable or disable PPPoE unnumber ed option. The default setting is âDisableâ. 6. (Optional) Enter host name in the sp ace provided if re quired by your ISP. 7. If you are connecting to the Internet using PPPoE, you probably only have to enter User Name and Password in the PPPoE configuration page as sh own in Figure 6.1 unl ess you want to use your preferred DNS server s. 8. (Optional) Enter the service name and/o r acce ss concentrator name if required by your ISP. 9. (Optional) Enter the IP addresses for the primar y an d se condary DNS servers if you want to use your preferred DNS servers; otherwise, skip this step. Figure 6.2. WAN PPP oE Configuration Summary 10. Choose to enable or disable MSS clampi ng option. If MSS clampin g is enabled, a value of MSS clamping must be entered.
Chapter 6. Configuring WAN Settin gs RX3041H Userâs Manual 36 11. Choose a connection option and enter appropri ate setting if desired. The default setting is âDisableâ. 12. Click to save the PPPoE settings when you are do ne with the configur ation. Youâll see a summary of the WAN PPPoE configuration at the bo ttom half of the configuration page. Note t hat if the default gateway addr ess is not shown immediately, click on the WAN menu to open the WAN configuration page again. 6.3 Dynamic IP 6.3.1 W AN Dynami c IP Configu ration Param eters Table 6.2 describes t he con figuration p aramet ers av ailabl e for dyna mic IP conn ection mod e. Table 6.2. WAN Dynamic IP Confi guration Param eters Field Description Host Name Host name is optional but ma y be required by some ISP. Primary/ Secondary DNS IP address of the primar y and/or second ary DNS are optional as DHCP client will automati cally obtain the DNS IP addre sses configured at you r ISP. However, if there are ot her DNS servers you woul d rather use, enter the IP addresses in the spaces provide d. MAC Cloning The default is to use the MAC ad dress of t he WAN interf ace. Howeve r, if you had registere d a MAC address prev iously with your ISP, you may need to enter tha t MAC address here. 6.3.2 Configuring Dynamic IP for WAN Connection Mode drop- down list Figure 6.3. WAN Dynamic IP (DHCP client) Configuration Follow the i nstru ctions belo w to config ure dyna mic IP sett ings: 1. Open the WAN configurat ion page by clicking on the WA N menu. 2. Select Dynamic from the Connection Mode d rop-down list as shown in Figure 6.3. 3. (Optional) Enter host name in the sp ace provided if re quired by your ISP. 4. (Optional) Enter the IP addresses for the primar y an d se condary DNS servers if you want to use your preferred DNS servers; otherwise, skip this step. 5. If you had previously registered a specific MAC ad dress with your I SP for Internet access, enter the registered MAC address her e and m ake sure you check the MAC cloning check b ox.
RX3041H Userâs Manual Chapter 6. Configuring WAN Settin gs 37 6. Click to save the Dynamic IP settings when y ou are done with the configuration. Youâll see a summary of the WAN configur ation at the bottom half of the c onfiguration page. Note t hat if the default gateway address is not shown immedi ately, click on the WAN menu to open the WAN configuration page again. Figure 6.4. WAN Dynamic IP (DHCP client) Configuration Summary 6.4 S tatic IP 6.4.1 W AN Static IP Configurat ion Parameters Table 6.3 describ es the configurat ion parameters available for static IP connec tion mode. Table 6.3. WAN Stati c IP Configuration Parameters Setting Description IP Address WAN IP address provid ed by your ISP. Subnet Mask WAN subnet mask prov ided by your ISP. Ty pically, it is set as 255.255.255.0. Gateway Addres s Gateway IP address pro vided by your ISP. It must be in the same subnet as the WAN on th e RX3041H. Primary/ Secondary DNS You must at least en ter the IP address o f the primary DNS server . Secondary DNS is optional 6.4.2 Configuring Static IP for WAN Follow the i nstructio ns below to configure static IP settin gs: 1. Open the WAN configurat ion page by clicking on the WA N menu. 2. Select Static from the Connection Mode drop-down list as sho wn in Figure 6.5. 3. Enter WAN IP address in the IP Addr ess field. This information should be provided by your ISP. 4. Enter Subnet Mask for the WAN. This information sho uld be provided by your ISP. Typically, it is 255.255.255.0.
Chapter 6. Configuring WAN Settin gs RX3041H Userâs Manual 38 Connection Mode drop- down list Figure 6.5. WAN Stati c IP Configuration 5. Enter gateway address pro v ided by your ISP in the space provided. 6. Enter the IP address of the primary DNS server. This information sh ould be provided by your ISP. Secondary DNS server is optional. 7. Click to save the static IP setti ngs when you are done with t he configuration. Youâll see a summary of the WAN configuratio n at t he bottom half of the configuration page. Figure 6.6. WAN Stati c IP Configuration 6.5 V iewing W AN S tatistics You w not typically need t o view this dat a, your ISP to diagnos e network and Internet d ill but you may find it helpful when working with ata transmission pro blems. To view WAN IP statistics, open t he WAN Statistics page by clicking WAN Ã Statistics menu. Figure 6.7 sho ws a sample WAN Stati stics page:
RX3041H Userâs Manual Chapter 6. Configuring WAN Settin gs 39 Figure 6.7. WAN S tatis tics Pag e To see the updated stat istics, cli ck on the button.

RX3041H Userâs Manual Chapter 7. Configuring Route s 41 7 Configuring Routes You can use Configuration Manager to define specific routes for your In ternet and ne twork data communicatio n. This chapter descri bes basic routing co nc epts and provides inst ruction s for creating routes. Note that most users do no t need to define routes. 7.1 Overview of IP Routes The essentia l challenge o f a router is : when it rec eives data in tended for a particular destination, wh ich next device should it send th at data to? When you define IP rout es, you provide the rule s that the RX3041 H uses to make these decisions . 7.1.1 Do I need to define IP routes? Most users do not n eed to defi ne IP route s. On a typi cal small ho me or offi ce LAN, t he existin g routes t hat set up the defa ult gateways for your LAN computers and for the RX3041H provide the most appropr iate path for all you r Inter net tr affic. î¦ On your LAN com puters, a def ault gateway dire cts a ll Internet traffic to th e LAN po rt on the RX3041 H. Your LAN compu ters know their de fault gateway ei ther because you assigned it to th em when you modified their TCP/IP properties, or because you configured them to re ceive t he information dynamically from a ser ver whenever th ey access the Interne t. (Each of th ese processes is described in the Qui ck Start G uide inst ructions, P art 2. ) î¦ O n the RX3041H itse lf, a default gatewa y is defined to direct a ll outbound In ternet traffic to a router at your ISP. This default gateway is assigned automatically by your ISP whenever the device negotiates an Internet connectio n. (The proc ess for adding a default rout e is d escribed i n sectio n 7.3.2 A dding a Static Route.) You may need to define ro utes if yo ur home setup includes two or more n etworks or sub nets, if you connect to two or more ISP services, or if you conne ct to a remote corporate LA N. 7.2 Dynamic Routing using RIP (Routing Information Protocol) RIP enables routing in formation exchange be tween routers; thus, routes are updated automa tically withou t human inte rvention. P lease not e that RIP serv ice mu st be e nabled first i n the Sy stem Man agement / Sy stem Services confi guration page if you wa nt to use RIP to exchange rout ing information wit h other routers. 7.2.1 Dynamic Routing (RIP) C onfiguration Paramete rs The following tab le defines the av ailable config uration para meters for dynami c routing. Table 7.1. Dynami c Routing (RIP) Configu ration Parameter s Field Description Interface Select the int erfa ce throu gh which th e rout ing informat ion ex change i s desired. You may config ure all or some inte rfaces to suppo rt routing information ex change. RIP Click the "E nable" o r "Disabl e" radio button to enable or disable " RIP" for th e interface select ed. Note tha t you mu st enable RIP servic e first in t he System Management / Sys tem Services con figuration page if you want to enable RIP to exchange rout ing informa tion. The defa ult setting i s âEnableâ.
Chapter 7. Configuring Route s RX3041H Userâs Manual 42 Field Description Passive Mode Enable this mode if RIP con figured for this interfac e will only receive rout ing information fr om other route rs and not send ro uting informati on to other routers. Di sable this mode if you want thi s interface to send and re ceive routing inform ation to/from othe r routers. The default sett ing is âEnabl eâ. RIP Version (Send) Select the RIP version f or sending the rout ing info rmation. Three options are available: V ersion 1. V ersion 2 and Bot h. The def ault settin g is âVersio n 2â. RIP Version (Receiv e) Select the RIP version f or receiving the ro uting inform ation. Three option s are available: V ersion 1. V ersio n 2 and B oth. The d efault se tting is âB othâ. Authentication Click on "Enab le" or "Disab le" radio button to enable/disa ble authentication for exchangin g the routing inf ormation. Not e that all the routers ex changing routing info rmation mu st use th e same au thenticati on key. Th e defaul t setting is âDisab leâ. RIP Authentication Mode Select RIP authen tication mode from the drop down list. Two modes are available - Clea r Text and MD5. The de fault setting is âCle ar Textâ. Authentication Key Enter the auth entication key fo r shared by all the route rs excha nging routing information. The d efault authenticati on key is âadminâ. 7.2.2 Configuring RIP Follow thes e instruc tions to con figure RIP: 1. Open the routing configur ation pag e by clicking on the Routing menu. 2. In the System Services configurati on page (as sho wn in Figure 11.1), click the âEnableâ or âDisableâ radio butt on depending on wheth er you want to enable or disable RIP serv ice. Skip th is step, if you have already done so. Figure 7.1 . RIP Configuration 3. Select an interface from the drop-down list via which the routing informatio n is to be exchanged. 4. Enable or disable RIP for the specified interf ace by cl icki ng on the âEnableâ or âDisableâ radio button. 5. Enable or disable RIP passive mode by clicki ng on the âEnabl eâ o r âDisableâ radio button. 6. Select RIP version for sending and receiving r outing i nformatio n from the respective drop-down list. 7. Enable or disable authentication by clicking o n the âEnableâ or âDisableâ radio button. You must also select the RIP authentication mo de and enter authentication key if authentication is enabled.
RX3041H Userâs Manual Chapter 7. Configuring Route s 43 8. Repeat steps 3 to 7 if you want to configur e another interface to support routin g information exchange. 9. Click to save the RIP configuration. 7.3 S tatic Routing 7.3.1 St atic Route Config uration Paramet ers The following tab le defines the av ailable conf iguration p arameters for st atic routing config uration. Table 7.2. St atic R oute Con figura tion Pa rameters Field Description Destinat ion IP Address Specifies the I P add ress of the destinat ion com puter or an enti re desti nation network. It can also be spe cified as all zeros to indicate that this route should be used fo r all de stinati ons f or which no other route i s defin ed (thi s is th e route that cre ates the d efault gateway ) . Note t hat destination IP must be a network ID. The default rout e uses a destination IP of 0.0.0. 0. Refer to Appendix A for an explan ation of network ID. Destinat ion Netmask Indicate s which p arts of th e dest ination a ddress refe r to t he netwo rk and which parts refer to a computer on the network. Refer to Appendix A, for an explanation of network masks. The def ault route uses a net mask of 0.0.0.0. Gateway IP Address Gateway IP address 7.3.2 Ad ding a St atic Rout e Follow these i nstructi ons to add a stati c route to the routing ta ble. 1. Open the routing configur ation pag e by clicking on the Routing menu. 2. Enter static routes information su ch a s destination IP address, destination netmask and gateway IP address in the corresponding fields. For a descri ption of t hese field s, refer t o Table 7. 2. Stati c Route Conf iguratio n Para meters. To create a route that d efines the default g ateway for your LA N, enter 0.0.0.0 i n both the De stination IP Address and Destin ation Netm ask fields. Figure 7.2. St atic Route Configuration 3. Click to add a new route. 7.3.3 Del eting a Stat ic Route Follow th ese in structi ons to delete a stati c route f rom t he routing ta ble.
Chapter 7. Configuring Route s RX3041H Userâs Manual 44 1. In the Static Routes configur ation page (as shown in Figure 7.2), select the route from the service drop-down list or click on the icon of the route to be deleted in the Routing Tabl e. 2. Click to delete the selected route. WARNING Do not remo ve the rout e for defa ult gate way unle ss you know what you are doing. Remov ing the default route will render the Internet unrea chable. 7.3.4 Viewing the Routing Table All IP-enable d comput ers an d router s maintai n a tabl e of IP addre sses that are comm only accessed by their users. For each of these destinatio n IP addresses , the tabl e lists t he IP ad dress of the fi rst hop t he data should take. This table is known as th e deviceâs routing table . To view the RX3 041Hâs routing table, just open the Routing configu ration page by clicking on the Routing menu. The Routi ng Tab le displ ays at the bottom half of the Routi ng conf igurat ion pag e, as sho wn in Figu re 7.3. Figure 7.3. Rou ting Table The routing tabl e displays a ro w for each exist ing route cont aining the IP address and the sub net mask of the destinatio n network and the IP add ress of the gateway that f orward s the traffi c to th e destinati on netwo rk.
RX3041H Userâs Manual Chapter 8. Configuring DDNS 45 8 Configuring DDNS Dynamic DNS is a service th at allows comput ers to u se the sam e dom ain name, even whe n the IP add ress changes from time to time (during reboot or when the ISP's DHCP server re sets IP lea ses). RX 3041H connects to a Dynamic DNS servic e whenever the WA N IP address changes . It supports setting up th e web services such as Web se rver, FTP server using a doma in name instea d of the IP address. Dynami c DNS supports the DDNS cl ients wit h the following feat ures: î¦ Up date DNS records (addition) when an exter nal inter face comes up î¦ Force DNS update Dynamic DNS supports two modes, n amely RFC-2136 DDNS Cl ient and HTTP DDNS Cl ient. RFC-2136 DDNS Client domain.com ISR Windows 2000 DNS Ser ve r isr.domain.com Figure 8.1. Network Di agram for RFC-2 136 DDNS Any interface s tatus change to an external interface s ends a DDNS up date to the DNS server . When connection to Primary DN S server fa ils, the R X3041H upda tes the Secondary DNS ser ver. When a DN S update is forced by the admini strator, upd ate is sent to the server for all active external interfaces. HTTP Dynamic DNS Client HTTP DDNS client uses the mechanism provided by the popular DDNS service pr oviders for updating the DNS records d ynamically. In this case, the service pr ovider upda tes DNS records in the DN S. RX3041H uses HTTP to tr igger th is update . The RX3041H suppor ts HTTP DDNS update with the fo llowing service providers: î¦ www.dyndns.o rg î¦ www.zoneedi t.com î¦ www.dns-tok yo.jp
Chapter 8. Configuring DDNS RX3041H Userâs Manual 46 Internet ISR HTTP DDNS Server (Dy n DNS, Toky oDNS) Dy nDNS isr.homeunix.com Toky oDNS isr.dns-toky o.jp Figure 8.2. Network Di agram for HTTP DDNS Whenever IP a ddress of the configur ed DDNS inter face changes , DDNS update is sent to the specified DDNS service pro vider. RX304 1H should b e configured w ith the DDNS username and p assword that are obt ained from the DDNS service provider. 8.1 DDNS Configuration Parameters Table 8.1 describes t he con figuratio n para meter s availa ble for DDNS servi ce. Table 8.1. DDNS Configu ration Parameters Field Description DDNS State Enable Click on this radio button to enable the DDNS Service Disable Click on t his radio button to disab le the DDNS Servic e DDNS Type â select a DDNS service type: HTTP or RFC -2136 DDNS HTTP DDNS Click this radio button if H TTP DDNS is des ired. RFC-2136 DDNS Click this radio bu tton if R FC-2136 DDNS is des ired. DNS Zone Name Enter the registered domain name prov ided by your ISP int o this field. (Note: The host name of RX3041H has to be co nfigure d in the Syst em Info rmation S etup page p roperly. For exam ple, If the host name of your RX3041H is âhos t1â and the DNS Zone Name is âyourdomain .comâ, The fu lly qualify domain name (FQDN) is âhost1.yo urdomain.comâ.) RFC-2136 DDNS Specific Setting s Primary/Secondary DNS Server [For RFC-2136 DDNS only] Enter the IP addresses of the Primary and sec ondary DNS Servers in these fields. The IP addresses of the primary and second ary DNS servers are inhe rited from the settin gs in the WAN configu ration page. Unless you want t o change these setti ngs for WA N, leave them as they a re.
RX3041H Userâs Manual Chapter 8. Configuring DDNS 47 Field Description HTTP DDNS Specific Settings DDNS Service [For HTTP DDNS only] dyndns Please visit http://www .dyndns.org for more details. zoneedit Please vis it http://www.z oneedit.com fo r more de tails. dyn-tokyo Please v isit http://www.dns-tokyo .jp for more d etails. DDNS Username [For H TTP DDNS only] Enter the use rname pr ovided by your DDNS service p rovider in t his field. DDNS Password [For HTTP DDNS only] Enter the password provide d by your DDNS se rvice provi der in this fiel d. 8.2 Configuring RFC-2136 DDNS Client Follow these in structio ns to configure the RFC-2 136 DDNS: 1. First, you need to ask your system admi nistra to r to turn on the DNS dynamic up date functionality on your DNS server. If you are running Windows 200 0/XP/2003 DNS se rver, Please refe r to the Microsoft Knowledge Base article â Q317590: Configure DNS Dyn a mic Update in Windows 2000 â, for details. 2. Make sure that you have a hos t name configured for the RX304 1H; otherwise, open the System Identity configuration page to configure one. Please refer to the section 11.3 â Configu re System Identity â for more details. 3. Open the DDNS configurat ion page by clicking on the DDNS menu. 4. Select âEnableâ for the DDNS St ate and âRFC-2 136 DDNSâ for the DDNS Type. Figure 8.3. RFC-2136 DDNS Configurat ion 5. Enter the domain name in the DNS Zone Name field. 6. There is no need to change the settings for t he prima ry and se co ndary DNS servers as they are inherited from the settings in the WAN confi guration page. Unl ess you want to change these settings for WAN, leave them as they are. 7. Click on button to send a DNS update request to the DNS server(s) as specified in the Primary DNS and Secondary DNS fields. Note that DNS update request will also be se nt to the DNS Server automatically whenever the WAN port status is cha nged.
Chapter 8. Configuring DDNS RX3041H Userâs Manual 48 8.3 Configuring HTTP DDNS Client Follow thes e instruc tions to con figure the HT TP DDNS: 1. First, you should have already registered a domain name to the DDNS service provider. If you have not done so, please visit www.dns-tokyo.jp or www.dyndns.org for more details. 2. Make sure that you have a hos t name configured for the RX304 1H; otherwise, open the System Identity configuration page to configure one. Please refer to the section 11.3 â Configu re System Identity â for more details. 3. Open the DDNS configurat ion page by clicking on the DDNS menu. 4. In the DDNS configuration page, select âEnableâ for the DDNS State and âHTTP DDNSâ for the DDNS Type. Figure 8.4. HTTP DDNS Configuration 5. Enter the domain name in the DNS Zone Name field. 6. Select a DDNS service from the DDNS Service drop-down list. 7. Enter the username and password prov i ded by your DDNS se rvice providers. 8. Click on button to send a DNS update request to your DDNS service provider. Note that DNS update request will also be sent to your D DNS Service provid er aut om atically whenever the WAN port status is changed. 8.4 Configuring Local Host T able This is the l ocal host t able u sed by the router to ma p the host name t o its IP a ddress. Th is table m ay be us ed for the servers depl oyed inside yo ur LAN. For examp le, you may create a host entry in thi s table for your
RX3041H Userâs Manual Chapter 8. Configuring DDNS 49 servers t o allow t he LA N host s to access t he serve r usin g the host name, e. g. telnet myServer.myC ompany. com. 8.4.1.1 Add a Host Table Entry To add a host table entr y, follow th e instructions be low: 1. Open the DDNS configurat ion page by clicking on the DDNS menu. 2. Select â Add New â from the Host Table drop -down list. 3. Enter the host name and the corresponding IP addre ss in the respective fields. Figure 8.5 displays the screen with entries to add a new host table entry to map the host name, myServer.myCompany.com to an IP address, 192.16 8.1.20. Figure 8.5. Host Table Confi guration 4. Click on the button to create the new host t able entry. The new entry will then be displayed in the host table at the bottom half of the DDNS configurat ion page as shown belo w. Figure 8.6. Host Table 8.4.1.2 Modify a Ho st Table Entry To modify a host table entry , follow the instruction s below: 1. Open the DDNS configurat ion page by clicking on the DDNS menu. 2. Click on the icon of the host table entry to be modified in the host table or select the host table entry from the host table drop-down list. 3. You may then make desired changes t o the host name and/or the IP address. 4. Click on the button to save the change s. The new settings for this host table entry will then be displayed in the host table loca ted at the bottom half of the DDNS configuration page. 8.4.1.3 Delete a Ho st Table Entry To del ete a host ta ble entr y, clic k on the icon of the ent ry to be de leted or fol low th e inst ruction be low: 1. Open the DDNS configurat ion page by clicking on the DDNS menu. 2. Click on the icon of the host table entry to be deleted in the host table or select the host table entry from the host table drop-down list. 3. Click on the button to delete the entry. Note that the entry deleted will be removed from the host table located at the bottom half of the DDNS configuration page. 8.4.1.4 View the Ho st Table To see existing h ost table, just op en the DDNS configu ration pa ge by cl icking on the DDNS menu.

RX3041H Userâs Manual Chapter 9. Configuring Firewa ll/NAT Sett ings 51 9 Configuring Firewall/NA T Settings The RX3041H pro vides built-in firewall/NAT functions , enabling yo u to protect th e system agains t denial of service (DoS) attacks a nd other types of mali cious accesse s to your LAN while providin g Internet access sharing at the same time. You ca n also specify how to m onitor attempt ed attacks, and who sho uld be automatic ally notified. This chapt er describe s how to create/m odify/de lete ACL (Access Co ntrol List ) rules to cont rol the data pa ssing through your network. You will use firewa ll configuration p ages to: î¦ Create, modify, delet e and vie w inboun d/outb ound AC L rules. î¦ Create, modify and delete pre- defined services, IP pools, NA T pools, appli cation filters and tim e ranges to be used in in bound/outbo und ACL confi gurations. î¦ View firewall statistics . Note: When you de fine an ACL rule , you instruct the RX3041H to exa mine each da ta packet it receiv es to determine wh ether it meets crit eria set forth in the ru le. The criteri a can include the net work or internet prot ocol it is carrying, t he dire ction in which it is tr aveling (f or exa mple, from the LA N to the I nternet or vi ce versa), t he IP address of the sending com puter, the dest ination IP addres s, and other char acteristics of the pac ket data. If the packet matches the crit eria establi shed in a rule, the packet ca n either be accepte d (forwarded toward s its destination), or de nied (discarded), depend ing on the actio n specified in the rule . 9.1 Firewall Overview 9.1.1 Stateful Packet Inspection The stateful p acket inspe ction engin e in the RX304 1H maintai ns a state tabl e that is used to keep tra ck of connection s tates of all the packets p assing throug h the fir ewall. The firewall w ill open a â holeâ to al low the packet to pas s throug h if the state of th e packet that belong s to an al ready e stablished connectio n matc hes the state maintain ed by the statefu l packet inspection en gine. Other wise, the packet will be dropped. This âhol eâ will be closed when t he connection se ssion terminate s. No configuration i s required for statef ul packet inspection; it is enabl ed by default when the fire wall is enabled. Please ref er to section 11.1 Confi gure System Services to enable or disable firewall ser vice on the RX3041H . 9.1.2 DoS (Denial of Service) Protection Both DoS prote ction and st ateful p acket in spection provi de first line of defe nse for yo ur network. No configuration is required for both protections on your ne twork as long as firewall is enab led for the R X3041H. By default, the fire wall is ena bled at the f actory. Plea se refer to section 11. 1 Config ure Syst em Services t o enable or disable firewa ll service on the RX3041H. 9.1.3 Firewall and Access Control List (ACL) 9.1.3.1 Priority Order of ACL Rule All ACL rules have a rul e ID a ssigne d â the sm aller t he rule I D, the hi gher the priority . Firewal l monito rs the traffic by extra cting header i nformation f rom the packet and then eit her drops or f orwards the packet by lo oking for a match in the ACL rule table b ased on the header inform ation. Note that the A CL rule checking sta rts from the rule with the small est rule ID until a mat ch is found or all the ACL rules a re examined. If no mat ch is found, the packet is droppe d; otherwise, the pa cket is either dropped o r forwarded based on the action d efined in the matched A CL rule.
Chapter 9. Configuring Firewa ll/NAT Sett ings RX3041H Userâs Manual 52 9.1.3.2 Tracking Connection Sta te The stateful in spection engi ne in the firewall keep s track of the state, or progress, of a net work connection. By storing info rmation about ea ch connectio n in a state table, RX30 41H is able to quickly dete rmine if a packet passing through the firewall belongs to an alr eady established connec tion. If it does, it is passed through the firewall with out going t hrough A CL rule ev aluat ion. For example, an ACL rul e allows outb ound ICMP packe t from 192.168.1.1 to 19 2.168.2.1. Wh en 192.168. 1.1 send an ICMP echo r equest (i.e . a ping packet) to 192.168.2.1, 192.168.2.1 w ill send an ICMP echo rep ly to 192.168.1.1 . In the RX3041H, yo u donât need to c reate another inb ound ACL rule bec ause stateful packet inspection engine will remember the connection state and allows the ICMP echo reply to pass through the firewall. 9.1.4 Default ACL Rules The RX3041H suppor ts three types of default access rules: î¦ In bound Access Rules: for controlling incoming access to computers on your LAN . î¦ Outbound Access Rule s: for controlling outbou nd access to ext ernal n etworks for ho sts on yo ur LAN. î¦ Se lf Access Rules: for controlling acc ess to the RX3041H itself. Default Inbound Access Rules No default inbound access rul e is configured. T hat is, all traffic from exte rnal hosts to the inte rnal hosts is denied. Default Outbound Acces s Rules The default ou tbound access rule allows a ll the traffi c origi nated from y our LAN t o be forwa rded to t he extern al network using NAT. WARNING It is not necessary to remove th e defa ult ACL rule from the ACL rule tab le! It is b etter to create hi gher prior ity ACL rul es to overr ide the default rule. 9.2 NA T Overview Network Address Transla tion allows use of a single device, such as the RX304 1H, to ac t as an age nt between the Internet (pub lic network) and a lo cal (private) net work. This mean s that a NAT IP address ca n represent an entire group of comp uters to any entity ou tside a netw ork . Network Address Tr anslation (NAT) is a mech anism for conserving re gistered IP addresses in large networks a nd simplifying IP addressing manag ement tasks. Because of the tr anslation of IP address es, NAT also conceals true network address from privy eyes and provide a cert ain degre e security to th e local net work. The NAT mode s supported are st atic NAT , dynamic NAT, NAPT, r everse stat ic NAT and reve rse NAPT. 9.2.1 Static (On e to One) NAT Static NAT maps an internal host address to a globally valid Interne t address (one-to-on e). The IP address in each packet is direct ly translated with a gl obally valid IP contain ed in the mapping. Fig ure 9.1 illustrates the IP address mapping relationship between the fo ur private IP addresses and the four globally valid IP addresses. Note that this mapping is st atic, i.e. the m apping will not change over time until thi s mapping is manually changed by the adminis trator. Th is means th at a hos t will always use the s ame global valid IP address for all its outgoing traffic.
RX3041H Userâs Manual Chapter 9. Configuring Firewa ll/NAT Sett ings 53 Figure 9.1 S tatic NAT â M apping Fou r Private I P Addr esses to F our Globall y Valid IP Addres ses 9.2.2 Dynam ic NAT Dynamic NAT maps an in ternal host dynamically to a globally valid Internet address (m-to-n). The mapping usually contains a pool of internal IP address es (m) an d a pool of globally valid In ternet IP add resses (n) with m usually gre ater than n. E ach int ernal I P add ress is map ped to one externa l IP address on a first com e first serve basis. Figure 9.2 sh ows that PC B, C and D are mapp ed to a globally valid IP addres s respectively, while PC A does not map to any globally valid IP address . If PC A wants to go to the Internet, PC A mus t wait until a global valid IP address is availab le. For example , in Figure 9.3, PC B must disconnect fr om the Inte rnet first to allow PC A to access Internet. Figure 9.2 Dy namic NAT â Fo ur Priva te IP addresses M apped to Thr ee Valid IP Addresse s Figure 9.3 Dynamic NAT â PC-A can get an NAT associatio n after P C-B is disc onnected
Chapter 9. Configuring Firewa ll/NAT Sett ings RX3041H Userâs Manual 54 9.2.3 NAPT (Network Address and Port Translation) or PAT (Port Address Translat ion) Also called IP Ma squeradin g, this f eature maps many i nternal hosts to one gl obally v alid Inte rnet addr ess. The mapping cont ains a poo l of netwo rk ports to b e used for translatio n. Every p acket i s translat ed with the gl obally valid Internet addre ss and the port numb er is translated with an un-used po rt from the po ol of netwo rk ports. Figure 9.4 shows t hat all the hosts on the lo cal net work gain access to the I ntern et by ma pping t o only on e globally valid IP a ddress and different port numbers from a free pool of network ports. Figure 9.4 NAP T â Map Any Inte rnal PCs to a Single Gl obal IP Add ress Figure 9.5 Revers e Static NAT â Map a Global IP Address to An Internal PC Figure 9.6 Revers e NAPT â Relaye d Incoming Packets to the Inte rnal Host Base on the Protocol, Port Numb er or IP Address
RX3041H Userâs Manual Chapter 9. Configuring Firewa ll/NAT Sett ings 55 9.2.4 Reverse Static NAT Reverse stati c NAT ma ps a glob ally valid I P addre ss to an int ernal host add ress for the inboun d traffic. All packets coming to that globally valid IP address are re layed to the Internal address. This is useful when hosting services in an internal mach ine. Figure 9.5 shows that four globally va lid IP addresses are mapped to four hosts on the inte rnal network a nd each can be u sed to host some service s for inbound tr affic, e.g. FTP server. 9.2.5 Reverse NAPT / Virtual Server Reverse NAPT is also cal led inbound mapp ing, port mappin g, or virtual server. Any pa cket coming to the RX3041H can be relayed to the inter nal host based on the protocol, port n umber and/or IP address specified in the ACL rule. This is useful whe n multiple servi ces are hosted on diff erent intern al machine s. Figure 9.6 shows that web server (TCP/80) is hosted on PC A, telnet server (TCP /23) on PC B, DNS ser ver (UDP/53) on PC C and FTP server (TCP/ 21) on PC D. T his means that t he inbound traff ic of th ese four services will be directed to respective hos t hosting these services . 9.3 ACL Rule Configuration Parameters Table 9.1 describes t he con figuratio n param eters av ailabl e for fire wall ACL rule s. Table 9 .1. ACL R ule Conf iguratio n Para meters Field Description ID Add New Click on this o ption to add a new A CL rule. Rule Numbe r Select a rul e from t he drop-d own list, t o modify it s attrib utes. Action Allow Select thi s button t o configu re the ru le as a n allo w rule. This rule when bou nd to the Firewa ll will allow matching packets to pass through. Deny Select this but ton to conf igure th e rule as a deny rule. This rule when bou nd to the Firewa ll will not a llow matching packets to pass thro ugh. Mave to This optio n allows you to s et a pr iority for this rule . The RX3041H Firewall acts on packe ts based o n the priority of the rule s. Set a priority by specif ying a numbe r for it s positio n in the list of rule s: 1 (First) This num ber marks the highe st priority. Other numbers Select other numbers to ind icate the pr iority you wish to assign to th e rule. Source IP This option allows yo u to set the source netw ork to which this rul e should apply. Use the drop -down list to select one of t he follo wing optio ns: Any This option allows yo u to apply t his rule t o all th e comput ers in the source network, such as those o n the Int ernet for in bound AC L rules and th ose on the LAN for outbou nd ACL rules. IP Address This option all ows you to specify an IP address on whi ch this rule will be applied.
Chapter 9. Configuring Firewa ll/NAT Sett ings RX3041H Userâs Manual 56 Field Description IP Address Specify th e appropriate netwo rk address Subnet This option allows yo u to inclu de all th e compute rs that a re conn ected i n an IP subnet. When t his opti on is sel ected, th e followi ng fields b ecome available f or entry: Address Enter the appropria te IP address. Mask Enter the correspon ding subnet mask. Range T his option allows you to include a range of IP addresses for applying this rule. The f ollowin g field s become av ailabl e for en try when thi s option is selected: Begin Enter the starting IP address o f the range End Enter the en ding IP a ddress of the range IP Pool This option al lows you t o associate a pre-conf igured IP pool with this rul e. The availa ble IP pool can be sel ected f rom the IP p ool drop-do wn list. Destinat ion IP This option allows yo u to set the destina tion net work to which this rule shoul d apply. Use the drop- down list to sele ct one of the follo wing option s: Any This option allows yo u to apply t his rule t o all th e comput ers in the destinati on ne twork such a s those on the L AN fo r inbo und ACL rules a nd those on the Internet fo r outbound ACL rul es. IP Address, Subne t, Range and IP Pool Select any of these opt ions and ente r details as describ ed in the Source IP section abov e. Source Port This option allows yo u to set the source po rt to wh ich this rule should apply. Use t he dro p-down li st to select one of t he follo wing option s: Any Select this option if you want this ru le to apply to all appli cations with an arbitrary source port number. Single This optio n allows you to app ly this r ule to an application w ith a s pecific source port number. Port Number Enter the source port number Range Select this option if y ou want this rule to apply to applications with this port range. The fol lowing fi elds becom e availabl e for entry when thi s option is selected. Begin Enter the starting port numbe r of the range End Enter the en ding port number of t he range Destinat ion Port This option allows yo u to set the desti nation po rt to whic h this rul e should a pply. Use the drop-do wn list to select one of t he follo wing optio ns: Any Select this option if you want this ru le to apply to all appli cations with an arbitrary destinat ion port numbe r. Single, Range Select any of these and ent er details as descri bed in the Source Port section abov e.
RX3041H Userâs Manual Chapter 9. Configuring Firewa ll/NAT Sett ings 57 Field Description Service This option allows yo u to sel ect any of the pre-conf igured service s (selectabl e from the drop-dow n list) i nstea d of the d estinati on port. T he following are examples of se rvices: BATTLE-NET, PC-ANY WHERE, FING ER, DIABLO-II, L2TP, H323GK, CUSEEME, MSN-ZONE, ILS, ICQ_2002, IC Q_2000, MS N, AOL, RPC, RTSP7070, RTSP554, QUA KE, N2P, PPTP, MSG2, MSG1, IRC, I KE, H323, IMAP4, HTTPS, DNS, SNMP, NNTP, POP 3, SMTP, HTTP, FTP, TELNET. Note: service is a combi nation of prot ocol and port nu mber. They app ear here after y ou add the m in the âFirewal l Servi ceâ confi guratio n page. Protocol This option allows yo u to sel ect proto col type f rom a drop-down list. Avail able sett ings ar e All, TCP, UDP, ICMP, AH and ES P. Note that if y ou select âs e rviceâ for the destinati on port, this optio n will not be available. NAT This option allows yo u to sel ect the ty pe of NA T for th e traffic. None Selec t this option if you donât intend to use NAT in this AC L rule. IP Address For inbound ACL r ules: select this option to specify the IP address of the computer (u sually a serv er in your LAN) t hat you want t he in coming t raffic to be directed. Note this opti on is called reverse NAP T or virtual server. For outbo und ACL r ules: Selec t this option to specify th e IP address that you want the outbound traffic to use. Note this opt ion is called NAPT or overload. NAT Pool Select th is optio n to associ ate a p re-config ured NAT p ool to the rule. For inbound ACL rules, only reve rse static NAT and re verse NAPT pool can be used. For outbou nd ACL rules, only st atic, dynami c and overload NAT pool can be used. Interface (Outbound A CL only) This option is availabl e for outbound ACL rules only. Select this option to use the WA N int erface IP address f or t he outbo und tr affic. Note t hat WA N IP must be configured p rior to select ing this optio n. Three option s are available: eth0, ppp oe0 and pppoe1. Selec t eth0 if your WAN inter face type is static or dynamic ; pppoe0 if WAN inter face is PPPo E0, and pppoe1 if WAN in terface is PPPoE1 . Time Ranges Select a pr e-configured ti me ran ge during which the rule is active. Sel ect âAlw aysâ to make the rul e active at all times. Application Filteri ng This option allows yo u to sel ect pre -config ured FTP, HT TP, RPC and/or SM TP applic ation filt ers from the drop -down li st. Log Click on the âEnable â or âDisableâ radio button to en able or disable logg ing for this ACL rule. 9.4 Configuring Inbound ACL Rules Inbound ACL rules are used to control (allow or deny) access to the local network.
Chapter 9. Configuring Firewa ll/NAT Sett ings RX3041H Userâs Manual 58 w all 9.4.1 Add an Inbound ACL Rule To add an inbound ACL rul e, follow the instruction s below: 1. Open the Inbound ACL Rule Conf igurati on Page by cl icking on the Fire Ã Inbound ACL menu. 2. Select â Add New â from the â ID â drop-down list. 3. Set desired action (Allow or Deny) from the â Action â d rop -do wn list. 4. Make changes to any or all of the following fields: Source/Destina tion IP , Source/Destination Port , Protocol, NAT, Time Ranges , Application Filtering , and Log . Please see Table 9.1 for explanation of these fields. Figure 9.7 illustrates how to create an A CL rule to allow inbound FTP service for any host on the Internet to access to FTP server in the local net work w/ IP address 192.168.1.123. Figure 9.7. Inboun d ACL configura tion Example 5. Assign a priority for this rule by selecting a numbe r fro m the â Move to â drop-down list. Note that the number indicates t he priority of the rule with 1 being the highest. Higher priority rules will be examined prior to the lower priority rules by the firewa ll. 6. Click on the button to create the new ACL rule. You may verify the new ACL rule in the inbound access cont rol list table displayed at the bottom half of the Inbound ACL configuration page as shown in Figure 9.8. Figure 9.8. I nbound ACL Lis t 9.4.2 Modify an Inbound AC L Rule To modify an inbound ACL rule, follow the instruc tions below: 1. Open the Inbound ACL Rule Conf igurati on Page by cl icking on the Fire w all Ã Inbound ACL menu.
RX3041H Userâs Manual Chapter 9. Configuring Firewa ll/NAT Sett ings 59 2. Click on the icon of the rule to be modified in the inbound ACL table or select the rule number from the â ID â drop-down list. 3. Make desired chan ges to any or all of the following fields: action, source/destination IP, source/destination port, protocol, port mapping, time ranges, application filtering, and log. Please see Table 9.1 for explanation of these fields. 4. Click on the button to modify this ACL rule. The new settings for this ACL rule wi ll then be displayed in the inbound access control list table at the bottom half of the Inbound ACL configuration page. 9.4.3 Delete an Inbound ACL Rule To delete an inbo und ACL rule, clic k on the in front of the rule to be deleted or follow the in structions belo w: 1. Open the Inbound ACL Rule Conf igurati on Page by cl icking on the Fire w all Ã Inbound ACL menu. 2. Click on the icon of the rule to be deleted in the inbound ACL table or select the rule numb er from the â ID â drop-down list. 3. Click on the button to delete this ACL rule. Note that the ACL rule deleted will be removed from the ACL rule table located at the bottom half of the same config uration page. 9.4.4 Display Existi ng Inbound ACL Rules To see existin g inbound A CL rul es, just open t he Inbou nd ACL Rule conf iguratio n page by clicking on the Firewall Ã Inbound ACL me nu. 9.5 Configuring Outbound ACL Rules Outbound AC L rules allow y ou to control (allow or deny ) Internet or external net work access fo r computers on your LAN. 9.5.1 Add an Ou tbound ACL Rule To add an outbou nd ACL rule, follow the inst ructions bel ow: 1. Open the Outbound ACL Rule conf iguration page by clicki ng on the Firewall Ã Outbound ACL menu. 2. Select â Add New â from the â ID â drop-down list. 3. Set desired action (Allow or Deny) from the â Action â d rop -do wn list. 4. Make changes to any or all of the following fields: sou rce/d estin ation IP, source/destination port, protocol, NAT, time ranges, application filtering, and log. Please see Table 9.1 for expl anation of these fields. Figure 9.9 illustrates how to create a rule to deny out bound HTTP traffic for a host w/ IP ad dress 192.168.1.15.
Chapter 9. Configuring Firewa ll/NAT Sett ings RX3041H Userâs Manual 60 Figure 9.9 . Outbound ACL Configu ration Example 5. Assign a priority for this rule by selecting a numbe r fro m the â Move to â drop-down list. Note that the number indicates t he priority of the rule with 1 being the highest. Higher priority rules will be examined prior to the lower priority rules by the firewa ll. 6. Click on the button to create the new ACL rule. The new ACL rul e will then be displayed in the outbound access control list table at the bottom half of the Outbound ACL config uration page. Figure 9 .10. Outbound ACL List 9.5.2 Modify an Outbound ACL Rule To modify an outbou nd ACL rule, follo w the instructi ons below: 1. Open the Outbound ACL Rule conf iguration page by clicki ng on the Firewall Ã Outbound ACL menu. 2. Click on the icon of the rule to be modified in the outbound ACL table or select the rule number from the â ID â drop-down list. 3. Make desired chan ges to any or all of the following fields: action, source/destination IP, source/destination port, protocol, NAT, time ra nges, application filtering, and log. Please see Table 9.1 for explanation of these fields. 4. Click on the button to modify this ACL rule. The new settings for this ACL rule wi ll then be displayed in the outbound access control list table at the bottom half of the Outbound ACL configuration page. 9.5.3 Delete an Outbound ACL Rule To delete an outbo und ACL rule, ju st click on the in f ront of the rule to be d eleted or f ollow t he instru ctions below:
RX3041H Userâs Manual Chapter 9. Configuring Firewa ll/NAT Sett ings 61 1. Open the Outbound ACL Rule Conf igurat ion Page by clickin g on the Firewall Ã Outbound ACL menu. 2. Click on the icon of the rule to be deleted in the outbound ACL table or select th e rule nu mber from the â ID â drop-down list. 3. Click on the button to delete this ACL rule. Note that the ACL rule deleted will be removed from the ACL rule table located at the bottom half of the same config uration page. 9.5.4 Display Existi ng Outbound ACL Rules To see existin g outbou nd ACL rule s, just open the Outboun d ACL Rul e config uration pa ge by cl ickin g on the Firewall Ã Outbound ACL menu. 9.6 Configuring URL Filters Keyword based UR L (Uniform Resource Locator, e.g . www.yahoo.c om ) filtering allows you to define one or more keywords that should not appea r in URLâs. Any URL containi ng one or more of these keywords will be blocked. This is a policy indep endent featur e i.e. it cannot be associated to ACL rules. This fea ture can be independently enabled/ disabl ed, but wo rks only if fire wall is en abled. 9.6.1 URL Filter Confi guration Paramet ers Table 9.2 describes t he con figuratio n para meter s availa ble for an URL filter rule. Table 9.2. URL Filter Configu ration Parameters Field Description URL Filter St ate Click on âEna bleâ or âDisabl eâ radio button to enable or di sable URL filtering. Proxy Server Port Enter the proxy ser ver (web server) port number config ured for your web browser. Not e that the p roxy serve r port ch ange requi res you to di sable and enable the firewall to take effect. ID Add New Click on this option t o add a new URL filter rule. Rule Number Select a rul e from t he drop-d own list t o modify its attrib utes. Keyword Define a keyword that should not appear in the URL. 9.6.2 Ad d an URL Filter Rule To add an URL Filter, follow the inst ructions below: 1. Open the URL Filter configuration page by clicking on the Firewall Ã URL Filter menu. 2. Select â Add New â from the â ID â drop-down list. 3. Enter a keyword to the Keyword field. Fi gure 9.1 1 shows an URL filter rule example. It demonstrates: a) How to add the keyword âschwabâ. Any URL containing this keyword will be blocked. b) Set the proxy web server port number to 80 (you may use a different port number for your proxy server). This means that this URL filter rule will be applie d ove r the proxy server port 80 in case a proxy web server is used. If you donâ t use a proxy server for your browser, this setting will be ignored. Note that you must disa bl e and then enable the firewall for this change
Chapter 9. Configuring Firewa ll/NAT Sett ings RX3041H Userâs Manual 62 to take effect. Please refer to section 11.1 Configure S y stem Services on d etails of enabling and disabling firewall service s. Figure 9.11. URL Filter Configu ration Exampl e 4. Click on the button to create the URL Filter rule. The new rule will t hen be di splayed in the URL Filter Configuration Summary table. Figure 9.12. URL Filter List 9.6.3 M odify an URL Filter Ru le To modify an URL Filter rule, you must first delet e the existing URL filter rule (se e Section 9.6.4) a nd then add a new one (see Section 9.6.2 Add an URL Filt er Rule). 9.6.4 Delete an URL Filter Rule To delete an URL Filter rule, ju st click on the in front of the rule to be delete d or follow the instructions below: 1. Open the URL Filter configuration page by clicking on the Firewall Ã URL Filter menu. 2. Click on the icon of the rule to be deleted in the UR L Filter Configuration Summary table or select the rule number from the â ID â drop-down list. 3. Click on the button to delete this rule. 9.6.5 Vi ew Exi sting URL Filter Rules To see existing URL filter rul es, just open the URL Filt er configuratio n page by clicking o n the Firewall Ã URL Filter menu. 9.7 Configuring Advanced Firewall Features â (Firewall Ã Advanced) This option sequence brings up the screen wi th the follow ing sub-optio ns for setting ad vanced firewall features : î¦ Se lf Access â Th is option a llows you to configure rules fo r controlling p ackets targe ting the RX3041H itself. î¦ Ser vices â Use this op tion to configure services (applications using specified port numbers) . Each service record contai ns the name of service re cord, the IP protoc ol value and its corre sponding por t number. î¦ DoS â Use this option to configu re DoS â Denial of S ervice â paramet ers. This option li sts th e defa ult set of DoS attacks aga inst which the RX3041H firewall pro vides protection . The following se ctions describ e usage of these opt ions
RX3041H Userâs Manual Chapter 9. Configuring Firewa ll/NAT Sett ings 63 9.7.1 Configuring Self Access Rules Self access rule s are used t o cont rol access t o the route r itself. 9.7.1.1 Self Access Configu ration Parameters Table 9.3 describes t he con figuratio n para meters av ailabl e in the S elf Access configurati on page. Table 9.3. Self Acc ess Configuratio n Paramete rs Field Description Protocol Select protocol fro m drop down list - TCP/ UDP/ICMP Port Enter the Port Number. Direction Select the directi on from whi c h the traffic will be allowed. From LAN Select E nable or Di sable t o allow or deny traffic fro m the LA N (inte rnal network) to th e RX3041H. From WAN Select Enabl e or Disabl e to allow or deny traffic f rom WAN (external network) to th e RX3041H. 9.7.1.2 Add a Self Access Rul e To add a Self Access rule, follo w the instructi ons below: 1. Open the Self Access Rule c onfiguratio n page by cli cking on the Fire w all Ã Advanced Ã Self Acce ss menu. 2. Select â Add New â from the Self Access rule drop-down list. 3. Select a protocol from the Protoc ol drop-down list. If you select TCP or UDP protocol, you will need to enter port number as well. Figure 9.13. Se lf Access Rule Co nfigurat ion Exam ple 4. Click on the button to create the new Self Access rule. The new rule will then be displayed in the Self Access Rule list tabl e at the bottom half of the Self Access Rule configuration page. Example
Chapter 9. Configuring Firewa ll/NAT Sett ings RX3041H Userâs Manual 64 Figure 9.1 3 display s the screen with ent ries to: î¦ Add a new Self Access rule to: â¢ Allow TCP port 80 traffic (i.e. HTTP t raffic) from t he LAN and de ny the HTTP t raffic f rom the WAN port (i .e. from th e externa l network) to the R X3041H. 9.7.1.3 Modify a Self Access Rule To mo dify a Sel f Acces s ru le, follow the instruct ions below: 1. Open the Self Access Rule c onfiguratio n page by cli cking on the Fire w all Ã Advanced Ã Sel f Access menu. 2. Click on the icon of the Self Access rule to be modifie d in the Self Access rul e table or select the Self Access rule from the Se lf Access rule drop-down list. 3. You may then disable or enable the traffic fr om LA N o r WAN or both. Note that port number cannot be changed if TCP or UCP protocol is sele cted. To modify the port numb er, you must first delete the existing Self Access rule and add a new rul e instea d. 4. Click on the button to save the change s. The new settings for this Self Access rule will then be displayed in the Self Access rule table lo cated at the bottom half of the Self Acce ss Rule configuration page. 9.7.1.4 Delete a Sel f Access Rule To de lete a Self Access rule, click on t he icon of the rule to be dele ted or follow th e instruction below: 1. Open the Self Access Rule c onfiguratio n page by cli cking on the Fire w all Ã Advanced Ã Sel f Access menu. 2. Click on the icon of the Self Access rule to be deleted in the Self Acce ss rule table or select the Self Access rule from the Se lf Access rule drop-down list. 3. Click on the button to delete the rule. Note that the rule deleted will be removed from the Self Access rule table located at the bo ttom half of the same configuration page. 9.7.1.5 View Configured Self Acc ess Rules To see existing Self Access Rules, just open the Self Access Rule configuration page by clicking on the Firewall Ã Advanced Ã Self Access menu. 9.7.2 Configuring Service List Services are a co mbination of Pro tocol and Port numb er. It is used in inbound and ou tbound ACL rule configurat ion. 9.7.2.1 Service List Co nfiguration Parame ters Table 9.4 de scribes th e availa ble conf iguration paramet ers for firewa ll service list. Table 9.4. S ervice List co nfigur ation p arameters Field Description Service Name Enter the name of the Ser vice to be added. No te that only alp hanumeric characters ar e allowed in a name. Protocol Enter the type of proto col the se rvice u ses. Port Enter the port number that is set for this service.
RX3041H Userâs Manual Chapter 9. Configuring Firewa ll/NAT Sett ings 65 9.7.2.2 Add a Service To add a se rvic e, follow th e inst ructio ns below: 1. Open the Service List conf iguration page by clicking the Firewall Ã Advanced Ã Service . 2. Select â Add New â from the service drop-do wn li st. 3. Enter a desired name, preferably a meaningful nam e that signifie s the nature of the service, in the â Service Name â field. Note that only alphanumeric characters are allowed in a name. 4. Make changes to any or all of the following fiel ds: pub lic port an d protocol. Please see Table 9.4 for explanation of these fields. Figure 9.14. Service List Configuration 5. Click on the button to create the new service. T he new service will then be di splayed in the service list table at the bottom half of the Service configuration page. Edit icon Service dro p -down list Figure 9.15. Service List 9.7.2.3 Modif y a Servi ce To modify a service, follo w the instructi ons below: 1. Open the Service List conf iguration page by clicking the Firewall Ã Advanced Ã Service . 2. Select the service from the serv ice d rop -down list or cl ick on the icon of the service to be modified in the service list table. 3. Make desired chan ges to any or all of the follo wing fields: service name, public port and protocol. Please see Table 9.4 for explanation of these fields.
Chapter 9. Configuring Firewa ll/NAT Sett ings RX3041H Userâs Manual 66 4. Click on the button to modify this service. The new settings for this service will then be displayed in the service list table at the bottom half of the Service configuration pa ge. 9.7.2.4 Delete a Servi ce To delete a servic e, follow the instructi ons below: 1. Open the Service List conf iguration page by clicking the Firewall Ã Advanced Ã Service . 2. Select the service from the serv ice d rop -down list or cl ick on the icon of the service to be modified in the service list table. 3. Click on the button to delete this service. Note that the service deleted will be removed from the service list table located at the bottom half of the same co nfiguration page. 9.7.2.5 View Configured Se rvices To see a list of exis ting services, follow the instructions below : 1. Open the Service List conf iguration page by clicking the Firewall Ã Advanced Ã Service . 2. The service list table located at the bottom hal f of the Service configuration page shows all the configured services. 9.7.3 Configuring DoS Settings The RX3041H has a proprietary Attack De fense Engine that protects internal networks from Denial of Service (DoS) attacks such as SYN flooding, IP smurfing, LAND , Ping of Death and all re-assembly attacks. It can drop ICMP redirect s and IP loose/ strict source rout ing packet s. For exampl e, a security device wit h the RX3041H Firewa ll provides protec tion from âWinNukeâ , a widely used p rogram to remote ly crash unpro tected Windows systems in the Interne t. The RX3041H Firewall also provides protectio n from a variety of common Internet at tacks such as IP Spoofing , Ping of D eath, Land Attack, Reassemb ly and SYN flood ing. For a complete list of DoS prote ction provided by the RX304 1H, please see Table 2. 3. 9.7.3.1 DoS Protection Configuration Parameters Table 9.5 describes t he con figuratio n para meters av ailabl e for DoS P rotectio n. Table 9.5. DoS Protec tion Configura tion Parameters Field Description SYN Flooding Check or un-check this option to enable or disable pro tection against SYN Flood attacks . This at tack involves send ing connection requests to a ser ver, but never fully com pleting the connecti ons. This will cause some comput ers to get into a "s tuck state" where they cannot accept connectio ns from legitim ate users . ("SYN" is short for "SYNchron ize"; this is the first step i n opening an Internet co nnecti on). You can sel ect this box if you wi sh to protect the ne twork from TCP SY N floodin g. By defa ult, SYN Floo d protection is enable d. Winnuke Check or un-check this option to enable or disable pro tection against Winnuke attacks. Som e older versions of the Mi crosoft Windows OS are vulnerable t o this atta ck. If the co mpute rs in the LAN are not updat ed with recent versions/pat ches, you ar e advised to e nable thi s protection by checking this check box. MIME Flood Check or un-check this option to en able or disable protection against MIME attacks. You can select this box to prot ect the mail server in your network against MIME flooding. FTP Bounce Check or un-check this option to enable or disable pro tection against FTP bounce a ttack In its simplest terms the attack is based on the misuse of the
RX3041H Userâs Manual Chapter 9. Configuring Firewa ll/NAT Sett ings 67 Field Description PORT comma nd in th e FTP proto col. An atta cker can es tablish a connection betwe en the F TP server machin e and an arbitrary po rt on another sys tem. This connection ma y be used to b ypass access controls that would otherwise app ly. IP Unaligned Time Stamp Check or un-check th is option to enable o r disable pr otection agains t unaligned IP time stamp a ttack. Certain operatin g sy stems will crash if they receive a f rame wit h the IP ti mestam p opti on that i sn't ali gned on a 3 2-bit boundary. Sequence Number Prediction Check Check or un-check this option to en able or d isable protection against TC P sequence number prediction attacks. For TC P packets, seque nce number is used to guard against accidental receip t of unintended data and malicious use by the att acker s if the I SN (I nitial Se quence Number ) is gen erated randomly. Forged p ackets w/ valid sequence nu mbers can be used to gain trust from the receiving host. Attacke rs can then gain access to th e compromised sy stem. Note that t his attack affect s only the TCP packet s originated or termi nated at the RX304 1H. Sequence Number Out of Range Check Check or un-check this option to en able or d isable protection against TC P out of range sequence number attacks. An attacker can send a TCP packet to cause a n intru sion dete ction sy stem (I DS) to b ecome unsyn chroni zed with the data in a connection . Subsequent frames sent in that connection may then b e ignored b y the IDS. This may indicate an unsuccess ful attempt to hijack a TCP session. ICMP Verbose Check or un-check this option to en able or d isable protection against ICMP error message att acks. ICM P message s can be u sed to flood y our n etwork w/ undesir ed traffic . By defau lt, this op tion is enab led. Maximum IP Fragment Coun t Enter the m aximum nu mber of f ragment s the Firewall should al low fo r every IP packet. This op tion is required if your connection to the ISP is through PPPoE. This data is used during transmis sion or reception of IP fragments. When large sized packets are sent via the R X3041H, the packets are chopped into fragments as large as MTU (Maximu m Transmission Unit). By default, this number is set to 45. If MTU of th e interface is 1500 (defa ult for Ethernet), then there can be a maximum of 45 fragme nts per IP packet. If the MTU is l ess, then t here can be more number of fragme nts an d this number should be increased. Minimum IP Fragment Size Enter the Mini mum si ze of IP fragme nts to b e allowed t hrough Fi rewall. T his limit will not be enforced on the last fragment of the packet. If the Internet traffic is such that it generate s many small sized fragm ents, this val ue can be decreased . This can be found if there are lots o f packet loss, degradation in speed and if the fo llowing log message is generated ver y often:âfragment of size less than configu red minimum frag ment size detecte dâ. 9.7.3.2 Config uring Do S Settings By default, your n etwork is prote cted again st the attacks l isted in t he DoS Atta ck Protect ion List t able, a s shown in Figu re 9.16. You may che ck or unch eck indivi dual o ption to en able or disable a dditional protection against specific type of attack.
Chapter 9. Configuring Firewa ll/NAT Sett ings RX3041H Userâs Manual 68 Figure 9.16. DoS Attack Protec tion List To configure DoS s ettings, follow the instruc tions below : 1. Open the DoS configuration page by cli c king on the Firewall Ã Advanced Ã DoS menu. 2. Check or uncheck individual option to enable o r disable additional protection against specific type of attack. Note that SYN flooding and ICMP verbose attack protection are enabl ed by default. For information regarding specific type of attack, please refer to Table 9.5 for details. 3. Click the button to save the DoS settings. Figure 9 .17. DoS Conf iguration Page 9.8 Firewall Policy List â (Firewall Ã Poli cy List) Firewall polic y list provides a convenient way to mana ge firewall ACL rules (inbound /outbound ACL ru les, and group ACL rules). î¦ Ap plication Filters â This option allows you to configure Command Filters for FTP, HTTP, RPC a nd SMTP applications. Con figure filters her e before attaching t hem to policies. î¦ IP Pools â This optio n allows y ou to configu re logi cal name s for IP P ools a nd set appropriat e IP addresses. Ea ch record contai ns the name of the IP record and th e types of IP ad dress (sing le IP address or a ra nge of IP address or a subnet address). î¦ NAT Pools â This opti on all ows you to configur e NAT P ools that will e nsure ma pping of th e internal IP address to public IP addres s. Config ure NAT Pool s here bef ore att aching t hem t o policies. î¦ T ime Ranges â This o ption allows you to confi gure time-windows for user-access to the networks across the RX3 041H.
RX3041H Userâs Manual Chapter 9. Configuring Firewa ll/NAT Sett ings 69 9.8.1 Configuring Application Filter Application filter allows ne twork adminis trator to block , monitor, a nd report on network us ersâ access to non- business and ob jectionabl e content. This hi gh-perform ance content acce ss control re sults in increased productivity, lower bandwidt h us age and reduced le gal liability. The RX3041H has the ability to handle active c ontent filtering on certain application protocols such as HTTP, FTP, SMTP and RPC. î¦ HTTP â You can define HTT P extension based filteri ng schemes for bl ocking ActiveX â *.ocx Java Archive â *.jar Java Applet s â *. class Microsoft Archives â *.ms ar Other URLs based on file extensions. î¦ FTP â allows you to define and enfo rce the file transf er policy for th e site or group of users î¦ SMTP â allows you to filter operations such as VRFY, EXPN, etc. which reveal excess information about the re cipient. î¦ RPC â allows you to filter prog rams based on the assigned RPC p rogram num bers. 9.8.1.1 Application Filter Confi guration Param eters Table 9.6 describes t he con figuratio n para meter s availa ble for ap plica tion filte r. Table 9.6. Applica tion Filter Configu ration Parame ters Field Description Filter Type Select the type of filter: FTP , HTTP, RPC and SMTP. Filter Name Enter a name fo r the filter. Protocol Select the protoc ol that Application F ilter uses (TCP/UDP). Port Enter the port number that the App lication Filter uses . Log This option includes buttons to enable and disab le logging for this App lication F ilter. Enable Se lect this opti on to enable lo gging for th is applicati on filter. Disable Sele ct this opt ion to disa ble loggi ng for thi s appli cation filt er. Action Allow Select this option to configure the rule as an âallowâ ru le. This rule when bound to the Firewall will all ow ma tching packets to pass t hrough. Deny Select this option to configure th e rule as a âdenyâ rule. This rule when bound to the Firewall will not allow matching packets to pass th rough. Filter Commands This section allows you to enter a command for the respective app lication. The list of supported commands per appl ication is as follows: FTP Commands Add the followin g command to an FTP filte r to: CWD Allow or deny of c hange direc tory. LIST Allow or deny of Listing of file s/directory. MKD Allow or deny of Creating a di rectory. NLST Allow Short listing of director y contents.
Chapter 9. Configuring Firewa ll/NAT Sett ings RX3041H Userâs Manual 70 Field Description PASV Allow initiation of a passive data connection. PORT Allow or deny Por t Number to participa te in an ac tive data c onnection. RETR Allow or deny gettin g a file from the FTP server. RMD Allow Remov ing a direct ory. RNFR Allow Rename from. RNTO Allow Rename to. DELE Allow Deleti on of a f ile. SITE Allow Site parameter s (Specifi c services provi ded by the FTP serve r). STOR Allow or deny of putting a file to the FTP server. SMTP Commands Add the followin g command to an SMTP f ilter to: MAIL Allow or deny initia ting a mail tra nsaction. RCPT Allow or deny identifyi ng an individual re cipient of the mail data. DATA Allow or deny mail data. VRFY Allow or deny verifying the exist ence of the user. EXPN Allow or deny identific ation for a mailing list. TURN Allow or deny the switchin g roles of the client an d server, to sen d mail in the reverse directi on. SEND Allow or deny initiating a mai l transaction. HTTP (Deny Following Files) Add the followin g command to an HTTP filter to: Java Applet Deny al l *.cla ss files. Java-archive Deny all *.jar files. MS Archive Deny al l *.msar fil es. ActiveX Deny all *.ocx files. RPC Numb ers RPC number s Add this command to an RPC filter to allow or d eny RPC pr ogram numbers . 9.8.1.2 Add an Application Filter The applicati on filter configu ration is b est expla ined with a fe w exam ples. Not e that the configur ation for RPC and SMTP is simil ar to that for FTP and will not be present ed here.
RX3041H Userâs Manual Chapter 9. Configuring Firewa ll/NAT Sett ings 71 9.8.1.2.1 FTP Examp le: Add a FTP Filter Rule to Block FTP DELETE Command 10.64.2.0 ISR Private N etwork 192.168.1.0/24 FTP Server 10.64.2.254 Inside FW Outside F W Figure 9 .18 Network D iagram for FT P Filter Ex ample â Bloc king FTP De lete Command 1. Open the Application Filer configuration page by clicking the Fire wall Ã Policy List Ã Application Filter menu. 2. Select FTP from the Filter Type drop-down list. 3. Select âAdd New Filterâ from the Filter Rule drop -do wn list. 4. Enter a name for this rule â in this example, FTPRule1. 5. Change the port number if necessa ry. However, it is recom mended that you keep the âDefaultâ setting. Filter Type dr op-do wn list Filter Rule drop- down list Figure 9.19. FTP Filter Ex ample â Configu ring FTP Filter Rule 6. Choose to enable to disable the logging option. The default setting is to keep the logging for this rule disabled. 7. Click on the first FTP command s field, a Fire wall Configuration Assistant page is displayed.
Chapter 9. Configuring Firewa ll/NAT Sett ings RX3041H Userâs Manual 72 Figure 9.20 F TP Filter Ex ample â Firewall Con figuration Assistan t 8. Select the desired FTP command from the FTP Com mand drop-down list and then cli ck on the button. The selected FTP command will be adde d into the selected Deny FTP Commands field. Figure 9.21 FTP Filter Exa mple â Add an FTP Filter to Deny FTP Dele te Command 9. Repeat step 8 if more command s are to be added; otherwise, proceed to the next step. 10. Click on button to create this FTP application filter rule. FTP Command drop-do wn list FTP filter drop-do wn list Figure 9.22. FTP Filter Ex ample â Associa te FTP Filter Rule to an ACL Rule 11. Associate the newly added FTP application filter rule t o a firewall A CL rule (inbound, outboun d or group ACL) by selecting a FTP filter from the FTP filter drop-down list (se e Figure 9.22) and then click on or button to save the settings .
RX3041H Userâs Manual Chapter 9. Configuring Firewa ll/NAT Sett ings 73 9.8.1.2.2 HTT P Example: Add a HTTP Filter Rule to Block JAVA Applets and Java Archives 1. Open the Application Filer configuration page by clicking the Fire wall Ã Policy List Ã Application Filter menu. 2. Select HTTP from the Filter Type drop-down list. 3. Select âAdd New Filterâ from the Filter Rule drop -do wn list. 4. Enter a name for this rule â in this example, HTTPrule1. 5. Change the port number if necessa ry. However, it is recom mended that you keep the âDefaultâ setting. Filter Type dr op-do wn list Filter Rule drop- down list Figure 9.23. HTTP Filter Exam ple â Configuring HT TP Filter Rule 6. Choose to enable to disable the logging option. The default setting is to keep the logging for this rule disabled. 7. Check the web application files to block â in this example, Java Applets and Java Archive s 8. Enter additional web application files to block. Enter the file extensi on in the âDe ny Following Filesâ fields if desired. Figure 9.23 shows that flas h files (file extension is *.swf) are to be blocked in addition to Java applet and archive files. 9. Click on button to create this HTTP application filter rule. 10. Associate the newly created HTTP application filter rule to a firewall ACL rule (i nbound, outbound or group ACL) by selecting a HTTP filter from t he HTTP filter drop-down list (see Figure 9.24) and then click on or button to save the settings.
Chapter 9. Configuring Firewa ll/NAT Sett ings RX3041H Userâs Manual 74 Figure 9.24. HTTP Filter Exam ple â Associat e HTTP Filter Rule to an ACL Rule 9.8.1.3 Modify an Application Filte r To modify an IP Pool, f oll ow the instru ctions below: 1. Open the Application Filer configuration page by clicking the Fire wall Ã Policy List Ã Application Filter menu. 2. Select the application filter to modify. Click on the icon of the application filter to be modified in t he Application Filter List table or select the filter type from the Filt er Type drop-down list and then s the filter rule from the Filter Rule drop-down. elect umber, 3. Make desired changes to a ny or all of the following fields: Port n logging option, etc. Filter Type dr op-do wn list Filter Rule drop- down list HTTP filter drop-d own list Figure 9.25. Modify an Applica tion Filter
RX3041H Userâs Manual Chapter 9. Configuring Firewa ll/NAT Sett ings 75 4. Click on the button to save the new sett ings. The ne w settings for this application filter will then be displayed in the Application Filter List table. 9.8.1.4 Delete an Application Filte r To delete an Appli cation Filte r, click on the icon of t he filter t o be dele ted or foll ow the in structi on below: 1. Open the Application Filer configuration page by clicking the Fire wall Ã Polic y List Ã Application Filter menu. 2. Select the application filter to delete. Click on the icon of the application filter to be deleted in the Application Filter List table or select the f ilter type from the Filter Type drop-down list and then select the filter rule from the Filter Rule drop-down. 3. Click on the button to delete this filter. 9.8.2 Configuring IP Pool 9.8.2. 1 IP Pool C o nf i g ur ation Pa r ameters Table 9.7 describes t he con figuratio n para meter s availa ble for an IP pool. Table 9.7. IP Pool Configurati on Parameters Field Description IP Pool Name Enter the name of the local I P IP Pool Type Select the type of IP Pool. IP Range This option al lows yo u to confi gure the range of IP addres ses. Start IP Enter the starting IP address of the range. End IP Enter the ending IP address of the range. Subnet This option al lows yo u to inclu de all th e compute rs that a re conne cted in a n IP subnet. Subnet Address Enter the appro priate IP address. Subnet Mask Enter the corresponding mask. IP Address Th is option allows you to configure sin gle IP address. IP Address Enter the IP Address. 9.8.2.2 Add an IP Pool To add an IP Pool, follow the instr uctio ns be low: 1. Open the IP Pool config uration page by clicking the Firewall Ã Policy List Ã IP Pool menu. 2. Select â Add New Pool â from the IP Pool drop-down list. 3. Enter a pool name into the Name field. 4. Select a pool type from the IP Pool Type drop-down list. 5. If âIP Rangeâ pool type is selected , enter start IP address and end IP address. If âSubnetâ pool type is selected, enter subnet addre s s and subnet mask. If âIP Addressâ pool type is selected, enter an IP adderss.
Chapter 9. Configuring Firewa ll/NAT Sett ings RX3041H Userâs Manual 76 IP Pool drop-down list IP Pool Type dr op-do wn list Figure 9.26 IP Pool Configu ration 6. Click on the button to create the new IP Pool. T he new IP Pool will then be displayed in the IP Pool list table. 9.8.2.3 Modify an IP Pool To modify an IP Pool, f oll ow the instru ctions below: 1. Open the IP Pool config uration page by clicking the Firewall Ã Policy List Ã IP Pool menu. 2. Click on the icon of the IP pool to be modified in the IP Pool List table or select the IP pool from the IP Pool drop-down list. 3. Make desired chan ges to any or all of the follo wing fields: Pool name, Pool type and IP address. 4. Click on the button to save the new sett ings. The ne w settings for this pool will then be displayed in the IP Pool list table. 9.8.2.4 Delete an IP Po ol To delete an I P Pool, click o n the icon of t he IP pool to be d eleted or f ollow the instru ction bel ow: 1. Open the IP Pool config uration page by clicking the Firewall Ã Policy List Ã IP Pool menu. 2. Click on the icon of the IP pool to be deleted in the IP P ool List table or select the IP pool from the IP Pool drop-down list. 3. Click on the button to delete this IP pool.
RX3041H Userâs Manual Chapter 9. Configuring Firewa ll/NAT Sett ings 77 9.8.2.5 IP Pool Example Internet ISR 192.168.1.10 Inside FW Outsid e FW 192.168.1.11 192.168.1.12 MISgroup2 MISgroup1 Figure 9.27. Network Diagr am for IP Pool Configuration 1. Open the IP Pool configuration page to create two IP groups â see Figure 9.28. Figure 9.28. I P Pool Exam ple â Ad d Two IP Pool s â MISgro up1 and M ISgroup 2 2. Associate an IP pool to firewall ACL rules â inbound, outbound or group ACL by sele cting âIP Poolâ from the Source IP Type drop-down list and then choose an IP pool from the IP pool drop- down list. In this example, IP pool is used to as sociate to source IP; however, it can be used to associate to destination IP as well. As shown in Figure 9.29, MISgroup1 is not allow to play networked game, Quake-II at all times.
Chapter 9. Configuring Firewa ll/NAT Sett ings RX3041H Userâs Manual 78 Source IP T yp e dro p -down list IP Pool drop-down list Figure 9.29. I P Pool Exam ple â Deny QUAKE-II Connection for MISgroup1 9.8.3 Configuring NAT Pool 9.8.3.1 NAT Pool Configuration Paramete rs Table 9.8 describes t he co nfigurati on par amete rs avai lable for a NAT pool. Table 9.8. NAT Pool Confi guration Parameters Field Description NAT Pool Name Enter a name for the NAT Pool. NAT Pool Type Select the typ e of NAT Pool and ma ke appropriate IP Address entr ies. Static Select this type of NAT to set a one -to-one Mapping between the Intern al Address and the External Address. LAN IP range For the Inter nal Address Start IP Enter the starting IP address. End IP Enter the ending IP address. Internet IP Range For the Exte rnal Address Start IP Enter the starting IP address. End IP Enter the ending IP address. Dynami c Select this typ e of NAT to map a set of int ernal (corpo rate) machin es to a set of public IP addresses. Ma ke entries for the LAN IP Range and the Internet IP Ra nge as described abov e. Overload Select this type of NAT to use a single public IP address to connect multiple internal (cor porate LAN) mach ines to ext ernal (I nternet ) net work. NAT IP Address Enter NAT IP address, for the ov erload.
RX3041H Userâs Manual Chapter 9. Configuring Firewa ll/NAT Sett ings 79 Field Description Interface Select this type of NAT to specify th e Dynamic Interfac e whose IP address should be used for subjec ting tra ffic to NAT. 9.8.3.2 Add a NAT Pool To add a NAT Pool, foll ow the instru ctions below: 1. Open the NAT Pool config uration page by clicking the Fire wall Ã Policy List Ã NAT Pool menu. 2. Select â Add New Pool â from the NAT Pool drop-down list. 3. Enter a pool name into the Name field. 4. Select a pool type from the Type drop-down list. 5. If âStaticâ or âDynamicâ pool type is selected, enter the original IP addresses (start IP Address, and end IP Address), and mappe d IP addresses (start NAT IP Address and end NAT IP Address). If âO verloadâ pool type is selected, enter the NAT IP address. If you want to use the IP address assigned for t he WAN port as the NAT IP add ress, select t he Interface pool type. NAT Pool drop- down list NAT Pool Type drop-do wn Figure 9.30. NAT Pool co nfigurati on 6. Click on the button to create the new NAT pool. The new NAT pool will then be displayed in the NAT Pool List table. 9.8.3.3 Modify a NAT Pool To modify a NAT Pool, follow the inst ructions bel ow: 1. Open the NAT Pool config uration page by clicking the Fire wall Ã Policy List Ã NAT Pool menu. 2. Click on the icon of the NAT pool to be modified in the NAT Pool List table or se lect the NAT pool from the NAT Pool drop-down list. 3. Make desired chan ges to any or all of the follo wing fields: Pool name, Pool type and IP address.
Chapter 9. Configuring Firewa ll/NAT Sett ings RX3041H Userâs Manual 80 4. Click on the button to save the new sett ings. The ne w settings for this pool will then be displayed in the NAT Pool List table. 9.8.3.4 Delete a NAT Pool To delete a NAT Pool, cli ck on the icon of the NAT pool to be delet ed or follow the inst ruction belo w: 1. Open the NAT Pool config uration page by clicking the Fire wall Ã Policy List Ã NAT Pool menu. 2. Click on the icon of the NAT pool to be deleted in the NAT Pool List table or sel e ct the NAT pool from the NAT Pool drop-down list. 3. Click on the button to delete this NAT pool. 9.8.3.5 NAT Pool Example Figure 9.31 shows the network diagra m for this NAT poo l example. 10.64.2.0/24 ISR Static NAT Pool LAN Port 192.168.1.1 WAN P ort 10.64.2.254 192.168.1.11 10.64.2.1 10.64.2.2 10.64.2.3 192.168.1.12 192.168.1.13 Figure 9.31. Network Dia gram for NAT Pool Example 1. Create a NAT pool for st atic NAT â see Figure 9.32. Figure 9.32. NAT Pool Ex ample â Create a S tatic NAT Po ol
RX3041H Userâs Manual Chapter 9. Configuring Firewa ll/NAT Sett ings 81 2. Associate the NAT pool to an outbound ACL rul e by selecting âNAT Poolâ from the NAT type drop-down list and then choose an existing NAT po ol from the NAT pool drop-down list. Figure 9.33. NAT Pool Exampl e â Associa te a NAT Pool to an ACL Rule 9.8.4 Configuring Time Range With this option you can co nfigure acce ss time range records fo r eventual associ ation with ACL rul es. ACL rules associ ated with a time range record will be a ctive only during the sch eduled period. If the AC L rule denies HTT P access during 10:00hrs to 18:00hrs , then before 10:00hrs and after 18:00hrs the HTTP traffic will be permitted to pas s through. One time ra nge record can co ntain up to three time perio ds. For exampl e: Office hours on weekdays (Mon-Fr i) can have th e following periods: î¦ Pre-lunch period between 9:00 and 1 3:00 Hrs î¦ Post-lunch period bet ween 14:0 0 and 18:30 Hrs Office hours on weekends (Saturday-Sunday) ca n have the following per iods: î¦ 9:00 to 12:00 Hrs Such varying time p eriods can be config ured into a singl e time range record. Access rules can be activ ated based on these ti me period s. 9.8.4.1 Time Range Configurati on Parameters Table 9.9 describes t he con figuratio n para meter s availa ble for a ti me rang e. Table 9.9. Time Rang e Configuration Par ameters Field Description Time Range drop- down list Select "Ad d New Time Range" to add a new time range or selec t an existing time range from th e drop-down li st. Time Range Name Enter a name for the Time Range. Schedule drop -down list Select "Ad d New Sc hedule" to add a new schedule or selec t an exis ting schedule from the drop-d own list. Days of Week Set the days for the schedule. Time (hh:mm) Set the time windows for the schedule in hh:mm format. NAT pool drop-down list NAT type drop-dow n list
Chapter 9. Configuring Firewa ll/NAT Sett ings RX3041H Userâs Manual 82 9.8.4.2 Add a Time Range To add a Time Range, f ollow the instru ctions belo w: 1. Open the Time Range configuratio n pag e by clicking the Firewall Ã Policy List Ã Time Range menu. 2. Select â Add New Time Range â from the Time Range drop-down list. 3. Enter a name into the Time Range Name field. 4. Select â Add New Schedule â from the Schedule drop-down list. 5. Select Days of Week. For example, from Sunday to Saturday. 6. Enter day hours, For example, from 08:00 to 18:00. Time Range drop-d own list Schedule drop -down list Figure 9.34. Time Range Config uration 7. Click on the button to create the new schedule. 9.8.4.3 Modify a Time Range To modify a T ime Range, follow the instructions below: 1. Open the Time Range configuratio n pag e by clicking the Firewall Ã Policy List Ã Time Range menu. 2. Click on the icon of the Time Range to be modified in the Time Range list table or sel ect the Time Range from the Time Range dro p-down list. 3. Select the Schedule from the schedule drop-d own list. 4. Make desired chan ges to any or all of the following fields: Days of week and ho urs. 5. Click on the button to save the new sett ings. 9.8.4.4 Delete a T ime Range To delete a Time Ran ge, click on the icon o f the Time Range to be de leted. 9.8.4.5 Delete a Schedule in a Time Range To delete a schedule in a Time Range , follow th e instructions be low: 1. Open the Time Range configuratio n pag e by clicking the Firewall Ã Policy List Ã Time Range menu. 2. Click on the icon of the Time Range to be deleted in the Time Ran ge list table o r select the Time Range from the Time Range dro p-down list.
RX3041H Userâs Manual Chapter 9. Configuring Firewa ll/NAT Sett ings 83 3. Select the Schedule from the drop-down list. 4. Click on the button to delete this schedule. 9.8.4.6 Time Range Example 1. Create a time range â see Figure 9.32. Figure 9.35. Time Range Exa mple â Create a Time Range 2. Associate the time range to an outbound ACL rule by selecting an existing time range from the Time Range drop-down list. Figure 9.36 shows that MISgroup1 is denied FTP access d urin g office hours. Time Range drop-d own list Figure 9 .36. Time Range Ex ample â De ny FTP Acce ss for MISgroup 1 During Of ficeHours 9.9 Firewall S tatistics â Firewall Ã S tatistics The Firewa ll Statistics pa ge displays details regarding the active connec tions. Fig ure 9.37 s hows a sample firewall statis tics for ac tive connectio ns. To see an updated statistics , click on button.
Chapter 9. Configuring Firewa ll/NAT Sett ings RX3041H Userâs Manual 84 Figure 9.37. Firewall Stati stics
RX3041H Userâs Manual Chapter 10 . Configuring Rem ote Access 85 10 Configuring Remote Access 10.1 Remote Access The RX3041H firew all allows telecommu ters to s ecurely access the ir corporate ne twork using the Remote Access mechan ism based on the n otions of g roups, u sers and a ccess poli cies. Ea ch group i s associate d with a set o f access polic ies tha t are activa ted when a user belo nging to that group logs in . The RX3041H maintains details abou t the acc ess policies de fined for the remote access groups. Th ese access lis ts define the resources the remo te users are allowed to access and the in activity time-out applic able to all the users in the group. When a user belong ing to a group logs in via the In ter net or through the local netwo rk, the RX3041H Firewall activates the po licies as sociated with the gro up and creates dyna mic polici es associat ed with the user. Thes e dynamic policies are referr ed to for every connec tion from the user. Th ey are de leted once the user logs out of the RX3041H or in case of inactivity time-out. A typical confi guration f or remot e access i nvolves the fo llowin g action s: î¦ Add/modify/delete a new user gr oup and user info rmation (in cluding user na me, password and etc) t o the group. î¦ Add/modify/delete grou p access p olicie s. 10.2 Manage User Groups and Users The Remote Access optio n allows you to config ure users an d groups. 10.2.1 User Group Conf iguration Parameters Table 10.1 descri bes the configu ration param eters avail able for remot e access user group and u sers. Table 10.1. User Group Co nfiguration Parameters Field Description User Group User Group Drop- down list Select â Add New User Groupâ to add a new group or select an existing group from th e drop-do wn list. User Group Name Enter a uniq ue User group name fo r the group that you would like to add. Group State Cl ick on t he Enabl e or Disa ble radi o button to enable or disab le the g roup. Disabling the group will force all t he us ers to be disconnected in that group who have already log ged in. Further lo gin of all the users in that gr oup will be disabled. E nabling t he gr oup will allow all t he en abled-use rs in the gro up to log in. Inactivity Timeout Enter the timeout p eriod, which is used to delete the User relat ed sessions when there is no traffic acr oss this connection . User User Drop-down list Se lect âAdd New Userâ to add a new user or selec t an existing user fro m the drop-down list. User Name Enter a unique User name for the user that you wou ld like to add.
Chapter 10. Configuring Rem ote Access RX3041H Userâs Manual 86 Field Description User State Clic k on the E nable or Disable ra dio butt on to ena ble or di sable th e user. Disabling the user will force the use r to be disco nnected. Furth er login fr om that specific user will be disabled. En abling the user will allow the specific user to lo g in. Password Enter the Userâs passwo rd. Confirm Password Enter t he Userâ s password again f or confirmati on. Make sure that yo u ente r the same password as what you ente red in the âPasswordâ fie ld. 10.2.2 Add a User Group and/or a User To add a user group a nd a new user, foll ow the instru ctions below: 1. Open the User Group configuration pag e by clicking the Remote Access Ã User Group menu. 2. Select âAdd New User Groupâ from the user g roup drop-down list. 3. Enter a name into the User Group Nam e field. Make sure that this name is unique among the existing group s. Note that the group name is case sensitive. For example, Group1 a nd group1 are treated as separat e groups. 4. Click on the âEnableâ or âDisableâ radio button in the Group State field to enable or disa ble this group. 5. Enter inactivity timeout period. Default is 300 seconds. 6. If you want to add a user to this newly created group, continue with the fo llowing steps; otherwise, jump to step 12 to complete the configuration. 7. Select âAdd New Userâ from the user drop-do wn list. 8. Enter a unique user name in the User Name field. 9. Click on the âEnableâ or âDisableâ radio in the User State field to enable or disabl e this user. 10. Enter the password in the Password field for this user. 11. Confirm the password by entering again t he password in the Confirm Password f ield. User Group dro p -down list User drop- down list Figure 10.1 . User Group Conf iguration 12. Click on the button to create the new group and/or the new user. To add a new user, follow the instructions below:
RX3041H Userâs Manual Chapter 10 . Configuring Rem ote Access 87 1. Open the User Group configuration pag e by clicking the Remote Access Ã User Group menu. 2. Select an existing group from the user group drop-down list. 3. Select âAdd New Userâ from the user drop-do wn list. 4. Enter a unique user name in the User Name field. 5. Click on the âEnableâ or âDisableâ radio button in the User State field to enable or disable this user. 6. Enter the password in the Password field for this u ser. 7. Confirm the password by entering again t he password in the Confirm Password f ield. 8. Click on the button to add the new user. 10.2.3 Modify a User Group or a User To modify a user group and/or a user, follow the instructions be low: 1. Open the User Group configuration pag e by clicking the Remote Access Ã User Group menu. 2. Select an existing user group from the user gro up drop-down li st. If you just want to modify the attributes of an existing user, please skip to step 4. 3. Make desired chan ges in the Group State and/or Inactivity Timeout fields. If you donât intend to modify attributes of existing users in the group, please skip to ste p 6. Note that the group name cannot be changed. To change the g ro up name, you must first delete the existing group and then create a new group with the desi red name. 4. Select an existing user from the user drop-down list. 5. Make desired chan ges in the User State, Pass word and Confirm Password fields. Note that the user name cannot be changed. To chan ge the user name, you mu st delete the existing user and then create a new user with the desired name. 6. Click on the button to save the new sett ings. 10.2.4 Delete a User Group or a User To delete a u ser grou p, follow t he inst ructions below: 1. Open the User Group configuration pag e by clicking the Remote Access Ã User Group menu. 2. Select an existing user group from the user group dro p-down list. 3. Click on the button to delete this user group. Note that a user grou p can not be deleted unless all the users belon g to the group are deleted first. To delete a user, simply cli ck on the icon of the user in t he Remot e User List table in th e User Group configuratio n page o r follow the inst ruction b elow: 1. Open the User Group configuration pag e by clicking the Remote Access Ã User Group menu. 2. Click on the icon of the user to be deleted in the Remote User List table or sel ect the user from the User drop-down list. 3. Click on the button to delete this user.
Chapter 10. Configuring Rem ote Access RX3041H Userâs Manual 88 10.2.5 User Group and Users Configuration Example Figure 10 .2. User Group an d Users Config uration Ex ample Example Figure 10.2 d isplay s the screen wit h entri es to: î¦ Add a new user group and a new user â¢ Group âS alesâ â¢ User âAlanâ 10.3 Configure Group ACL Rules Group ACL is used to control access privile ges for re mote or loca l user groups . Its con figuration is s imilar to that for firewa ll inb ound/outbou nd ACL rul es, ex cept two additio nal field s â rule ty pe and g roup nam e (see Table 10.2 ). For pro cedures to co nfigure group A CL rules, please ref er to se ction 9.3 or 9.5 f or det ails. 10.3.1 Group ACL Specific Configuration Parameter s Table 10.2 descri bes the group ACL sp ecific confi guration paramet ers. The rest of the confi guration parameters a re the sam e as those f or fire wall inbo und/outb ound AC L rules. Please refer to Ta ble 9.1 f or details on common co nfiguration param eters. Table 10.2. Group ACL Specifi c Configuratio n Paramete rs Field Description Typ e Select the type of traffic to which this rule should app ly. Inbound Select this if this r ule is for inbound tr affic. Outbound Select this if this rule is for outbound traffic . Group Select from t he group drop-do wn list to whi ch this rule should apply. Note that to configure a group ACL rule, a u ser group m ust be configur ed first. Ple ase refer t o 10. 2 for t he configu ration of user groups. 10.3.2 Add a Group ACL Rule To add a group AC L rule, follow th e instructions below : 1. Open the Time Range configuratio n pag e by clicking the Firewall Ã Rem Access Ã Group ACL menu. ote
RX3041H Userâs Manual Chapter 10 . Configuring Rem ote Access 89 2. Select â Add New â from the â ID â drop-down list. 3. Set desired action (Allow or Deny) from the â Action â d rop -do wn list. 4. Select Outbound or Inbound from the rule Type drop-down list. 5. Select a group from the Group drop-down list. 6. Make changes to any or all of the following fiel ds: source/destination IP , source/destination port, protocol, NAT, time ranges, application filtering, and log. Please see Table 9.1 for explanation of these fields. Figure 9.9 illustrates how to create a rule to deny outboun d HTTP traffic for a host w/ IP address 192.168.1.15. User Group dr op- down list Rule type drop-do wn list Figure 10.3. Group ACL Con figuration Exampl e 7. Assign a priority for this rule by selecting a numbe r fro m the â Move to â drop-down list. Note that the number indicates t he priority of the rule with 1 being the highest. Higher priority rules will be examined prior to the lower priority rules by the firewa ll. 8. Click on the button to create the new ACL rule. The new ACL rul e will then be displayed in the group ACL table at the bottom hal f of the Group ACL configuration pag e. Figure 10.4. Group ACL L ist 10.3.3 Modify a Group ACL Rule To modify a group AC L rule, follow the inst ructions bel ow: 1. Open the Time Range configuratio n pag e by clicking the Firewall Ã Remote Access Ã Group ACL menu. Manually 2. Click on the icon of the rule to be modified in the group ACL list table or select the rule number from the â ID â drop-down list. 3. Make desired chan ges to any or all of t he following fields: action, rule type, group, source/destination IP, source/destination port, protocol, NAT, time rang es, ap plication filtering, and log. Please see Table 9.1 and Table 10.2 for explanation of these field s. 4. Click on the button to modify this ACL rule. The new settings for this ACL rule wi ll then be displayed in the group ACL list table at the bottom half of the Group ACL configuratio n page.
Chapter 10. Configuring Rem ote Access RX3041H Userâs Manual 90 10.3.4 Delete a Group ACL Rule To delete an group A CL rule , just cl ick on t he in fron t of the rul e to be delete d or fol low the in struction s below: 1. Open the Time Range configuratio n pag e by clicking the Firewall Ã Remote Access Ã Group ACL menu. 2. Click on the icon of the rule to be deleted in the gro up ACL list table or select the rule number from the â ID â drop-down list. 3. Click on the button to delete this ACL rule. Note that the ACL rule deleted will be removed from the group ACL list table located at the bottom half of the configuration pa ge. 10.3.5 Display Existi ng Group ACL Rules To see e xisting group ACL rules, just open the Group ACL Rule config uration page by clicking on the Firewall Ã Remote Access Ã Group ACL menu. 10.4 Remote User Login Process For a user belongin g to a us er group t o conne ct to the In ternet A ccess Route r, he or she must d o a special login first to activate user group based policies; otherw ise, the RX3041H will drop all th e connection r equests from the user. Users in a user group can ent er the following URL in the b rowser in order to login to the RX3041H and activate assoc iated access polic ies. http://<IP Address >/login The Login Cons ole appears as illus trated in Figure 10.5 Figure 10.5. Login Console After a successful login, the scr een appears as in Figure 10.6. Figure 10.6. Lo gin Status Screen
RX3041H Userâs Manual Chapter 10 . Configuring Rem ote Access 91 Internet ISR User Name : Rich ard Group Name: RoadWarrior Private N etwork 192.168.1.0/24 FTP Server : 192.168.1.20 0 LAN Por t 192.168.1.1 WAN Port 61.222.32.38 User Name : Glori a Group Name: RoadWarrior Figure 10 .7. Network D iagram for Inbound Re mote Access 10.5 Configure Firewall for Remote Access Remote Access is usua lly used to support mobile users of a company to access thei r corporate network without compromi sing on security. The steps re quired for config uring the RX304 1H for remote access is best explained with an examp le. The followin g shows the steps requir ed to co nfigure the RX3041H for the remote users, Richard and Gloria, to access the FTP server located in the protec ted network, i.e . corporate LAN. Figure 10.7 shows the network di agram for this ex ample. 1. Create remote access users an d groups if necessary. Figure 10.8 illustrates the creation of a new user, Gloria. For details on how to add n ew u sers and/or new user grou p for re mote access, please refer to section 10. 2 Manag e User Group s and Users.
Chapter 10. Configuring Rem ote Access RX3041H Userâs Manual 92 Figure 10.8. User and Us er Group Configu ration E xample Figure 10.9. Group ACL Con figuration Exampl e 2. Create an inbound group ACL rul e (see Figure 10.9) to allow remote access u sers, Richard and Gloria, to access FTP server in the corporate net wo rk. 3. Remote users, Richard and Gloria, can then logi n into the RX3041H to access the FTP serve r by entering the following URL in the browser: http://61.222. 32.38/lo gin
RX3041H Userâs Manual Chapter 11. System M anagement 93 11 System Management This chapt er de scribes t he follo wing adm inistrat ive tasks t hat you can pe rform u sing the Co nfigura tion Manager: î¦ Configure system servi ces î¦ Modify password and add manageme nt hosts î¦ Modify system specifi c informatio n î¦ Modify system date and time î¦ Res et, backup and restore system co nfiguration î¦ Update fir mware î¦ L og out of the Configura tion Manager You can access these tasks from the System Management menu. 11.1 Configure System Services As shown in Figure 11. 1, you can use th e System Service s configuration p age to enable or disable services supported by the router. All services, except DDNS, RIP, SNTP and uPnP, are all e nabled at th e fact ory. To di sable or en able ind ividual service, fo llow the steps below: 1. Open the System Services c onfiguration page by cli c ki ng the System Management Ã System Services menu. 2. Click on the âEnableâ or âDisableâ radio button for individual service to enable or disable the desired se rvice. Figure 11.1. System Se rvice s Configuration 3. Click on button to save the settings. 11.2 Change the Login Password and Ma nagement S tation IP Addresses 11.2.1 Change the Login Password The first time you log int o the Co nfiguratio n Manage r, you use t he default usernam e and password: admin and admin . The system allows two types of users â adminis trator (username: admin) and guest (username: guest).
Chapter 11. System M anagement RX3041H Userâs Manual 94 Administrator has the privileg e to modify the system se ttings while guest c an only view the system settings . Passwords of b oth the admin and guest accounts can be c hanged by the adminis trator. Note This username and password is on ly used for logging into the Configuration Manager; it is not the same lo gin password that you use to connect to your ISP. Follow the ins tructions below to change password: 1. Open the Password configuration page by clicking the System Management Ã Pass w ord menu. 2. Enter existing password in the Login Pass w ord field. 3. Type the new password in the N e w Pa s s wor d field and agai n in the Confirm New Pass word field. The password can have up to 16 characters long. When logg ing in, you must type the new password in the sa me upper an d lower case c haracters that you enter here. Figure 11.2. Password Co nfigurati on 4. Click on button to save the new password. Note that the new password will take effect only after all the fields are entered correctly. 11.2.2 Configure Management Stations At times, you may want to limit the hosts that can be u sed to configure the rout er. The default setting all ows the system admin istrator to login from a ny computers as long as the username and password are correctly entered. This may provide op portunities for unauthor ized users to gain acc ess to the Configur ation Manager o f the router as long as he or she possesses th e knowledge of the c orrect username and password. You may configure up to 8 gr oups of man agement statio ns in this configuration p age using options such as s ingle IP address, IP address rang e or netw ork address a nd subnet mask. WARNING If no management st ation group is config ured, administ rator can login from anywhere to the rout er. However, if one or more management station gr oups are co nfigured, only those computers sp ecified in the manag ement groups can co nfigure the router. If yo u forget the configur ation of t he manag ement g roup, you will not be able to gain access to the routerâs Configuration Manager unless the router is reset to the fac tory settings using the reset button. 11.2.2.1 Manageme nt Station Configuration Parameters Table 11. 1 describe s the configur ation pa ramete rs av ailable f or ma nagement statio n confi guration.
RX3041H Userâs Manual Chapter 11. System M anagement 95 Table 11.1. M anagement S tation Confi guration Pa rameters Field Description ID Add New Click on this opti on to add a new man agement gro up. Number Se lect a management group fro m the drop-down list to modify its configurat ion. Address Ty pe This option al lows yo u to sel ect how y ou want to specify the I P addre sses for th e managem ent station grou p. Three options are ava ilable: IP addres s, range and subn et. IP Address This option allows yo u to spe cify an IP a ddress fo r a mana gement statio n. Address Specify th e an appropria te IP address Range This option all ows you to specify a range of IP addresse s for the manageme nt station grou p. The followi ng fields become available for ent ry when this opti on is select ed: Begin Enter the starting IP address o f the range End Enter the endi ng IP addr ess of the ran ge Subnet This option allows you to specify all the computers that ar e connected in an IP subnet to be come the m anagem ent stat ion grou p. When thi s option is selected, th e following fields become available for entry: Network Add ress Enter the appropriate IP address. Subnet Mask Enter the corresponding subnet mask. 11.2.2.2 Add a Management S tation Group To add a managem ent station gro up, follow the inst ructions bel ow: 1. Open the Password configuration page by clicking the System Management Ã Pass w ord menu. 2. Select â Add New â from the â ID â drop-down list. 3. Select âAddress Typeâ from among the th ree options â IP Address , Range and Subnet and then enter the desi red IP address information. Management Sta tion ID drop -do wn list Figure 11.3. M anagement Sta tion Configura tion 4. Click on the button to add the new management station gro up. Yo u will see the newly added management station displaye d in the managem ent station su mmary in the same configuration page.
Chapter 11. System M anagement RX3041H Userâs Manual 96 Figure 11.4. Management Station Summary 11.2.2.3 Modify a Management Station Group To modify a management stat ion group, follow the ins tructions below: 1. Open the Password configuration page by clicking the System Management Ã Password menu. 2. Select a management group from the ID drop-down list. 3. Make desired chan ges to the â Address Type â and the correspondi ng IP address information. 4. Click on the button to modify the settings. 11.2.2.4 Delete a Management Sta tion Group To delete a managemen t station group, jus t click on the in front of the managem ent station g roup (in the management stat ion summary table) to be deleted or follow the instruc tions below : 1. Open the Password configuration page by clicking the System Management Ã Password menu. 2. Select a management group number from the â ID â drop-do wn list. 3. Click on the button to delete the management station group. 11.3 Configure System Identity System specif ic informati on such as syst em name (uni que name for thi s device), sy stem location (wh ere this device is l ocated), an d conta ct person inf ormation for t his dev ice can be m odified in t he System Id entity configuratio n page. Follow the i nstructio ns belo w to modify sy stem spe cific inf ormation: 1. Open the System Identity conf iguration page by clickin g the Sy stem Management Ã Sy stem Identity menu. 2. Change the system name, system locati on and contact to the desired settings. Note that you may use any alphanumeric ch a racters for these fields. 3. Click on button to save the settings. Figure 11.5. System Iden tiy Configuration 11.4 Setup Date and T ime The router keep s a record of the current d ate and time, which it use s to calculate an d report vari ous perform ance data.
RX3041H Userâs Manual Chapter 11. System M anagement 97 Note Changing the dat e and time on the router does not aff ect the date and time on your PCs. There is no real time clock in side the router; ho wever, the correct dat e and time can be obtained from externa l time servers. You may co nfigure up to 5 time server s. Note that SNTP service m ust be enabled in the Sy stem Services configurati on page for the ro uter to a ccess extern al time serv ers. 11.4.1 Date/T ime Configuration Parameter s The follo wing table describ es the av ailabl e config uration paramet ers for date an d time setup. Table 11.2. Date/Time C onfigura tion Param eter s Field Description Date The date is reset to 1/1/2000 w henever the r outer reboots and no SNTP servers are access ible. Correct da te will displa y in this field i f SNTP service is enabled and the co nfigured SNTP serve rs are accessibl e. Time The time is reset to 00:0 0:00 aft er the router reboot s and n o SNTP se rvers are accessible . Correct time will di splay in t his field if S NTP servi ce is enabl ed and the configure d SNTP servers a re accessible. Time Zone Enter the time zone for your region. SNTP Server 1 â 5 Enter the IP address of the SNTP serv ers. Up to 5 SN TP servers can be configured for the router to obtain correct date an d time. Update I nterval Enter the update interval in minutes for the router to ge t the update date and time from the time servers. The defa ult setting i s 60 minu tes. 11.4.2 Maintain Date and T ime Date and time can be maint ained by the router itself by ente ring correct date and time in the Date and Time fields respectively. Note t hat you must manual ly set the date and time agai n each time the RX3041H rebo ots. It is recommended that you use ext ernal time servers to help ma intain the date and ti me for your router. Foll ow the instructio ns below to configur e SNTP servers to maintain date and time for your router: 1. Open the Date/Time configuration p age by clicking the System Management Ã Date/Time menu. 2. Select a time zone setting from the " Time Zone " drop down list for your region. 3. Enter up to 5 SNTP server IP addresses acce ssi ble for your region. 4. Enter the time update interval in the " Update Interval " field. The default update interval is 60 minutes.
Chapter 11. System M anagement RX3041H Userâs Manual 98 Figure 11.6. Date and Tim e Configurati on Page 5. Click on button to save the settings. 11.4.3 Vi ew th e Syst em Date and Time To view the syst em date and time, open t he Date/Tim e configurat ion page by clicking the Sy stem Management Ã Date/Time menu. 11.5 SNMP Setup SNMP (Simple Ne twork Manageme nt Protocol) as it s name suggests is used for ne twork managemen t. You may use the SNMP config uration page to ena ble or disable the SNMP support. 11.5.1 SNMP Configurati on Paramet ers Table 11. 3 describe s the configur ation pa ramete rs avail able f or SNMP setup. Table 11.3. Fixed DHCP Leas e Configuratio n Parameters Field Description SNMP Click on the âEnab leâ or âDisa bleâ radio button to enable or disable the SN MP support. RO Commu nity Name Community stri ng is a clear text string th at is used as password bet ween the SNMP management stat ion and the RX3 041H. This âRead O nlyâ commu nity name is use d by the SN MP manag ement st ation to read the setti ngs in the RX3041H. RW Community Name Community stri ng is a clear text string th at is used as password bet ween the SNMP management stat ion and the RX3 041H. This âRead a nd Writeâ community na me is used by the S NMP management stat ion to r ead and configure the settings in the RX3041H. Trap Addr ess Trap message i s sent by t he RX30 41H to tell t he SNMP managem ent st ation that something has happened on the RX3041H. This field is used to en ter the IP address of the SNMP manage ment station that is supp osed to receive trap messages from the RX3041H.
RX3041H Userâs Manual Chapter 11. System M anagement 99 11.5.2 Configuring SNMP 1. Open the SNMP configur ation page by clicking the Sy stem Management Ã SNMP menu. 2. Click on the âEnableâ or âDisableâ radio button to enable or disabl e the SNMP suppor t. 3. Enter the RO (Read Only) and RW (Read and Write) community names. 4. Enter the IP address of the SNMP management station that receives trap messages from the RX3041 H. Figure 11.7. SNMP Configuration 5. Click on button to save the configuration. You can verify your settings in the existing SNMP configuration table displayed at the bottom of the configuration page. Figure 11.8. Existing SNMP Configuration 11.6 System Configuration Management 11.6.1 Reset to F actory Settings 11.6.1.1 Reset to Fact ory Settings Using Configuration Manager to res nfigurat ion: At times, you may want to revert t o the f actory def ault setti ngs to eliminate problems resulted from incorrect sys tem configuration . Follow the steps below et system co 1. Open the Default Setting confi guration page by cli cki ng the System Management Ã Configuration Ã Default Setting menu. 2. Click on button to set the system configuration back to the factory default settings. Note that the RX3041H will reboot to make the factory default configuration in effect. Figure 11.9. Default Setting Confi guration 3. A count down timer will popup as sho wn below.
Chapter 11. System M anagement RX3041H Userâs Manual 100 Figure 11.10. Counter Timer fo r Default Settin g Configuration 4. When the co p up. Click on the unt down timer elap ses, a dialog window, as shown below, will po button to reconnect to the router. 11.6.1.2 Reset to Factory Settings Using Reset B utton rget your passwo rd or you n s the reset button (first time). the Alarm 11.6.2 on e tion: g the System 2. Sometimes, y ou may fin d that you have n o way to a ccess you r router, e.g. you fo forget the LAN IP addr ess of your router. The only way out in this scena rio is to reset the syst em configuratio to the factory setti ngs by f ollowing t he proc edures bel ow usi ng the reset b utton locate d on th e rear panel: 1. Power off the router and wait for at least 5 seconds. 2. Power on the router and wait around 5 seco nds, pres 3. After the ALARM LED flashes once, press t he re set button again. You will then see LED flash twice in about 5 seconds. Thi s indi cate s that the RX3041H is about to revert to the factory default settings. If you change your mind, y ou may press th e reset button again or turn the power off to cancel the action. If the system configuration failed to reset to the factory settings, repeat this procedure from step 1. Backup System Configurati Follow th steps below to backup system configura 1. Open the Backup configuration page by clickin Management Ã Configuration Ã Backup menu. Click on button to backup the sy stem configuration. Figure 11 .11. Backup System Configu ration 11.6.3 Restore Syst em Configuration tion: g the System Follow the s teps below to backup system con figura 1. Open the Restore configur ation page by clickin Management Ã Configuration Ã Restore menu.
RX3041H Userâs Manual Chapter 11. System M anagement 101 2. Enter the path and name of the system config ur ation file that you want to restore in the âConfiguration Fileâ text field. Figure 11.12. Res tore Sys tem Con figuration Alternatively, you may click on the button to search for the system configuration file on your hard drive. A window similar to the one show n in Figure 11.13 will pop up for you to select the configuration file to restore. Figure 11.13. Wi ndows File Br owser 3. Click on button to restore the system configuration. Note that the RX3041H will reboot to make the new system conf iguration in e ffect. 11.7 Upgrade Firmware ASUSTeK may from ti me to time pr ovide you with an updat e to the firmwa re running on the RX3041H. All system softw are is contained in a single file, called an image . Configuration Manager provides an eas y way to upload the new fir mware image. To upgrade the imag e, follow this procedure: 1. Open the Firmware Upgr ade pag e by clicking the System Man ag ement Ã Firmware Upgrade menu. 2. In the Firmware text box, enter the path and name of the firmware image file. Alternatively, you may click on button to search for it on your hard drive. A window similar to the one sho wn in Figure 11.13 will pop up for you to select the firmwa re im age file.
Chapter 11. System M anagement RX3041H Userâs Manual 102 Figure 11.14. Firm ware Upgrad e Page 3. Click on button to update the firmware; a count down counte r will display as illustrated in Figure 11.15. You can reconnect to the RX304 1H wh en the co unt down timer elapses. If you donât see this counter, the new firmware is not tr ansferre d properly to the RX3041H. Youâll have to manually reset the RX3041H by pressing the re set button to start all over again. Note: the firmware update process may take up to 3 minutes to complete. Figure 11.15. C ounter Dow n Counter fo r Firmware Up date 4. When you reconnect to the C onfigurati on Mana ger, click on the âSystem Infoâ menu to ch eck if the new firmware is properly upgraded. Note t hat you may need to clear the ca che of your we b browser to see the new System Info page. Followi ng is the procedure to clear the browser cache for Microsoft Internet Explorer: a) Click on âToolsâ menu b) Click on âInternet Optionsâ¦â menu c) Click on âDelete Filesâ¦â button to clear the browser cach e. 11.8 Reset the RX3041H Follow the s teps below to reboot RX3041H : 1. Open the Router Reset page by clickin g the Reset menu 2. Click on the button in the Router Reset page. Figure 11 .16. Route r Reset Page 3. Wait for the count down timer, as shown below, to elapse before connecting b a ck to the Configuration Manager Figure 11 .17. Count Down Counter for Router Reset 11.9 Logout Configuration Manager
RX3041H Userâs Manual Chapter 11. System M anagement 103 To logout of Configu ration Mana ger, open the Logo ut page by clicki ng the Logout m enu and t hen click o n the button in the Logout page. I f you are using IE, a wi ndow similar t o the one s hown in Figure 11.19 will pop up for lo gout confirma tion before closing your browser window. Figure 11.18. Lo gout Page Figure 11.19. Con firmation for Closing Bro wser (IE) .

RX3041H Userâs Manual Appendix A. ALG Configuration 105 A ALG Configuration Table A.1 li sts all th e suppo rted ALGs (Applicati on Layer Gateway ). Table A.1. Supp orted ALG ALG/Application Name Protocol and Port Predefined Service Name Tested Softw are Version PC Anywhere UDP/22 PC-ANY WHERE pcAnywhere 9.0.0 TCP/554 RTSP554 UDP/53 DNS RTSP-554 TCP/80 HTTP RealPlayer 8 Plus QuickTime Vers ion 6 TCP/7070 RTSP7070 RealPlayer 8 Plus UDP/53 DNS QuickTime Version 6 RTSP-7070 TCP/80 HTTP UDP/6801 N2P TCP/80 HTTP TCP/443 HTTPS Net2Phone UDP/53 DNS Net2Phone CommCente r Release 1.5.0 TCP/7648 CUSEEME TCP/80 HTTP CUSeeMe UDP/53 DNS CUSeeMe Versi on 5.0.0.043 TCP/1720 H323 Netmeeting UDP/53 DNS TCP/1720 H323 TCP/389 ILS Netmeeting with ILS UDP/53 DNS TCP/1720 H323 UDP/1719 H323G K Netmeeting wi th GK UDP/53 DNS Windows Netmee ting Version 3.01 Opengk Versi on 1.2.0 SIP UDP/5060 SIP SIP User Agent 2.0 TCP/1720 H323 Intel Video Ph one UDP/53 DNS Intel Video Ph one Version 5.0 TCP/21 FTP FTP UDP/53 DNS WFTPD versi on 2. 03 Redhat Linux 7.3 Security ALGs
Appendix A. ALG Configuration RX3041H Userâs Manual 106 ALG/Application Name Protocol and Port Predefined Service Name Tested Softw are Version UDP/1701 L2T P L2TP UDP/53 DNS Windows 2000 Server built-in TCP/1723 PPTP PPTP UDP/53 DNS Windows 2000 Server built-in UDP/500 IKE ESP IPSec (Only Tunnel Mode with ESP) UDP/53 DNS Windows 2000 Server built-in Chats TCP/ 5190 AOL TCP/80 HTTP AOL Chat UDP/53 DNS AOL Instant Messenger Version 5.0.2938 TCP /5191 ICQ_20 00 TCP/80 HTTP ICQ Chat NB: Applicati on sh ould be configured to use TCP/5191 UDP/53 DNS ICQ 2000b TCP/ 6667 IRC TCP/80 HTTP IRC UDP/53 DNS MIRC v6.02 TCP/1863 MSN TCP/80 HTTP MSIM UDP/53 DNS MSN Messenger Service Version 3.6.0039 Games TCP/47624 MSG1 TCP/28801 MSN -ZONE TCP/443 HTTPS TCP/80 HTTP Flight Simulator 2002 (Gaming Zone) UDP/53 DNS Flight Simulator 2002, Professional Edition UDP/ 27910 QUAKE TCP/28801 MSN -ZONE TCP/443 HTTPS TCP/80 HTTP Quake II (Gaming Zone) UDP/53 DNS Quake II TCP/47624 MSG1 Age Of Empires (Gaming Zone) TCP/28801 MSN -ZONE Age of Empires, Go ld Edition
RX3041H Userâs Manual Appendix A. ALG Configuration 107 ALG/Application Name Protocol and Port Predefined Service Name Tested Softw are Version TCP/443 HTTPS TCP/80 HTTP UDP/53 DNS TCP/4000 DIABLO-II TCP/ 6112 BATTL E-NET-TCP, BATTLE-NET-UDP UDP/53 DNS Diablo II (BATTLE- NET-TCP, BAT TLE- NET-U DP) UDP/6112 Diablo II Diablo II Other common Appli cations TCP/110 POP3 POP3 UDP/53 DNS Outlook Expr ess 5 TCP/143 IMAP4 IMAP UDP/53 DNS Outlook Expr ess 5 TCP/25 SMTP SMTP UDP/53 DNS Outlook Expr ess 5 TCP/443 HTTPS TCP/80 HTTP HTTPS / TLS / SSL UDP/53 DNS Internet Explorer 5 TCP/389 ILS LDAP UDP/53 DNS Openlda p 2.0.25 TCP/119 NNTP NNTP UDP/53 DNS Outlook Expr ess 5 TCP/79 FINGER Finger UDP/53 DNS Redhat Linux 7.3

RX3041H Userâs M anual Appendix B. Syst em Specificat ions 109 B System S pecifications B.1 Hardware S pecification Table B.1. Har dware Specific ation Input Varied w/ regions. No te your AC adapter o nly works w/ your region. AC Adapter Output 15VAC, 700mA Flash 4MB Memory SDRM 16MB WAN 1 â 10/100Mbps , auto speed nego tiation LAN 4 â 10/100Mbps , auto MDI/MDIX, auto speed negotiation Reset button For use on system reboot and reset to factory settings Ports Console port For use by ASUS only Temperature: 0 Â°C ~ 40Â°C (32Â°F ~ 1 05Â°F) Operatio n Humidity: 10% ~ 90%, non-condens ing Temperature: - 20Â°C ~ 65Â°C (-4Â°F ~ 149Â°F) Environmental Specif icatio n Storage Humidity: 10% ~ 90%, non-condens ing B.2 Default Settings Table B.2 li sts the defa ult setting s for your route r. Para meters not lis ted in this table do not have default settings. Table B.2. System De fault Settings LAN IP Address 192.168. 1.1 IP Subnet Mask 255.255. 255.0 IP Address P ool 192.168. 1.10 ~ 192.16 8.1.200 Subnet Mask 255.255. 255.0 Lease Tim e 14 days Default Gateway 192.168. 1.1 DHCP Server Primary DNS 192.168.1.1 WAN Default Connection Mode PPPoE PPPoE Unnumbered PPPoE Disable
Appendix B. Syst em Specificat ions RX3041H Userâ s M anual 110 Host Name RX3041H Obtain DNS Automatically MSS Clamping Enabled, MSS Value â 40 byte s (PPPoE:0, PPPoE:1) Options Keep A live, Echo Interval â 60 secon ds Host Name RX3041H Obtain DNS Automatically Dynamic (DHCP Client) MAC Clonin g Disabl e Routing RIP Enable Passive Mo de Disable RIP Version (Send) Version 2 RIP Version (Receive) Both Authenticati on Disabl e RIP Authentication Mode Clear T ext Dynamic Ro uting Authentication Key admin Remote Access User Group Inactivity Timeo ut 300 seconds Firewall Inbound ACL Deny all inbound traffi c Outbound ACL Allow all outboun d traffic, NAT â WAN interface, Time Ranges â alw ays, Applic ation Filtering â none, Log - disable Enable URL Filter Proxy Port 80 Advanced Ã Self Access From LAN: ICMP; TCP 23, 80, 10081; UDP 161, 162, 53 Enable SYN Flooding, ICMP Verbose, Max IP Fragment Count â 45, Min IP Fragm ent Size â 512 bytes Advanced Ã DoS Disable Winnuke, MIME Flood, FTP Bounce, IP Unaligned T ime-stamp, Sequence Numbe r Prediction Check, Sequ ence Number O ut-of- range Check, ICMP Verbose Log File Enable for A ccess, Syst em and F irewal l Log File B ackup via Email Disable Email Disable Syslog Server Disable
RX3041H Userâs M anual Appendix B. Syst em Specificat ions 111 Syste m Manage ment Enable Firewall, DNS Relay, DHCP Server, Revert back to the f acto ry default b y using t he Reset button System S ervices Disable DDNS, RIP, SNTP, UPnP Username: admin (cannot be changed ) Administrator Password: admin Username: gues t (cannot be changed) Password Guest Password: gues t System I dentity System Name RX3041H Date 1/1/2000 (moth/day/y ear) Time 00:00:00 (hour:min:sec) Time Zone GMT 8:00 Date/Time SNTP Update Interval 60 minutes Disable RO (Read-Only) Community Name public SNMP RW (Read-and -Write) Community Name private

RX3041H Userâs Manual Appendix C. IP Addresse s, Network M asks, and Sub nets 113 C IP Addresses, Network Masks, and Subnets C.1 IP Addresses Note This sectio n pertains only to IP addres ses for IPv4 (versi on 4 of the Internet Proto col). IPv6 addr esses are not co vered. This sectio n assumes basic know ledge of binary num bers, bits, and bytes. For details on this subject, see Appen dix A. IP addresses, the Int ernet's version of teleph one number s, are used to identify indivi dual nodes (comput ers or devices) on the Interne t. Every IP address contains four numbers, each from 0 to 255 and sep arated by d ots (periods), e. g. 20.56.0.2 11. These number s are called, from left to righ t, field1, field2, field3, an d field4. This style of writing IP a ddresses as decimal numbers separated by dots is called dotted decimal no tation . The IP address 20. 56.0.211 i s read "twe nty dot fifty-six dot ze ro dot tw o-eleven." C.1.1 Struct ure of an IP address IP addresse s have a hiera rchical design si milar to t hat of tel ephone number s. For ex ample, a 7-dig it telepho ne number star ts with a 3-digit prefix that identifies a gr oup of thousands of tele phone lines, and ends with four digits th at identify one specific line in that group. Similarly, IP a ddresses contai n two kind s of informat ion. î¦ Ne twork ID Identifies a particul ar network within t he Intern et or Intr anet î¦ Hos t ID Identifies a partic ular comput er or device on the netwo rk The first part of every IP address contain s the network ID, and the rest of the add ress contain s the host ID. The leng th of the netw ork ID depe nds on the network's class (see following sect ion). Table C.1 sh ows the structure of an IP address. Table C.1. IP Address stru cture Field1 Field2 Field3 Field4 Class A Net work ID Host ID Class B Net work ID Host ID Class C Network ID Host ID Here are some example s of valid IP addresses: Class A: 10.30.6. 125 (network = 10, host = 30. 6.125) Class B: 129.88. 16.49 (net work = 129.88, host = 1 6.49) Class C: 1 92.60.201.11 (netwo rk = 192.60.201 , host = 1 1) C.2 Network classes The three common ly used network cla sses are A, B, and C. (There is also a class D but it has a spe cial use beyond the scope of this discussion.) These classes have differen t uses and characteris tics.
Appendix C. IP Addresse s, Network M asks, and Sub nets RX3041H Userâs Manual 114 Class A net works are the I nternet's largest net works, each with room for ov er 16 mill ion hosts. Up t o 126 of these huge n etworks ca n exist, f or a tot al of over 2 billion hosts. Because of t heir huge size, t hese networks are used for WANs and by organiza tions at the infras tructure level of the Internet, such as your ISP. Class B networks are smaller but still quite large, each able to hold over 65, 000 hosts. There can be up to 16,384 class B networks in e xistence. A class B network migh t be appropria te for a large organ ization such as a business or governmen t agency. Class C networks are the smallest, only able to hold 254 hosts at most, bu t the total possible number of class C networks exceeds 2 million (2,097 ,152 to be exac t). LANs connected to the Internet are usua lly class C networks. Some important notes regardin g IP addresses: î¦ The class can be determined easily from field1: fiel d1 = 1 -126: Class A field1 = 128-191: Class B field1 = 192-223: Class C (field1 values n ot shown ar e reserved for special uses) î¦ A host ID can have any v alue exce pt all field s set to 0 o r all field s set to 25 5, as those values a re reserv ed for special u ses. C.3 Subnet masks Definitio n mask A mask looks like a regular IP address, but contains a pattern of bits that tel ls what p arts of an I P address a re the net work ID and what parts ar e the host I D: bits set to 1 mean " this bit is part of th e network ID" a nd bits set t o 0 mean "t his b it is part of the host ID." Subnet masks are used to define subnets (what you get after divi ding a network int o smaller pie ces). A subnet's net work ID is cre ated by " borrowing" one or mo re bits fro m the host I D porti on of the addre ss. The subnet mask id entifies these hos t ID bits. For example, consid er a class C network 19 2.168.1. To split this into two subnet s, you would use the su bnet mask: 255.255. 255. 128 It's easier to see what's happen ing if we write this in binary: 11111111. 11111111. 1 1111111.10000 000 As with any cla ss C address, all of the bits in field1 through f ield 3 are part of the netw ork ID, but note how the mask specifie s that th e first bit i n field 4 i s also i ncluded. Since th is extra b it has only t wo value s (0 and 1), this means there are two subnets . Each subnet uses the remainin g 7 bits in field4 for its host IDs, whic h range fro m 0 to 127 (in stead of the u sual 0 t o 255 for a clas s C ad dress). Similar ly, to spli t a class C ne twork int o four subnets , the m ask is : 255.255.255 .192 or 11111111. 111 11111. 1111111 1.11000000 The tw o extra bi ts in field4 can ha ve four values (00, 01, 10 , 11), s o there are four sub nets. Eac h subnet uses the remaining six bit s in field4 for its host IDs, ran ging from 0 to 63. Note Sometimes a su bnet mask does not specify any additional network ID bit s, and thus n o subnet s. Such a mask i s called a default subnet mask . These masks are: Class A: 255. 0.0.0 Class B: 255. 255.0.0
RX3041H Userâs Manual Appendix C. IP Addresse s, Network M asks, and Sub nets 115 Class C: 255.255. 255.0 These are ca lled default because they are used when a network is initially configured, at whi ch time it has no subnets.

RX3041H Userâs Manual Appendix D. Troubleshoo ting 117 D T roubleshoot ing This appendix su ggests solutions for problems you may encounter in installing or using the RX 3041H, and provides inst ruction s for usi ng sev eral IP util ities to di agnos e problem s. Contact Customer Support if these suggestions do not resolve the problem. Problem Trouble shooting S ugges tion LEDs Power LED d oes not illuminate aft er product is turned on. Verify that you are using t he AC adapter pr ovided with your router and that it is securely connected to your router and a power ou tlet or a power str ip. LINK WAN LE D does not illumi nate after Ethernet cable is at tached. Verify that an Ethernet ca ble like the one provid ed is securely connected to th e Ethernet port of you r ADSL or cable mode m and the WAN po rt of the router. Make sure that yo ur ADSL or cable modem is pow ered on. Wait ar ound 30 seconds to allow the router to negotiate a connection with your broadba nd modem. LINK LAN LE D doe s not illuminat e after Ethernet cable is attached. Verify that the Ethernet cable is secure ly connected to your LAN hub or PC and to the RX30 41H. Make sure the PC an d/or hub is turned on . Verify that yo ur cable i s sufficie nt for your network re quirem ents. A 100 Mbit/sec network (100 BaseTx) should use cables labeled Cat 5. 10Mbit/sec cab les may tolerate lower quality cables. Internet Access PC cannot access Internet Use the ping utility, discussed in th e following sect ion, to chec k whether you r PC can communicate wit h the router (by default, the LAN IP address of the router is 192.1 68.1.1). If it cannot, check the Et hernet ca bling. If your PC can communica te with the router , verify the following : â¢ Che ck that the gateway IP address configured on your computer is the routerâs LA N IP addre ss (see the Quick Start Guide chapter, Part 2 for instructions on viewing the IP information.) If it is not, correct the default gateway IP address or configure your PC to receive the default gateway IP address automatically from the router. â¢ Verify with your ISP that the DNS serve r configured on the router is valid. Correct the DNS server IP address if necessary and configure your PC to receive this information automatically from the router. Alternatively, you may also configure a valid DNS server IP address on your PC. â¢ Verify that a Network Addres s Tra nslation rule has been defined on the router to translate the private address to a
Appendix D. Troubleshoo ting RX3041H Userâs Manual 118 Problem Trouble shooting S uggesti on public IP address (usually this public IP address is the WAN IP address). Your PCâs IP address must be within the IP range specified in the NAT rules. The default firewall outbound ACL rule inclu des a NAT rule for all hosts on the LAN. Configuration Manager Progra m Forget your Configuratio n Manager user ID or password. If you have not changed the password fro m the default, try using âadminâ as th e user ID and âadminâ for the p assword. Otherwise, you can re set the devi ce to the def ault confi guration by following t he instru ctions provi ded in section 11. 6.1.2 â Res et to Factory Settings Using Rese t Button â. WARNING: Resetting to the factory settings remo ves any custom se ttings. Cannot access the Configuratio n Manager from your browser . Use the ping utility, discussed in th e following se ction, to che ck whether your PC can co mmunicate wit h the router (by default, the LAN IP address of your rout er is 192.168.1. 1). If it cannot, check the Et hernet cabling. Verify that yo u are using I ntern et Explo rer v5.5, Netscap e 7.0.2 or later. Suppo rt for JavascriptÂ® must be enab led in your browser. Suppor t for JavaÂ® may also be required. Verify that the PCâs IP address is assigned as being on the same subnet as the IP address assigned to the LAN port of the router. Changes to Configuratio n Manager are not being retai ned. Be sure to cli ck on button to save changes . D.1 Diagnosing Problem using IP Utilities D.1.1 Pin g Ping is a command you can use to check whether your PC can recognize o ther computers on your ne twork and the Int ernet. A ping command se nds a me ssage to the compute r you spe cify. If the comp uter receive s the message, it sen ds messages i n reply. To use it, you mu st know the I P addr ess of the com puter wit h which yo u are trying to commu nicate. On Windows-based computers, you ca n execute a ping co mmand from the Start menu. Click the Start button, and then cl ick Run. I n the O pen text box, t ype a st atement such as the followin g: ping 192.168.1 .1 Click . You can substitu te any private IP address on your LAN or a public IP ad dress for an In ternet site, if know n. If the target computer receiv es the message, a Command Pr ompt window displ ays like that shown in Figure D.1.
RX3041H Userâs Manual Appendix D. Troubleshoo ting 119 Figure D.1. Using the ping Utility If the target computer cannot be located, you will receive t he me ssage âRequest timed out.â Using the pi ng comma nd, you ca n test wh ether the path to the RX304 1H is working (using t he pre configu red default LAN IP address 192.168.1.1) or another address you assigned. You can also t est wh ether access to th e Internet is wo rkin g by typin g an ext ernal addres s, such a s that for www.yahoo.com (216.115.108 .243). If you do no t know the IP address of a particular Inter net location , you can use the ns lookup comman d, as ex plain ed in the f ollowin g sect ion. From most other IP-enabled ope rating systems, you can exec ute the same comm and at a comman d prompt or through a system administration util ity. D.1.2 Nslo okup You can use t he nsloo kup comman d to determi ne the I P address associated with an Internet site n ame. You specify the common name, and th e nslookup co mmand looks up the name on your DNS ser ver (usually located with your ISP). If that name is not an entry in your ISPâs DNS table, the re quest is then referred to another high er-level se rver, and so on, until the ent ry is found. The server then ret urns the associa ted IP address. On Windows-based computers, you can execute the nslo okup command from the Start menu. C lick the Start button, and then click Run. I n the O pen text box, type the following: nslook up Click . A Command Pro mpt window displays with a b racket prom pt (>). At the prom pt, type th e name of th e Internet addr ess you are interested in, such as www.absnews.com . The window will display the associate IP addr ess, if known, as shown in Figure D.2.
Appendix D. Troubleshoo ting RX3041H Userâs Manual 120 Figure D.2. Using the nsl ookup Utility There may be several add resses associat ed with an Internet name. Thi s is common for web site s that receive heavy traffic; t hey use m ultiple, redun dant server s to carry t he same i nformati on. To exit from th e nslookup utility, typ e exit and press <Enter> at the command prom pt.
RX3041H Userâs Manual Appendix E. Glossary 121 E Glossary 10BASE-T A designation for the type of wiring used by Ethernet networks with a data rate of 10 Mbps. Also known as Category 3 (CAT 3) wiring. See also data rate, Ethernet . 100BASE-T A designation for the type of wiring used by Ethernet n etworks with a data rate of 100 Mbps. Also known as Category 5 (CAT 5) wiring. See also data rate, Ethernet . ADSL Asymmetric Digital Subscriber Line The most commonly deployed "flavor" of DSL for home use r s. The term asymmetrical refers to its unequal data rates for downloadin g and uploading (the download rat e is higher than the upload rate). The asymm etrical rate s benefit home users because they typically download much more data from the Interne t than they upload. authenticate To verify userâs identity, such as by prompting for a p assword. binary The "base two" system of numbers, that uses only two digits, 0 and 1, to represent all numbers. In binary, the number 1 is written as 1, 2 as 10, 3 as 11, 4 as 100, etc. Although expressed as decimal nu mbe rs for convenience, IP addresses in actual use are binary numbers; e.g., t he IP address 209.191.4.240 is 11010001.101111 11.00 000100.11110000 in bina ry. See also bit, IP address, network mask . bit Short for "binary digit," a bit is a num ber that can have two values, 0 or 1. See also binary . bps bits per second broadband A telecommunicatio ns technology that can se nd different types of data over the same medium. DSL is a broadband technolo g y. broadcast To send data to all comput ers on a network. DHCP Dynamic Host Configuration Protocol DHCP automates address assignm ent and management. When a computer con nects to the LAN, DHCP assigns it an IP address from a sh a red pool of IP addresses; after a specified time limit, DHCP returns the addre ss to the p ool. DHCP relay Dynamic Host Configuration Protocol relay A DHCP relay is a computer that forwards D H CP data between computers that request IP addresses and the DHCP server that assigns the addre s se s. Each of the RX3041H's interfaces can be co nfigured as a DHCP relay. See DHCP . DHCP server Dynamic Host Configur ation Protocol server A DHCP server is a comp u ter that is res ponsible for assigning IP addre s se s to the computers on a LAN. See DHCP . DNS Domain Name System The DNS maps domain names into IP addres se s. DNS information is distributed hierarchically throughout the Internet am ong computers called DNS servers. Whe n you start to access a web site, a DNS serv er looks u p the requ ested domain name to find its corresponding IP addres s. If the DNS server cannot find the IP address, it communicates with higher-level DNS servers to dete rmine the IP address. See also domain name. domain name A domain name is a user-friendly name used in pla ce of its associated IP address. For example, www.hinet.net is the domain name associat ed with IP address 168.95.1.88. Domain names must be unique; their a ssi gnment is controlled by the Internet Corporation for Assigned Name s and Numbers (ICANN). Dom ain names are a key
Appendix E. Glossary RX3041H Userâs M anual 122 element of URLs, which identify a specific file at a web site, e.g., http://www.asus.com . See also DNS. download To transfer data in the downstream direct ion, i.e., from the Internet to the user. DSL Digital Subscriber Line A technology that allows both digital data and analog voice sign als to travel over existing copper telephone lines. Ethernet The most commonly installed computer net work technology, usuall y using twi sted pair wiring. Ethernet data rates are 10 Mbps and 10 0 Mbp s. See also 10BASE-T, 100BASE-T, twisted pair . filtering To screen out selected types of data, based o n filtering rules. Filtering can be applied in one direction (upstream or downstream), or in both direction s. filtering rule A rule that specifies what kinds of data the a routing d evice will a ccept and/or reject. Filtering rules are defined to operate on an in terface (or multiple interfaces) and in a particular direction (upst rea m, downstream, or both). firewall Any method of protecting a computer or LAN connected to the Internet from intrusion or attack from the outside. Some firewall prot ection can be provided b y packet filtering and Network Address Tra n slation services. FTP File Transfer Protocol A program used to transfer files between computer s connected to the Internet. Common uses include u plo ading new or updated files to a web serv er, and downloading files from a web server. hop When you send data through the Internet, it is sent first from your computer to a router, and then from one router to another un til it fi nally reaches a ro uter that is directly connected to the recipient. Each individual âleg â of the dataâs jo urney is called a hop. hop count The number of hops that data has taken on its route to its destin ation. Alternatively, the maximum number of hops that a packet is allowed to take before be ing disca rded ( see also TTL ). host A device (usually a computer) con ne cted to a network. HTTP Hyper-Text Transfer Protocol HTTP is the main protocol used to transf er data from web sites so that it can be displayed by web browsers. See also web browse r, web site . ICMP Internet Control Message Protocol An Internet protocol used to report erro rs and other network-related information. The ping command makes use of ICMP. IGMP Internet Grou p Managem ent Prot ocol An Internet protocol that enab les a computer to share info rmation about it s membership in multicast gro ups with adjacent rout ers. A multicas t group of compu ters is on e whose members have des ignated as interest ed in receiving spec ific content from th e others. Multicasting to a n IGMP group can be used to simultaneously update th e address books of a group of mobile computer users or to send company newsletters to a distribution lis t. Internet The global collection of interconnected networks used for both private and business communications. intranet A private, company-internal network that l ooks like part of the Internet (use rs access information using web browsers), but is accessible only by employees. IP See TCP/IP. IP address Internet Protocol address The address of a host (computer) on the Internet, consi sting of four num bers, each
RX3041H Userâs Manual Appendix E. Glossary 123 from 0 to 255, separated by periods, e.g., 209.191.4.240. An IP address consists of a network ID that identifies the particular netwo rk the host belongs to, and a host ID uniquely identifying the host itself on that network. A network mask is u sed to define the network ID and the host ID. Becaus e IP addre sses are difficult to remember, they usually have an associated domain name that can b e spe cified instead. See also domain name, network mask . ISP Internet S ervice P rovid er A company that provides Internet acce ss to its customers, usually for a fee. LAN L ocal A rea N etwork A network limited to a small geographic area, such as a home, office, or small b uilding. LED Light Emitting Diode An electronic light-emitting device. The indica tor lights on the fro nt of the RX304 1H are LEDs. MAC addr ess Media Access Control add ress The permanent hardwa re address of a devic e, assigned by its manufacturer. MAC addresses are expressed as six pai rs of characters. mask See netwo rk mask . Mbps Abbreviation for Megabits per seco nd, or one million bits per second. Netwo rk data rates are often expressed in Mbps. NAT Network Addres s Translation A service performed by many routers that translates your netwo rkâs publicly known IP address into a private IP address for each computer on your LAN. Only your router and your LAN know these addresses; the outside world sees only the publi c IP address when talking to a computer on your LAN. NAT rule A defined method for translating between publ i c and private IP addre sses on your LAN. network A group of computers that are connected t ogether, allowing them to comm uni cate with each other and share resources, such as softw are, files, etc. A network can be small, such as a LAN , or very large, such as the Internet . network mask A network mask is a sequence of bits a pplied to an IP address to select the network ID while ignoring the host ID. Bits set to 1 mean "select this bit" while bits set to 0 mean "ignore this bit." For example, if the netwo rk mask 255.255.255.0 i s applied to the IP address 100.10.50.1, the ne twork ID is 100.10.50, and the host ID is 1. See also binary, IP address, subnet, "IP Addresses Explaine d" section . NIC Network Interface Card An adapter card that plugs into your computer and provides the physical interface to your network cabling, which for Ethernet NICs is typically an RJ-45 connector. See Ethernet, RJ-45 . packet Data transmitted on a network con si sts of units called packets. Each packet contains a payload (the data), plus overhead informati on such as where it came from (source address) and where it should go (de stination address). ping Packet Internet (or Inter-Network) Groper A program used to verify whether the host associated with an IP address i s onlin e. It can also be used to reveal the IP address for a given domain n ame. port A physical access p oint to a device such as a computer or router, through which data flows into and out of the device. PPP Point-to-Point Protocol A protocol for serial data transmission that is used to carry IP (and other protocol) data
Appendix E. Glossary RX3041H Userâs M anual 124 between your ISP and your computer. The WAN interface on the RX3041 H uses two forms of PPP called PPPoA and PPPoE. See also PPPoA, PPPoE . PPPoE Point-to-Point Protocol over Ethernet One of the two types of PPP interfaces you can define for a Virtual Circuit (VC), the other type being PPPoA. You can define one or more PPPoE interfaces per VC. protocol A set of rules governing the transmi ssion of data. In order for a data transmission to work, both ends of the connection have to follow the rules of the protocol. remote In a physically separate location. For exampl e, an employee away on travel who logs in to the companyâs intranet is a remote user. RIP Routing Information Protocol The original TCP/IP routing protocol. There are two versions of RIP: version I and version II. RJ-45 Registered Jack Standard-45 The 8-pin plug used in transmitting data over phone lines. Ethernet cabling usually uses this type of connector. routing Forwarding data between your network and t he Internet on the mo st efficient route, based on the dataâs destinati on IP address and curre nt network conditions. A device that performs routing is called a router. rule See filtering rule, NAT rule . SDNS Secondary Domain Name Sy stem (server) A DNS server that can be used if the pr imary DSN server is not available. See DNS . SNMP Simple Network Management Protocol The TCP/IP protocol used for network management. subnet A subnet is a portion of a network. The subnet is distin guished from the larger network by a subnet mask which s elect s some of the com put ers of the network and excludes all others. The subnet's computers re main physically conn ecte d to the rest of the parent network, but they are treated as though they were on a sepa rate network. See also network m ask . subnet mask A mask that defines a subnet. See also network mask . TCP See TCP/IP. TCP/IP Transmission Control Pr otocol/Internet Protocol The basic protocol s used o n the Internet. TCP is responsi ble for di viding data up into packets for delivery and reassembling them at the destination, while IP is respon sible for delivering the packets from sour ce to destin ation. When TCP and IP are bundled with higher-level applications such as HTTP , FTP, Telnet, etc., TCP/IP refers to this whole suite of protocols. Telnet An interactive, character-based pro gra m used to access a remot e computer. While HTTP (the web protocol) and FTP only allo w you to downl oad files from a remote computer, Telnet allows you to log into and use a computer from a remote location. TFTP Trivial File Transfer Protocol A protocol for file transfers, TFTP is easier to use than File Transfer Protocol (FT P) but not as capable or secu re. TTL Time To Live A field in an IP packet that limits the life span of that packet. Originally meant as a time duration, the TTL is usually represented instead as a maximum hop count; each router that receives a packet decrements this field by one. When the TTL reaches zero, the packet is discarded.
RX3041H Userâs Manual Appendix E. Glossary 125 twisted pair The ordinary copper telephone wi ring lo ng used by telephone companies. It contains one or more wire pairs twi sted togeth er to reduce inductance and noise. Each telephone line uses one pair. In home s, it is most often installed with two pairs. For Ethernet LANs, a higher grade called Cat egory 3 (CAT 3) is used for 10BASE-T networks, and an even higher grade called Category 5 (CAT 5) is used for 100BASE-T networks. See also 10BASE-T, 100BASE-T, Ethernet . upstream The direction of data transmission from the use r to the Internet. WAN Wide Area Network Any network spread over a large geogra phica l area, such as a country or continent. With respect to the RX3041H, WAN refers to the Internet. Web browser A software program that uses Hyper-Te xt Transfer Prot ocol (HTTP ) to download information from (and upload to) web sit es, and di splays the information, which may consist of text, graphic images, audio, or video, to the user. Web browsers use Hyper- Text Transfer Protocol (HTTP). Popular web browsers include Netscape Navigator and Microsoft Internet Explorer. See also HTTP, web site, WWW . Web page A web site file typically containing text, graphics and hyperlinks (c ross-references) to the other pages on that web site, as well as to pages on other web sites. When a user accesses a web site, the first page that is displayed is called the ho me page . See also hyperlink, web site . Web site A computer on the Internet that distribut es information to (and get s information from) remote users through we b bro wsers. A web si te typically consists of web pages that contain text, graphics, and hyperlinks. See also hyperlink, web pag e . WWW World Wide Web Also called (the) Web. Coll ective term for all web sites anywhere in the world that can be accessed via the Internet .

RX3041H Userâs Manual Appendix F. Index 127 F Index 100BASE-T, 121 10BASE-T, 121 ADSL, 121 authenti cate, 121 Binary numbers, 121 Bits, 121 Broadband, 121 Broadcast, 121 Computer s configuring IP information, 10 Configuration Manager overview, 2 1 troubleshooting, 118 Connectors rear pane l, 3 Date and time, changin g, 96 Default configuratio n, 20 Default gateway, 33, 41 DHCP defined, 26, 121 DHCP Address Table pa ge, 28 DHCP client defined, 26 DHCP relay, 121 DHCP server, 121 defined, 26 pools, 26 viewing assigned addresses, 2 8 DHCP Server Configuration page , 28 Diagnosin g problems after installation, 20 DNS , 27, 29, 121 defined, 29 relay, 30 Domain name, 121 Domain N ame System . See DNS download, 122 DSL defined, 122 Dynamically assigned IP addresses, 26 Eth-0 interfac e defined , 20 Ethernet defined, 122 Ethernet cable, 9 Features, 1 Filtering rule, 12 2 Firewall, 122 Firmware Upgrade page , 102 Firmware up grades, 101 Front panel, 3 FTP, 122 Gatewas in DHCP pools, 27 Gateway defined, 41 Hardware connec tions, 9, 10 Hop, 122 Hop count, 122 Host, 122 Host ID, 113 Host Na me , 33, 36 HTTP, 122 HTTP DDNS, 48
Appendix F. Index RX3041H Userâs Manual 128 Internet, 122 troubleshooting access to, 117 Intranet, 122 IP address in device' s routing tabl e, 44 IP addresses, 122 explained, 113 IP configuration static, 13 static IP addresses, 13 Windows 2000 , 11 Windows Me, 12 Windows NT 4.0, 12 IP Configuration Windows XP, 11 IP information configuri ng on LAN com puters, 10 , 42, 43, 44 IP routes manually confi guring, 43 IP Routes defined, 41 ISP, 123 LAN, 123 LAN DHCP, 25 LAN IP address, 25 specifying, 25 LAN IP Address Conf iguration p age, 26 LAN network mask , 25 LAN Statistics page, 31 LAN subnet m ask, 25 LEDs, 3, 123 troubleshooting, 117 Login to Configuration Ma nager, 21 MAC address in DHCP Address Table , 28 in Fixed DHCP Lease Table , 29 MAC addresses, 123 Management Stati on Configuration, 95 Mask. See Network mask Mbps, 123 NAT defined, 52, 123 Dynamic, 53 NAPT, 54 Overload , 54 PAT, 54 Reverse NAPT, 55 Reverse Static, 55 Static, 52 Virtual Se rver, 55 Navigating, 22 Netmask . See Netw ork mask Network. See LAN Netwo rk cla sses, 113 Network ID , 113 Network interface card, 1 Network mask, 123 Network mask, 114 NIC, 123 Node on netw ork defined, 25 Notational conventions , 1 nslookup, 119 Packet, 123 filtering, 51 Pages DHCP Address Tabl e, 28 DHCP Server Conf iguratio n, 28 Firmware Upgr ade Upgrade , 102 , 42, 43, 44 LAN IP Addre ss Config urati on, 26 LAN Statistics, 31
RX3041H Userâs Manual Appendix F. Index 129 Management Stati on Configuration, 95 Routing Confi guration, 42, 43, 44 Setup Wizard, 15, 23 User Password Config uration, 94 WAN Statist ics, 39 Parts checking for, 3 Password changing, 93 default, 14, 22 recovering , 118 PC configurati on, 10 PC Configurat ion static IP addresses, 13 Performance statistics, 31, 38 Ping, 118, 123 Port, 123 Power adapt er, 9 PPP, 123 PPPoE, 124 Primary DNS , 34, 36 , 37 Protocol, 124 Quick Configur ation logging in, 14 Rear Panel, 3 Remote, 124 RFC-2136 DDNS, 47 RIP, 124 RJ-45, 124 Routing, 124 Routing Confi guration page, 42, 43, 44 Secondary DN S , 34, 36, 37 Setup Wizard, 23 Setup Wizard page, 15, 23 Static IP addresses, 13 Static routes adding, 43 Statically assigned IP addresses , 26 Subnet, 124 Subnet mask. See Network mask Subnet masks, 114 System requirem ents for Configur ation Manager, 21 System requirem ents:, 1 TCP/IP, 124 Testing se tup, 20 Time and date, changing, 96 Troubleshoot ing, 117 TTL, 124 Twisted pair, 125 Typographic al conventio ns, 1 Upgrading firmware, 101 Upstream, 125 User Password Config uration page, 94 Username default, 14, 22 WAN, 125 WAN DHCP, 33 WAN IP address, 33 WAN Statis tics page, 39 Web browser, 125 requir ements, 1 version requirement s, 21 Web browsers compatible ve rsions, 21 Web page, 125 Web site, 125 Windows NT configuring IP information, 12 World Wide Web, 125