Asus RX3042H User Manual

RX3042H User's Manual Revision 0.8 May 12, 2005
2
i T able of Contents 1 Introduction ............................................................ 1 1.1 Features ....................................................................1 1.2 System Requirements ...............................................1 1.3 Using this Document ................................................. 2 1.3.1 Notational conventions ............................................... 2 1.3.2 T ypographical conventions ......................................... 2 1.3.3 Special messages ...................................................... 2 2 Getting to Know RX3042H .................................... 3 2.1 Parts List ...................................................................3 2.2 Hardware Features .................................................... 3 2.3 Software Features ..................................................... 3 2.3.1 NA T Features ............................................................. 3 2.3.2 Firewall Features ........................................................ 4 2.3.2.1 Stateful Packet Inspection .................................. 4 2.3.2.2 Packet Filtering â ACL (Access Control List) ...... 4 2.3.2.3 Defense against DoS Attacks ............................. 5 2.3.2.4 Application Level Gateway (ALG) ....................... 6 2.3.2.5 Log ...................................................................... 6 2.4 Finding Y our W ay Around .......................................... 7 2.4.1 Front Panel ................................................................. 7 2.4.2 Rear Panel ................................................................. 8 2.4.3 Bottom View ............................................................... 9 2.5 Placement Options .................................................... 9 2.5.1 Desktop Placement .................................................... 9 2.5.2 W all Mount Instructions: ............................................. 9 3 Quick Start Guide ................................................ 1 1
ii 3.1 Part 1 â Connecting the Hardware ........................ 1 1 3.1.1 Step 1. Connect an ADSL or a cable modem ............1 1 3.1.2 Step 2. Connect computers or a Network ................ 12 3.1.3 Step 3. Attach the AC adapter .................................. 12 3.1.4 Step 4. Power on RX3042H, the ADSL or cable modem and power up your computers .................... 12 3.2 Part 2 â Conï¬guring Y our Computers .................... 13 3.2.1 Before you begin ...................................................... 13 3.2.2 WindowsÂ® XP PCs: .................................................. 13 3.2.3 WindowsÂ® 2000 PCs: ............................................. 14 3.2.4 WindowsÂ® 95, 98, and ME PCs ............................... 15 3.2.5 WindowsÂ® NT 4.0 workstations: .............................. 16 3.2.6 Assigning static IP addresses to your PCs ............... 17 3.3 Part 3 â Quick Conï¬guration of the RX3042H ....... 19 3.3.1 Setting Up the RX3042H .......................................... 19 3.3.2 T esting Y our Setup ................................................... 21 3.3.3 Default Router Settings ............................................ 21 4 Using the Conï¬guration Manager ...................... 23 4.1 Log into the Conï¬guration Manager ........................ 23 4.2 Functional Layout .................................................... 24 4.2.1 Menu Navigation ...................................................... 25 4.2.2 Commonly Used Buttons and Icons ......................... 25 4.3 Overview of System Conï¬guration .......................... 26 5 Router Setup ........................................................ 27 5.1 LAN Conï¬guration ................................................... 27 5.1.1 LAN IP Address ........................................................ 27 5.1.2 LAN Conï¬guration Parameters ................................ 27 5.1.3 Conï¬guring the LAN IP Address ............................... 28 5.2 W AN/DMZ Conï¬guration ......................................... 29
iii 5.2.1 W AN Connection Mode ............................................ 29 5.2.2 PPPoE ...................................................................... 30 5.2.2.1 W AN PPPoE Conï¬guration Parameters ........... 31 5.2.2.2 Conï¬guring PPPoE for W AN ............................ 32 5.2.3 PPPoE Unnumbered ................................................ 33 5.2.3.1 W AN PPPoE Unnumbered Conï¬guration Parameters ....................................................... 34 5.2.3.2 Conï¬guring PPPoE Unnumbered for W AN ...... 35 5.2.4 Dynamic IP ............................................................... 36 5.2.4.1 Conï¬guring Dynamic IP for W AN ...................... 36 5.2.5 Static IP .................................................................... 37 5.2.5.1 W A N or DM Z St at ic I P Co nï¬ gu ra tio n Pa ra me te rs 37 5.2.5.2 Conï¬guring Static IP for W AN or DMZ .............. 38 5.2.6 PPTP ........................................................................ 39 5.2.6.1 W AN PPTP Conï¬guration Parameters ............. 39 5.2.6.2 Conï¬guring PPTP for W AN ............................... 41 5.3 W AN Load Balancing and Line Back Up .................. 41 5.3.1 W AN L oa d B al an ci ng an d Li ne Ba ck U p C on ï¬g ur ati on Parameters .............................................................. 42 5.3.2 Setting Up W AN Load Balancing ............................ 43 5.3.3 Setting Up W AN Line Back Up ................................. 44 6 DHCP Server Conï¬guration ................................ 45 6.1 DHCP (Dynamic Host Control Protocol) .................. 45 6.1.1 What is DHCP? ........................................................ 45 6.1.2 Why use DHCP? ...................................................... 45 6.1.3 Conï¬guring DHCP Server ........................................ 46 6.1.4 Viewing Current DHCP Address Assignments ......... 48 6.1.5 Fixed DHCP Lease ................................................... 48 6.1.5.1 Access Fixed DHCP Conï¬guration Page â (Advanced ->DHCP Server ) ............................. 48
iv 6.1.5.2 Add a Fixed DHCP Lease ................................. 49 6.1.5.3 Delete a Fixed DHCP Lease ............................. 49 6.1.5.4 Viewing Fixed DHCP Lease T able .................... 49 6.2 DNS ......................................................................... 50 6.2.1 About DNS .............................................................. 50 6.2.2 Assigning DNS Addresses ....................................... 50 6.2.3 Conï¬guring DNS Relay ............................................ 51 7 Routing ................................................................. 53 7.1 Overview of IP Routes ............................................. 53 7.1.1 Do I need to deï¬ne static routes? ............................ 53 7.2 Dynamic Routing using RIP (Routing Information Protocol) ..................................................................54 7.2.1 RIP Conï¬guration Parameters ................................. 54 7.2.2 Conï¬guring RIP ........................................................ 55 7.3 Static Route ............................................................. 56 7.3.1 Static Route Conï¬guration Parameters .................... 56 7.3.2 Adding Static Routes ................................................ 57 7.3.3 Deleting Static Routes .............................................. 58 7.3.4 Viewing the Static Routing T able .............................. 58 8 Conï¬guring DDNS ............................................... 59 8.1 DDNS Conï¬guration Parameters ............................ 60 8.2 Conï¬guring HTTP DDNS Client .............................. 60 9 Conï¬guring Firewall and NA T ............................ 63 9.1 Firewall Overview ....................................................63 9.1.1 Stateful Packet Inspection ........................................ 63 9.1.2 DoS (Denial of Service) Protection .......................... 64 9.1.3 Firewall and Access Control List (ACL) .................... 64 9.1.3.1 Priority Order of ACL Rule ................................ 64 9.1.3.2 T racking Connection State ................................ 64
v 9.1.4 Default ACL Rules .................................................... 64 9.2 NA T Overview ..........................................................65 9.2 .1 N AP T ( Ne tw or k A dd re ss a n d P o rt T r an s l a t i o n ) or P A T (Po rt Ad dre ss T rans la tio n) .. ... ... .. ... ... .. ... ... .. ... ... .. ... ... . 65 9.2.2 Reverse NAPT / V irtual Server ................................. 67 9.3 Firewall Settings â (Firewall/NA T ->Settings) .......... 67 9.3.1 Firewall Options ....................................................... 67 9.3.2 DoS Conï¬guration .................................................... 67 9.3.2.1 DoS Protection Conï¬guration Parameters ........ 68 9.3.2.2 Conï¬guring DoS Settings ................................. 70 9.4 ACL Rule Conï¬guration Parameters ....................... 70 9.4.1 ACL Rule Conï¬guration Parameters ........................ 70 9.5 Conï¬guring ACL Rules â (Firewall ->ACL) .............. 74 9.5.1 Add an ACL Rule ...................................................... 75 9.5.2 Modify an ACL Rule .................................................. 76 9.5.3 Delete an ACL Rule .................................................. 77 9.5.4 Display ACL Rules .................................................... 77 9.6 Conï¬guring Self-Access ACL Rules â(Firewall/NA T ->Self-Access ACL) ................................................. 77 9.6.1 Add a Self-Access Rule ............................................ 78 9.6.2 Modify a Self-Access Rule ....................................... 79 9.6.3 Delete a Self-Access Rule ....................................... 79 9.6.4 View Conï¬gured Self-Access Rules ......................... 80 9.7 Conï¬gure Virtual Server ..........................................80 9.7.1 Virtual Server Conï¬guration Parameters .................. 80 9.7.2 Virtual Server Example 1 â W eb Server ................... 83 9.7.3 Virtual Server Example 2 â FTP Server ................... 85 9.8 Conï¬gure Special Application .................................. 85 9.8.1 Special Application Conï¬guration Parameters ......... 86
vi 9.8.2 Special Application Example .................................... 87 10 System Management ......................................... 89 10.1 Conï¬gure System Services ...................................89 10.2 Login Password and System Settings ................... 90 10.2.1 Changing Password ............................................... 90 10.2.2 Conï¬gure System Settings ..................................... 91 10.3 Viewing System Information .................................. 91 10.4 Setup Date and T ime ............................................. 92 10.4.1 View the System Date and Time ............................ 93 10.5 SNMP Setup .......................................................... 94 10.5.1 SNMP Conï¬guration Parameters ........................... 94 10.5.2 Conï¬guring SNMP .................................................. 94 10.6 Log Setup ............................................................... 95 10.6.1 Se tt in g Up R em ote L og gi ng U si ng a Sy sl og S er ver .. 95 10.6.2 View the System Log .............................................. 96 10.7 System Conï¬guration Management ...................... 95 10.7.1 Restore System Conï¬guration to Factory Default Settings .................................................................. 96 10.7.2 Backup System Conï¬guration ................................ 98 10.7.3 Restore System Conï¬guration ............................... 99 10.8 Firmware Upgrade ............................................... 101 10.9 Restart System .................................................... 103 10.10 Logout Conï¬guration Manager ........................... 104 1 1 IP Addresses, Network Masks, and Subnets 105 1 1.1 IP Addresses ........................................................ 105 1 1.1.1 Structure of an IP address .................................... 105 1 1.2 Network classes ..................................................106 1 1.3 Subnet masks ...................................................... 107
vii 12 T roubleshooting .............................................. 109 12.1 Diagnosing Problem using IP Utilities ................. 1 1 1 12.1.1 ping ....................................................................... 1 1 1 12.1.2 nslookup ................................................................1 12 13 Index ................................................................. 1 15 List of Figures Figure 2.1 Front Panel LEDs .......................................................... 7 Figure 2.2 Rear Panel Connectors ................................................. 8 Figure 3.1 Overview of Hardware Connections ............................ 12 Figure 3.2 Login Screen ............................................................... 19 Figure 3.3 System Status Page .................................................... 20 Figure 4.1 Conï¬guration Manager Login Screen ......................... 24 Figure 4.2 T ypical Conï¬guration Manager Page .......................... 25 Figure 4.3 System Status Page .................................................... 26 Figure 5.1 Network Setup Conï¬guration â LAN Conï¬guration ..... 28 Figure 5.2 Network Setup Conï¬guration Page â W AN Conï¬gura- tion .............................................................................. 30 Figure 5.3 W AN â PPPoE Conï¬guration ...................................... 30 Figure 5.4 W AN â PPPoE Unnumbered Conï¬guration ................ 33 Figure 5.5 W AN â Dynamic IP (DHCP client) Conï¬guration ........ 36 Figure 5.6 W AN â Static IP Conï¬guration .................................... 37 Figure 5.7 W AN â PPTP Conï¬guration ........................................ 40 Figure 5.8 Load Balancing Conï¬guration ..................................... 43 Figure 6.1 DHCP Server Conï¬guration Page ............................... 46 Figure 6.2 DHCP Lease T able ...................................................... 48 Figure 6.3 Fixed DHCP Lease Conï¬guration Page ...................... 49
viii Figure 7.1 RIP Conï¬guration Page .............................................. 54 Figure 7.2 Static Route Conï¬guration Page ................................ 56 Figure 7.3 Static Route Conï¬guration ......................................... 57 Figure 7.4 Sample Routing T able ................................................ 58 Figure 8.1 Network Diagram for HTTP DDNS .............................. 59 Figure 8.2 HTTP DDNS Conï¬guration Page ................................ 60 Figure 9.1 NAPT â Map Any Internal PCs to a Single Global IP Address ....................................................................... 66 Figure 9.2 Reverse NAPT â Relayed Incoming Packets to the Internal Host Base on the Protocol, Port Number or IP Address ................................................................... 66 Figure 9.3 Firewall General Conï¬guration Page .......................... 70 Figure 9.4 ACL Conï¬guration Page .............................................. 75 Figure 9.5 ACL Conï¬guration Example ........................................ 76 Figure 9.6 Sample ACL List T able ................................................ 76 Figure 9.7 Self-Access ACL Conï¬guration Page .......................... 78 Figure 9.8 Self-Access ACL Conï¬guration Example .................... 79 Figure 9.9 Virtual Server Conï¬guration Page ............................... 80 Figure 9.10 Virtual Server Deployment T opology ......................... 83 Figure 9.1 1 Virtual Server Example 1 â Web Server .................... 84 Figure 9.12 Adding a New Service ............................................... 84 Figure 9.13 Virtual Server Example 2 â FTP Server .................... 85 Figure 9.14 Special Application Conï¬guration Page .................... 87 Figure 10.1 System Services Conï¬guration Page ........................ 89 Figure 10.2 System Administration Conï¬guration Page ............... 90 Figure 10.3 System Information Page .......................................... 92 Figure 10.4 T ime Zone Conï¬guration Page ................................. 93 Figure 10.5 SNMP Conï¬guration Page ........................................ 95 Figure 10.6 Syslog Server Conï¬guration ..................................... 95 Figure 10.7 Sample Log ............................................................... 96
ix RX3042H User's Manual Introduction Figure 10.8 Factory Reset Page .................................................. 97 Figure 10.9 Factory Reset Conï¬rmation ...................................... 97 Figure 10.10 Factory Reset Count Down T imer ........................... 97 Figure 10.1 1 Backup System Conï¬guration Page ........................ 98 Figure 10.12 Restore System Conï¬guration Page ....................... 99 Figur e 10. 13 S el e c t i n g S ys te m C o n ï¬ g ur at io n f r o m th e Fi le M a n a ge r .... ...... ..... ..... ...... ..... ..... ...... ..... ..... ...... ..... ..... ...... ..... .. 100 Figure 10.14 System Conï¬guration Restoration Conï¬rmation ... 100 Figure 10.15 System Reboot Counter T imer .............................. 101 Figure 10.16 Firmware Upgrade Page ....................................... 101 Figure 10.17 Selecting Firmware from the File Manager ........... 102 Figure 10.18 Firmware Upgrade Conï¬rmation ........................... 102 Figure 10.19 Firmware Upgrade Progress ................................. 102 Figure 10.20 System Reboot Count Down T imer for Firmware Upgrade ................................................................. 103 Figure 10.21 Restart System Page ............................................ 104 Figure 10.22 Conï¬guration Manager Logout Page .................... 104 Figure 10.23 Conï¬rmation for Closing Browser (IE) ................... 104 Figure 12.1 Using the ping Utility ................................................ 1 1 1 Figure 12.2 Using the nslookup Utility .........................................1 13 List of T ables T able 2.1 DoS Attacks .................................................................... 5 T able 2.2 Front Panel Label and LEDs ........................................... 7 T able 2.3 Rear Panel Labels and LEDs ......................................... 8 T able 3.1 LED Indicators .............................................................. 13 T able 3.2 Default Settings Summary ............................................ 21 T able 4.1 Description of Commonly Used Buttons and Icons ...... 25
x Introduction RX3042H User's Manual T able 5.1 LAN Conï¬guration Parameters ..................................... 28 T able 5.2 W AN PPPoE Conï¬guration Parameters ....................... 31 T able 5.3 W AN PPPoE Unnumbered Conï¬guration Parameters . 34 T able 5.4 W AN Static IP Conï¬guration Parameters ..................... 37 T able 5.5 W AN PPTP Conï¬guration Parameters ......................... 39 T able 5.6 W AN Load Balancing and Line Back Up Conï¬guration Parameters ................................................................... 42 T able 6.1 DHCP Conï¬guration Parameters .................................. 47 T able 6.2 Fixed DHCP Lease Conï¬guration Parameters ............. 49 T able 7.1 Static Route Conï¬guration Parameters ........................ 54 T able 7.2 Static Route Conï¬guration Parameters ........................ 56 T able 8.1 DDNS Conï¬guration Parameters .................................. 60 T able 9.1 Firewall Options Parameters ........................................ 67 T able 9.2 DoS Attack Deï¬nition .................................................... 68 T able 9.3 ACL Rule Conï¬guration Parameters ............................. 71 T able 9.4 Service Conï¬guration Parameters ................................ 73 T able 9.5 Virtual Server Conï¬guration Parameters ...................... 81 T able 9.6 Port Numbers for Popular Applications ......................... 82 T able 9.7 Special Application Conï¬guration Parameters .............. 86 T able 9.8 Port Numbers for Popular Applications ......................... 86 T able 10.1 SNMP Conï¬guration Parameters ................................ 94 T able 1 1.1 IP Address Structure ................................................. 106
1 RX3042H User's Manual Introduction Chapter 1 Introduction Co n g r a tu l a t i o ns o n b ec o m i n g th e o w ne r o f RX 3 0 4 2 H . Y o u r LA N (loca l area networ k) will now be able to access the Intern et using your high-speed broadband connection such as those with ADSL or cable modem. T h i s U s e r ' s M a n u a l w i l l s h o w y o u h o w t o s e t u p t h e R X 3 0 4 2 H , and how to customi ze its con ï¬gur ati on to get the most out of this product. 1.1 Features â¢ LAN: 4-port Fast Ethernet switch â¢ W AN: Dual 10/100Base-T Ethernet ports to provide Internet acc ess for all computers on your LAN â¢ Firewall, and NA T (Network Address T ranslation) functions to provide secure Internet access for you r LAN â¢ Autom atic netwo rk add ress assig nment throu gh DH CP Serv er Services including IP route, DNS and DDNS conï¬guration â¢ Conï¬guration program accessible via a web browser , such as Microsoft Internet Explorer 6.0 or newer . â¢ User conï¬guration dual-W AN or WAN plus DMZ support â¢ USB storage support (to be supported with firmware upgrade) 1.2 System Requirements In order to use the RX3042H for Internet access, you must have t he following: â¢ ADSL or cable modem and the corresponding service up and running, with at least one public Internet address assigned to your W AN â¢ One o r m ore c omp ute rs ea ch co nta ini ng an Et he rne t 1 0B ase -T or 100Base-T or 1000Base-T network interface card (NIC) â¢ (Optional) An Ethernet hub/switch, if you want to connect the router to more than four computers on an Ethernet network.
2 Introduction RX3042H User's Manual â¢ For system conï¬guration using the web-based GUI: a web browser such as Internet Explorer 6.0 or newer . 1.3 Using this Document 1.3.1 Notational conventions â¢ Acronyms are deï¬ned the ï¬rst time they appear in the text. â¢ For brevity , RX3042H is sometimes referred to as the ârouterâ or the âgatewayâ. â¢ T he te rms LA N and netw ork ar e use d int erchan geabl y to refer to a group of Ethernet-connected computers at one site. â¢ Sequence of mouse actions is denoted by the â->â character . For instance, System -> Network Setup means click the System menu and then click the Network Setup submenu. 1.3.2 T ypographical conventions â¢ Boldface type text is used for items you select from menus and drop-down lists, and text strings you type when prompted by the program. 1.3.3 Special messages Th i s d o c u m e n t u s e s t h e f o l l ow i n g i c o n s t o c a l l y o u r a t t e nt i o n t o speciï¬c instructions or explanations. Note: Provides clariï¬cation or non-essential information on the current topic. Deï¬ ni ti on: Exp la in s ter ms or ac ro ny ms that may be u n f a m i l i a r t o m a n y r e a d e r s . T h e s e t e r m s a r e a l s o included in the Glossary . W arning: Provides messages of high importance, including messages relating to personal safety or system integrity .
RX3042H User's Manual Getting to Know RX3042H 3 Chapter 2 Getting to Know RX3042H 2.1 Parts List I n ad di ti on t o t hi s do cu m e n t , RX 30 42 H s h o ul d co me w i t h t he f ol l o w i n g: â¢ The system unit â¢ AC adapter â¢ Ethernet cable (âstraight-throughâ type) 2.2 Hardware Features LAN â¢ 4-port Fast Ethernet switch â¢ Auto speed negotiation W AN â¢ Dual 10/100M Ethernet ports â¢ Auto MDI/MDIX 2.3 Software Features 2.3.1 NA T Features R X 3 0 4 2 H p r o v i d e s N A T t o s h a r e a s i n g l e h i g h - s p e e d I n t e r n e t con ne ct io n an d to sav e th e co st of mu lt ip le con ne ct ion s re qu ir ed fo r th e ho st s on th e LA N se g me n t s c on n e ct e d t o it . Th i s f ea t u re c o n c e a l s n e t w o r k a d d r e s s a n d p r e v e n t s t h e m f r o m b e c o m i n g public . It maps unregistered IP address of hosts connecte d to the LA N wi t h va l id one s for In te r ne t ac c es s. RX 30 42 H als o p ro vi d es r e v e r s e N AT c a p a b i l i t y , w h i c h e n a b l e s u s e r s t o h o s t v a r i o u s servi ces such as e-mail serv ers, web servers , etc. The NA T rules dr i ve th e tr an s la t io n me ch a ni s m. The fo l lo w in g ty pe s of NA T ar e supported by RX3042H. â¢ NA PT (Net wo rk Ad dre ss and Po rt Trans la tio n) â A ls o cal le d IP Masqueradi ng or ENA T (Enhanced NA T). Maps many internal hosts to only one globally valid IP address. T he mapping usually
Getting to Know RX3042H RX3042H User's Manual 4 c o n t a i n s a p o o l o f n e t w o r k p o r t s t o b e u s e d f o r t r a n s l a t i o n . Ev e r y pa c k et i s tr a n s la t e d wi t h th e g lo b a l ly v a l id I P ad d r e s s; the port number is transla ted with a free pool from the pool of network ports. â¢ Reverse NAPT â Also called inbound mapping, port mapping,or virtu al serve r . An y packet coming to the router can be relayed to an inte rn al host bas ed on the pr ot oc ol, por t num be r and /o r IP Ad d re s s sp e ci f i ed i n t h e ru l e. Thi s i s u s ef u l wh e n mu l ti p l e services are hosted on different internal hosts. 2.3.2 Firewall Features Th e f i r e w a l l a s i m p le m e n t e d i n R X 3 0 4 2 H pr o v i d e s t h e f o l l o w i ng features to protect your network from being attacked and to prevent your network from being used as the springboard for attacks. â¢ Stateful Packet Inspection â¢ Packet Filtering (ACL) â¢ Defense against Denial of Service Attacks â¢ Log 2.3.2.1 Stateful Packet Inspection T h e R X 3 0 4 2 H F i r e w a l l u s e s â s t a t e f u l p a c k e t i n s p e c t i o n â t h a t extracts state-related information required for the security decision f r o m t h e p a c k e t a n d m a i n t a i n s t h i s i n f o r m a t i o n f o r e v a l u a t i n g sub se qu en t co nn ec tio n at te mp ts . It ha s aw ar en es s of a ppl ic at io n and cre ates dy nami c s essi ons tha t a llow dy nami c c onne cti ons so that no ports need to be opened other than the required ones. This provides a solution which is highly secure and that offers scalability and extensibility . 2.3.2.2 Packet Filtering â ACL (Access Control List) AC L r ul e is on e of t h e ba si c bu il d in g bl oc ks f or ne tw or k se cu r it y . F i r e w a l l m o n i t o r s e a c h i n d i v i d u a l p a c k e t , d e c o d e s t h e h e a d e r information of inbound and outbound trafï¬c and then either blocks the packet from passing or allows it to pass based on the contents of the source address, destination address, source port, destination port, and protocol deï¬ned in the ACL rules.
RX3042H User's Manual Getting to Know RX3042H 5 AC L i s a v e ry ap pr o pr i at e m ea s ur e f or pr ov i di ng is o la ti o n o f o ne subnet fro m ano ther . It c an be use d as the ï¬rst line of d efense in the ne tw or k to b lo ck i nb ou nd p ac ke ts o f sp ec if ic typ e s fr om e ve r reaching the protected network. The RX3042H FirewallÊ¼s ACL methodology supports: â¢ Filtering based on destination and source IP address, port number and protocol â¢ Use of the wild card for composing ï¬lter rules â¢ Filter Rule priorities 2.3.2.3 Defense against DoS Attacks The RX3042H Firewall has an Attack Defense Engine that protects internal networks from known types of Internet attacks. It provides a u t o m a t i c p r o t e c t i o n f r o m D e n i a l o f S e r v i c e ( D o S ) a t t a c k s s u c h a s S Y N f l o o d i n g , I P s m u r f i n g , L A N D , P i n g o f D e a t h a n d a l l r e - as s e m b l y a t t a c k s . Fo r e x a m p l e , t h e R X 3 04 2 H F i r e w a l l p r o v i d e s p r o t e c t i o n f r o m â W i n N u k e â , a w i d e l y u s e d p r o g r a m t o r e m o t e l y crash unprotected Windows systems in the Internet. The RX3042H Firewall also provides protection from a variety of common Internet a t t a c k s s u c h a s I P S p o o f i n g , P i n g o f D e a t h , L a n d A t t a c k , a n d Reassembly attacks. The type of attack protections provided by the RX3042H is listed in T able 2.1. T able 2.1. DoS Attacks T ype of Attack Name of Attacks Re-assembly Attacks Bo nk , Bo in k , T ear d ro p ( N ew T e ar ), Overdrop, Opntear , Syndrop, Jolt, IP fragmentation overlap. ICMP Attacks Ping of Death, Smurf, T winge Flooders Logging only for ICMP Flooder , UDP Flooder , SYN Flooder Port Scans L o g g i n g o n l y f o r T C P S Y N S c a n , A t t a c k i n g p a c k e t s d r o p p e d : T C P X M A S S c a n , T C P N u l l S c a n , T C P Stealth Scan Protection with PF Rules Echo-Chargen, Ascend Kill Miscellaneous Attacks IP Spooï¬ng, LAND, T arga, Winnuke
Getting to Know RX3042H RX3042H User's Manual 6 2.3.2.4 Application Level Gateway (ALG) A p p l i c a t i o n s s u c h a s F T P o p e n c o n n e c t i o n s d y n a m i c a l l y b a s e d on the respective application parameter . T o go through the ï¬rewall on t he R X3 0 4 2H , pa c k e ts p er t a in i n g t o a n a pp l i ca t i on , re q u ir e a corresponding allow rule. In the absence of such rules, the packets wi ll be dr op p ed by t h e R X3 04 2 H Fi r ew al l . As i t i s n ot f e as i bl e t o create policies for numerous applications dynamically (at the same t i m e w i t h o u t c o m p r o m i s i n g s e c u r i t y ) , i n t e l l i g e n c e i n t h e f o r m o f A p p l i c a t i o n L e v e l G a t e w a y s ( A L G ) , i s b u i l t t o p a r s e p a c k e t s f o r ap pl ic at i on s a nd o p en d yn a mi c a ss oc ia t io ns . T he RX 30 42 H N A T provid es a numbe r of A LGs fo r pop ular appli catio ns su ch as FTP , and Netmeeting. 2.3.2.5 Log Events in the network, that could be attempts to affect its security , are recorded in the RX3042H system log ï¬le. The lo g maintains a minimum l og deta ils such as, tim e of pac ket arri val, des cription of action taken by Firewall and reason for action.
RX3042H User's Manual Getting to Know RX3042H 7 T able 2.2 Front Panel Label and LEDs LED Label Color Status I n d ic at io n 1 Power Green ON RX3042H is powered on. OFF RX3042H is powered off. 2 Status Green 3 USB Identiï¬es the USB port. 1-2 Green OFF USB device is not detected. ON USB device is detected. 4 W AN Identiï¬es the W AN port. 1-2 OFF No link is detected. Green ON 100Mbps link is detected. Blinking 100Mbps activity is detec ted. Amber ON 10Mbps link is detected. Blinking 10Mbps activity is detected. 5 LAN Identiï¬es the LAN port. 1-4 OFF No link is detected. Green ON 100Mbps link is detected. Blinking 100Mbps activity is detec ted. Amber ON 10Mbps link is detected. Blinking 10Mbps activity is detected. 2.4 Finding Y our W ay Around 2.4.1 Front Panel T h e f ro nt p a n e l co nt ai ns L E D in di ca to r s t h at s ho w t h e s ta tu s of t h e un it . Figure 2.1 Front Panel Label and LEDs 1 2 3 4 5
Getting to Know RX3042H RX3042H User's Manual 8 T able 2.3 Rear Panel Labels and LEDs Label Indication 6 1--4 LAN Ports: connect to your PC's Ethernet port, or to the uplink port on your LAN's hub/switch, using the Ethernet cable. 7 Dual W AN or W AN DMZ W AN ports:Connect to your WAN device, such as ADSL or cable modem. 8 USB USB Ports: connect to USB 1.1 OR 2.0 devices 9 Console 10 RESET Reset Button: 1. Reboot the device 2. Reset the system conï¬guration to factory defaults if pressed for more than 5 seconds. 1 1 POWER Power Input Jack: Connect to the supplied AC adapter . 2.4.2 Rear Panel T h e r e a r p a n e l c o n t a i n s t h e p o r t s f o r t h e u n i t Ê¼s d a t a a n d p o w e r connections. Figure 2.2 Rear Panel Labels and Connectors 6 7 8 9 10 1 1
RX3042H User's Manual Getting to Know RX3042H 9 2.4.3 Bottom V iew 12.Wall Moun t Sl ots: Y ou may use these slo ts to han g RX 3042 H o n t h e w a l l t o s a v e s p a c e . D e p e n d i n g o n y o u r p a r t i c u l a r re q u i r em e n t b y t a k i n g i n t o a cc o u n t th e l o c a ti o n o f t h e p o we r out le t, po we r co rd le ng th, E th er net c ab le le ng th a nd et c. , you ca n ha ng R X3 04 2H i n 4 d iffe re nt o ri en ta ti o ns : fr on t pa ne l up , rear panel up, left side up or right side up. 2.5 Placement Options Depending on your environment, you may choose one of the three sup po rt ed p la ce me nt o pt io ns f or R X30 42 H â de sk to p pl ac em en t, magnet mount and wall mount. 2.5.1 Desktop Placement Y o u m a y p la c e R X 3 0 4 2 H o n a n y f l at s u r f a c e . Th e s p a c e - sa v i n g design of RX3042H occupies only a small area on your desk. 2.5.2 W all Mount Instructions: 1. Attach two screws on the wall, separated by 150mm, and make sure that the two screws are leveled. 12 12 150mm
Getting to Know RX3042H RX3042H User's Manual 10 2 . L i n e u p t h e w a l l m o u n t s l o t s w i t h t h e s c r e w s a n d m a n e u v e r RX3042H so that both scre ws are inserted into the wall mount slots as indicated in t he following ï¬gures. The wall mount design suppo rts 4 di fferent orie ntat ions : re ar s ide up, rear sid e do wn, rear side to the left and rear side to the right. Screw W all mount slot Line up the wall amount slot with both screws. M a n e u v e r t h e r o u t e r s o t h a t b o t h s c r e w s a r e i n s e r t e d i n t o t h e w a l l m o u n t s l o t s a n d t h e n s l o w l y p u s h t h e r o u t e r d o w n w a r d a s s h o w n i n t h e above ï¬gure. W all mount slot Screw
RX3042H User's Manual Quick Start Guide 1 1 3 Quick Start Guide Thi s Qu ick S ta rt Gu id e pro vi de s b as ic in st ru cti on s for c on ne cti ng the RX3042H to a computer or a network and to the Internet. â¢ Part 1 provides instructions to set up the hardware. â¢ Pa rt 2 d es c ri be s h o w t o c on f ig ur e I n te r ne t p ro p er t ie s o n y ou r computer(s). â¢ P a r t 3 s h o w s y o u h o w t o c o n f i g u r e b a s i c s e t t i n g s o n t h e RX3042H to get your LAN connected to the Internet. A f t e r s e t t i n g u p a n d c o n f i g u r i n g t h e d e v i c e , y o u c a n f o l l o w t h e instructions on page 15 to verify that it is working properly . This Quick Start Guide assumes that you have already established ADSL or cab le mod em s ervi ce with yo ur I nter net ser vice pr ovid er (ISP). These i nstructions provide a basic conï¬gu ration that shoul d be compatible with your home or small ofï¬ce network setup. Refer to the subsequent chapters for additional conï¬guration instructions. 3.1 Part 1 â Connecting the Hardware In Pa rt 1 , yo u co nn ec t t he d ev ic e to a n A DS L o r a ca bl e mo de m (which in turn is connecte d to a phone ja ck or a cable o utlet), t he power outlet, and your computer or network. W arning: Before you begin, turn the power off for all dev ice s. T hes e inc lu de yo ur co mpu te r(s ), yo ur LA N hub/ switch (if applicable), and the RX3042H. Figur e 3 .1 i llust rate s th e h ardwa re conne ctio ns. Plea se f ollo w th e steps that follow for speciï¬c instructions. 3.1.1 Step 1. Connect an ADSL or a cable modem Fo r th e RX 30 42 H : Co nn ec t on e e nd o f t he E th er ne t ca b le t o th e p o r t l a b e l e d WAN o n t h e r e a r p a n e l o f t h e d e v i c e . C o n n e c t t h e other end to the Ethernet port on the ADSL or cable modem.
Quick Start Guide RX3042H User's Manual 12 3.1.2 Step 2. Connect computers or a Network. I f y o u r L A N h a s n o m o r e t h a n 4 c o m p u t e r s , y o u c a n u s e a n Ethernet cable to connect computers directly to the built-in switch on the device. Note that you should attach one end of the Ethernet cable to any of the port labeled 1 â 4 on the rear panel of the router and connect the other end to the Ethernet port of a computer . If you r L AN has mo re tha n 4 co mpu ter s, yo u c an att ach on e e nd of an Ethernet cable to a hub or a switch (probably an uplink port; plea se ref er to the hub or sw itc h d ocum ent ati ons for in str ucti ons ) an d t h e o t h e r t o t h e E t h e rn e t s w i t c h po r t ( l a b e l ed 1 â 4 ) o n t h e RX3042H. No t e t ha t e i th e r t he cr o ss o ve r o r s t ra i gh t -t h ro u gh Et h er n et ca b le can be used to connect the built-in switch and computers, hubs or switches as the built-in switch is smar t enough to make connections with either type of cables. 3.1.3 Step 3. Attach the AC adapter . Attach the AC adapter to the POWER input jack on the back of the device and plug in the adapter to a wall outlet or a power strip. 3.1.4 S t ep 4 . P o we r o n R X 30 42 H , t he A DS L o r c a bl e m o de m a n d p ow er u p yo ur c o m pu te r s Plug the AC adapter to the power input jack of RX3042H. T urn on your ADSL or cable modem. Turn on and boot up your computer(s) and/or any LAN devices such as wireless AP , hubs or switches. Figure 3.1 Overview of Hardware Connections
RX3042H User's Manual Quick Start Guide 13 Y o u s ho ul d ve ri fy t ha t th e LE Ds a r e i l l u m i na te d as i nd ic at ed i n T a b l e 3 .1 . T able 3.1 LED Indicators This LED: ...should be: POWER S o l i d g r e e n t o i n d i c a t e t h a t t h e d e v i c e i s t u r n e d on. If this light is not on, check if the AC adapter is attached to the RX3042H and if it is plugged into a power source. LAN LEDs S o l i d g r e e n t o i n d i c a t e t h a t t h e d e v i c e c a n co mm un ic a te w i th y o ur L AN or f l as hi ng wh en th e d e v i c e i s s e n d i n g o r r e c e i v i n g d a t a t o / f r o m y o u r LAN computer(s). W AN S o l i d g r e e n t o i n d i c a t e t h a t t h e d e v i c e h a s successfully established a connection with your ISP or ï¬ashing when the device is sending or receiving data to/from the Internet. I f th e LE Ds i l l u mi na te a s e x p ec te d, t h e R X 30 42 H is w o r k in g pr op e r l y . 3.2 Part 2 â Conï¬guring Y our Computers P a r t 2 of t h e Q u ic k St ar t G u i de p ro vi d e s i ns tr uc ti o n s f or c on ï¬g u r i n g t he n e t wo rk s et t i n g s o n yo ur c o m p ut er s to w o r k w it h th e R X 3 04 2H . 3.2.1 Before you begin By default, the RX3042H automatically assigns all required network settings (e.g. IP address, DNS server IP address, default gateway IP add ress ) t o y our PCs . Y ou nee d o nly to con ï¬gu re your PC s t o accept the network settings provided by the RX3042H. N o t e : I n s o m e c a s e s , y o u m a y w a n t t o c o n f i g u r e n e t w o r k s e t t i n g s m a n u a l l y t o s o m e o r a l l o f y o u r compute rs ra ther than allow the R X3042H to do so . Se e â As si gn i ng st at ic IP ad dr e ss es to yo ur PC sâ in page 13 for instructions. â¢ If yo u have conn ected your PC via Eth ernet to t he RX3042H, f o l l o w t h e i n s t r u c t i o n s t h a t c o r r e s p o n d t o t h e o p e r a t i n g system installed on your PC. 3.2.2 WindowsÂ® XP PCs:
Quick Start Guide RX3042H User's Manual 14 1. In the Windows task bar , click the < Start > button, and then click Control Panel. 2. Double-click the Network Connections icon. 3. In t he L AN o r Hi gh -S pe ed I nt ern et w in do w , r ig ht -c li ck on i co n corre spon ding to you r ne twor k in terf ace card (N IC) and sele ct Properties . (Often this icon is labeled Local Area Connection). The L oca l A re a Con ne ct ion d ia log b ox di sp la ys wi th a li st of currently installed network items. 4. Ensure that the check box to the left of the item labeled Internet Protocol TCP/IP is checked, and click < Properties > button. 5. I n t h e I nt e r n e t P r o to c o l ( T C P / IP ) P r o p e r ti e s d i a l o g b o x , c l i c k the radio button labeled Obtain an IP address automatically . Also click the radio button labeled Obtain DNS server address automatically . 6. Click < OK > button twice to conï¬rm your changes, and close the Control Panel. 3.2.3 WindowsÂ® 2000 PCs: First, check for the IP protocol and, if necessary , install it: 1 . I n t h e W i n d o w s t a s k b a r, c l i c k t h e < S t a r t > b u t t o n , p o i n t t o Settings, and then click Control Panel . 2. Double-click the Network and Dial-up Connections icon. 3. In the Network and Dial-up Connections window , right-click the Local Area Connection icon, and then select Properties . T h e L o c a l A r e a C o n n e c t i o n P r o p e r t i e s d i a l o g b o x d i s p l a y s a l i s t o f c u r r e n t l y i n s t a l l e d n e t w o r k c o m p o n e n t s . I f t h e l i s t i n c l u d e s I n t e r n e t P r o t o c o l ( T C P / I P ) , t h e n t h e p r o t o c o l h a s already been enabled. Skip to step 10. 4. I f I n t er n e t P r o t oc o l ( TC P / IP ) d o es n o t d i s pl a y a s a n in s t a ll e d component, click < Install > button. 5 . I n t h e S e l e c t N e t w o r k C o m p o n e n t Ty p e d i a l o g b o x , s e l e c t Protocol, and then click < Add > button. 6. Select Internet Protocol (TCP/IP) in the Network Protocols list,
RX3042H User's Manual Quick Start Guide 15 and then click < OK > button. Y ou may be prompted to install ï¬les from your Windows 2000 installation CD or other media. Follow the instructions to install the ï¬les. 7. If prompted, click < OK > button to restart your computer with the new settings. Next, co nï¬gur e th e P Cs t o ac cept IP addr esse s as sign ed b y the RX3042H: 8 . I n t h e C o n t r o l P a n e l , d o u b l e - c l i c k t h e N e t w o r k a n d D i a l - u p Connections icon. 9 . I n N e t w o r k a n d D i a l - u p C o n n e c t i o n s w i n d o w, r i g h t - c l i c k t h e Local Area Connection icon, and then select Properties . 1 0 . I n t h e L o c a l A r e a C o n n e c t i o n P r o p e r t i e s d i a l o g b o x , s e l e c t I n t e r n e t P r o t o c o l ( T C P / I P ) , a n d t h e n c l i c k < P r o p e r t i e s > button. 1 1.In the Internet Protocol (TCP/IP) Properties dialog box, click the radio button labele d Obtain an IP address auto matically . Also c l i c k t h e r a d i o b u t t o n l a b e l e d O b t a i n D N S s e r v e r a d d r e s s automatically . 12.Click < OK > button twice to conï¬rm and save your changes, and then close the Control Panel. 3.2.4 WindowsÂ® 95, 98, and ME PCs 1 . I n t h e W i n d o w s t a s k b a r, c l i c k t h e < S t a r t > b u t t o n , p o i n t t o Settings , and then click Control Panel . 2. Double-click the Network icon. In the Network dialog box, look for an entry started with â TCP/ IP -> â a nd th e n am e o f you r net wor k ada pt er , an d the n cli ck < Properties > button. Y ou may h ave to sc roll down the list to ï¬nd this entry . If the list includes such an entry , then the TCP/ IP protocol has already been enabled. Skip to step 8. 3. I f I n t er n e t P r o t oc o l ( TC P / IP ) d o es n o t d i s pl a y a s a n in s t a ll e d component, click < Add > button. 4 . I n t h e S e l e c t N e t w o r k C o m p o n e n t Ty p e d i a l o g b o x , s e l e c t
Quick Start Guide RX3042H User's Manual 16 Protocol, and then click < Add > button. 5. S el e c t M i cr o s o ft i n t h e M a n uf a c tu r e rs l is t b ox , an d th e n cl i c k TCP/IP in the Networ k Protocol s list, bo x and then click < OK > button. Y ou may be prompted to install ï¬les from your Windows 95, 98 or Me installation CD or other media. Follow the instructions to install the ï¬les. 6. If prompted, click <OK> button to restart your computer with the new settings. Next, conï¬gure the PCs to accept IP information assigned by the RX3042H: 7. In the Control Panel, double-click the Network icon. 8. In th e N e tw o rk di a lo g b o x, se l ec t a n e n tr y s t ar t ed wi t h â TC P/ IP - > â a n d t h e n am e o f y o u r ne t w o r k a d a pt e r, a n d t h e n cl i c k < Properties > button. 9 . I n t h e T C P / I P P r o p e r t i e s d i a l o g b o x , c l i c k t h e r a d i o b u t t o n labeled Obtain an IP address automatically . 1 0 . I n t h e T C P / I P P r o p e r t i e s d i a l o g b o x , c l i c k t h e â D e f a u l t G a t e w a y â t a b . E n t e r 1 9 2 . 1 6 8 . 1 . 1 ( t h e d e f a u l t L A N p o r t I P address of the RX3042H) in the â New gateway â address ï¬eld and click < Add > button to add the default gateway entry . 1 1. C l ic k < OK > b ut to n t w ic e t o c o nf ir m a n d s av e y o ur ch an g es , and then close the Control Panel. 12. If prompted to restart your computer , click < OK > button to do so with the new settings. 3.2.5 WindowsÂ® NT 4.0 workstations: First, check for the IP protocol and, if necessary , install it: 1. I n t he Win dows NT ta sk bar , cl ick th e < Star t > bu tto n, poin t t o Settings , and then click Control Panel . 2. In the Control Panel window , double click the Network icon. 3. In the Network dialog box, click the Protocols tab. The Protocols tab displays a list of currently installed network
RX3042H User's Manual Quick Start Guide 17 protocols. If the list includes TCP/IP Protocol, then the protocol has already been enabled. Skip to step 9. 4 . I f T C P / I P d o e s n o t d i s p l a y a s a n i n s t a l l e d c o m p o n e n t , c l i c k < Add > button. 5. In th e Se le ct Ne two rk P rot oc ol di al og b ox, s ele ct T CP /IP , an d then click < OK > button. Y ou ma y be p ro mp t ed t o in st al l f il es f ro m y ou r Wi nd ow s N T installation CD or other media. Follow the instructions to install the ï¬les. After all ï¬les are installed, a window displays to inform you that a TCP /IP s er vic e cal led D HCP c an be s et up t o d yna mi cal ly assign IP information. 6. Cli ck < Y es > b utt on to co nti nu e, and th en cl ick < OK > b utt on if prompted to restart your computer . Next, co nï¬gur e th e P Cs t o ac cept IP addr esse s as sign ed b y the RX3042H: 7 . O p e n t h e C o n t r o l P a n e l w i n d o w, a n d t h e n d o u b l e - c l i c k t h e Network icon. 8. In the Network dialog box, click the Protocols tab. 9. In the Protocols tab, select TCP/IP , and then click < Properties > button. 10 .I n th e M ic ro s of t T CP /I P P ro pe rt i es d ia l og b ox , c li ck th e ra d io button labeled Obtain an IP address from a DHCP server . 1 1. C l ic k < OK > b ut to n t w ic e t o c o nf i rm a n d s av e y o ur ch a ng es , and then close the Control Panel. 3.2.6 Assigning static IP addresses to your PCs In some cases, you may want to assign IP addresses to some or all of yo ur P Cs di rect ly (o ften call ed â stati call yâ), rath er th an a llow ing the RX3042H to assign them. This option may be desirable (but not required) if: â¢ Y o u ha ve ob ta in e d on e o r mo r e pu bl i c IP ad dr es s es t ha t you want to alw ays associate wit h speciï¬c computer s (for e x a m p l e , i f y o u a r e u s i n g a c o m p u t e r a s a p u b l i c w e b
Quick Start Guide RX3042H User's Manual 18 server). â¢ Y ou maintain different subnets on your LAN. However , during the ï¬rst time co nï¬guration of your RX3042H, you m u s t a s s i g n a n I P a d d r e s s i n t h e 1 9 2 . 1 6 8 . 1 . 0 n e t w o r k f o r y o u r PC, say 192.168.1.2, in order to establish connection between the RX3042H and your PC as the default LAN IP on RX3042H is pre- c o n f i g u r e d a s 1 9 2 . 1 6 8 . 1 . 1 . E n t e r 2 5 5 . 2 5 5 . 2 5 5 . 0 f o r t h e s u b n e t mask and 192.168.1.1 for the default gateway . These settings may be changed later to reï¬ect your true network environment. On each PC to which you want to assign static information, follow the in st ruc tio ns on p age s 1 1 th rou gh 12 re la tin g onl y to che ck ing for and/or installing the IP protocol. Once it is installed, continue to fol low t he in str uct io ns fo r d isp la yin g eac h of the I nte rn et Pr oto col (TCP/IP) properties. Instead of enabling dynamic assignment of the IP add ress es for the co mput er , DN S s erve r , and de faul t g atew ay , c l i c k t h e r a d i o b u t t o n s t h a t e n a b l e y o u t o e n t e r t h e i n f o r m a t i o n manually . Not e: Y ou r PC s m us t ha ve I P a ddr es se s th at pl ac e t h e m i n t h e s a m e s u b n e t a s t h e R X 3 0 4 2 H Ê¼ s L A N port. If you manually assign IP information to all your LAN PCs, you can follow the instructions in Chapter 5 to change the LAN port IP address accordingly . 3 . 3 P ar t 3 â Q ui c k Co n ï¬ gu r a t io n of t h e R X 30 4 2 H In Part 3, you log into the Conï¬guration Manager on the RX3042H a n d c o n f i g u r e b a s i c s e t t i n g s f o r y o u r r o u t e r. Y o u r I S P s h o u l d prov ide yo u w ith th e n ece ssa ry inf orma tio n t o c omp let e t his ste p. Note the intent here is to quickly get the RX3042H up and running, instruct ions ar e conci se. Y o u may r efer to corres ponding chapte rs for more details. 3.3.1 Setting Up the RX3042H Follow these instructions to setup the RX3042H: 12.Bef ore ac cessing the Co nï¬gura tion Ma nager i n RX30 42H, ma ke sure that the HTTP proxy setting is disabled in your browser . In IE, click âT oolsâ -> âInternet Options...â -> âConnectionsâ tab -> âLAN se ttin gs.. .â and the n u nche ck âUse pr oxy ser ver for yo ur LAN ...â
RX3042H User's Manual Quick Start Guide 19 1 3 . O n a n y P C c o n n e c t e d t o o n e o f t h e f o u r L A N p o r t s o n t h e RX3042H, open your Web browser , and type the following URL in the address/location box, and press <Enter>: http://192.168.1.1 This is the predeï¬ned IP address for the LAN port on the RX3042H. A login screen displays, as shown in Figure 3.2. Figure 3.2 Login Screen If you ha ve problem connecting t o the RX30 42H, you ma y want to check if your PC is conï¬gured to accept IP address assignment from the RX3042H. Another method is to set the IP address of your PC to any IP address in the 192.168.1.0 network, such as 192.168.1.2. 1 4 . E n t e r y o u r u s e r n a m e a n d p a s s w o r d , a n d t h e n c l i c k " O K " t o enter the Conï¬guration Manager . The ï¬rst time you log into this program, use these defaults: Default Username: admin Default Password: admin Y o u c a n c h a n g e t h e p a s s w o r d a t a n y t i m e ( s e e section 10.2 Login Password and System Settings on page 66). The Syst em I nfor matio n pa ge displ ays each ti me y ou l og i nto the Conï¬guration Manager (shown in Figure 3.3).
Quick Start Guide RX3042H User's Manual 20 15. Follow the instructions described in Chapter 5 âRouter Setupâ to set up the LAN and W AN settings for RX3042H. A f t e r c o m p l e t i n g t h e b a s i c c o n f i g u r a t i o n f o r R X 3 0 4 2 H , r e a d t h e following section to determine if you can access the Internet. 3.3.2 T esting Y our Setup At th is po int, the RX3042 H sh ould enabl e any comp uters on y our LA N to u se t he R X3 04 2H Ê¼s A DS L o r ca bl e m od em c on ne ct io n to access the Internet. T o test the Int erne t co nnect ion, ope n yo ur web brows er , and typ e th e U R L of a ny e xt e rn a l w e bs i t e ( s uc h as ht t p: / / ww w .a s us . c om ). The LED labeled WAN should be blinking rapidly and may appear solid as the device connects to the site. Y ou should also be able to browse the web site through your web browser . Figure 3.3 System Status Page
RX3042H User's Manual Quick Start Guide 21 If the LEDs do not illuminate as expected or the web page does not display , see Appendix 12 for troubleshooting suggestions. 3.3.3 Default Router Settings I n a d d i t i o n t o h a n d l i n g t h e D S L c o n n e c t i o n t o y o u r I S P , t h e RX 30 42 H c an p r ov id e a v ar i et y of se rv ic e s to yo ur n e tw or k. Th e device is pre-conï¬gured with default settings for use with a typical home or small ofï¬ce network. T ab le 3 .2 li sts s ome o f the m ost i mpo rt ant d efa ul t s et tin gs ; t he se and other features are described fully in the subsequent chapters. If y ou a re fa mi li ar w i th n et wo rk c o nf ig ur at io n s et ti ng s, r ev ie w t he s e t t i n g s i n T a b l e 3 . 2 t o v e r i f y t h a t t h e y m e e t t h e n e e d s o f y o u r n e tw o r k . F o l l o w t h e i n s t r u c t i o n s t o c h a n g e t h e m i f n e c e s s a r y . I f you are unfamiliar with these settings, try using the device without modiï¬cation, or contact your ISP for assistance. Be f or e yo u m o d if y in g an y s e t ti n gs , re v ie w Ch a pt e r 4 f or ge n e ra l information about acces sing and u sing the C onï¬guration Manager program. We strongly recommend that you contact your ISP prior to changing the default conï¬guration. T able 3.2 Default Settings Summary Option Default Setting Explanation/Instruction DHCP (Dynamic Host Conï¬guration Protocol) DHCP server enabled with the following pool of addresses: 192.168.1.100 through 192.168.1.200 T h e R X3 04 2H m a i n ta in s a p o o l of p ri v a t e IP a d d r e s s es f or d y n am ic a ss i g n m e nt t o yo u r L A N c o m pu te rs . T o u s e t h is s er vi c e , y o u m us t ha v e s e t up y ou r c o m p ut er s to a c c e p t I P i nf or ma ti o n d y n am ic al ly , as d e s c r i be d in P a r t 2 o f th e Qu i c k S ta rt G ui d e . S ee s e c ti on 6 .1 f o r an e xp la n a t i o n of t h e D HC P s e r vi ce . LAN Port IP Address Static IP address: 192.168.1.1 subnet mask: 255.255.255.0 This is the IP address of the LAN port on the RX3042H. The LAN port connects the device to your Ethernet network. T ypically , you will not need to change this address. See section 5.1 LAN Conï¬guration LAN IP Address for instructions.

RX3042H User's Manual Using the Conï¬guration Manager 23 4 Using the Conï¬guration Manager T h e R X 3 0 4 2 H i n c l u d e s a p r e i n s t a l l e d p r o g r a m c a l l e d t h e Conï¬guration Manager , which provides an interface to the software i n s t a l l e d o n t h e d e v i c e . I t e n a b l e s y o u t o c o n f i g u r e t h e d e v i c e settings to meet the needs of your network. Y ou access it through your web browser from any PC connected to the RX3042H via the LAN or the W AN ports. T h i s c h a p t e r d e s c r i b e s t h e g e n e r a l g u i d e s f o r u s i n g t h e Conï¬guration Manager . 4.1 Log into the Conï¬guration Manager T h e C o n f i g u r a t i o n M a n a g e r p r o g r a m i s p r e i n s t a l l e d o n t h e RX3042H. T o access the program, you need the following: â¢ A computer connected to the LAN or W AN port on the RX3042H as described in the Quick Start Guide chapter . â¢ A w e b b r o w s e r i n s t a l l e d o n t h e c o m p u t e r. T h e p r o g r a m i s designe d to wo rk best with M icrosof t Intern et Expl orerÂ® 6 .0 or later . Y ou may access the program from any computer connected to the R X 3 0 4 2 H v i a t h e L A N o r WAN p o r t s . H o w e v e r , t h e i n s t r u c t i o n s provided here are for computers connected via the LAN ports. 1 . F r o m a L A N c o m p u t e r, o p e n y o u r w e b b r o w s e r, t y p e t h e f o l l o w i n g i n t h e w e b a d d r e s s ( o r l o c a t i o n ) b o x , a n d p r e s s <Enter>: http://192.168.1.1 T h i s i s t h e p r e d e f i n e d I P a d d r e s s f o r t h e L A N p o r t o n t h e RX3042H. A login screen displays, as shown in Figure 4.1.
Using the Conï¬guration Manager RX3042H User's Manual 24 Figure 4.1 Conï¬guration Manager Login Screen 2. Enter your username and password, and then click . The ï¬rst time you log into the program, use these defaults: Default Username: admin Default Password: admin Note: Y ou can change the password at any time (see section 10.2 Login Password and System Settings on page 66). The System Informatio n page displays ev ery time you log i nto the Conï¬guration Manager (shown in Figure 4.3 on page 20). 4.2 Functional Layout T y p i c a l Typ i ca l C o n f i g u r a t i o n p a g e c o n s i s t s o f s e v e r a l e l em e n t s â ba nn e r , m en u, me nu n a vi ga ti on ti ps , c on fi gu ra t io n, a nd on -l in e help. Y ou can click on any menu item to expand/contract any menu groups or to access a speciï¬c conï¬guration page. The conï¬guration p a n e i s w h e r e y o u i n t e r a c t w i t h t h e C o n f i g u r a t i o n M a n a g e r t o conï¬gure the s ettings for RX3042H . Menu navigation t ips show how the current conï¬guration can be accessed via the menus.
RX3042H User's Manual Using the Conï¬ guration Manager 25 Figure 4.2 T ypical Conï¬ guration Manager Page 4.2.1 Menu Navigation â¢ T o e x p a n d a g r o u p o f r e l a t e d m e n u s , d o u b l e c l i c k t h e m e n u o r t h e i c o n : â¢ T o c o n t r a c t a g r o u p o f r e l a t e d m e n u s , d o u b l e c l i c k t h e m e n u o r t h e i c o n : â¢ T o o p e n a s p e c i ï¬ c c o n ï¬ g u r a t i o n p a g e , d o u b l e c l i c k t h e m e n u o r t h e i c o n : 4.2.2 Commonly Used Buttons and Icons The following buttons or icons are used throughout the application. The following table describes the function for each button or icon. T able 4.1 Description of Commonly Used Bottons and Icons Button Function S t o r e s an y c h a n g e s y o u h a v e m a d e o n t he c u r r e n t p a g e . Adds the existing conï¬ guration to the system, e.g. a static route or a ï¬ rewall ACL rule and etc. Modiï¬ es the existing conï¬ guration in the system, e.g. a static route or a ï¬ rewall ACL rule and etc. Redisplays the current page with updated statistics or settings. Selects the item for editing. Deletes the selected item.
Using the Conï¬guration Manager RX3042H User's Manual 26 4.3 Overview of System Conï¬guration T o view the overall system conï¬guration, log into the Conï¬guration Manager , o r clic k the S tatus m enu if you ha ve alre ady lo gged on . Figure 4.3 show s sample information available in the Syst em Status page. Figure 4.3 System Status Page
RX3042H User's Manual Router Setup 27 5 Router Setup This chapter describes how to conï¬gure the basic settings for your rou ter s o t ha t t he co mp ute rs on y our L AN ca n c om mun ica te wi th each other and have access to the Internet. Network setup consists of LAN and W AN conï¬gurations. 5.1 LAN Conï¬guration 5.1.1 LAN IP Address I f y o u a r e u s i n g R X 3 0 4 2 H w i t h m u l t i p l e P C s o n y o u r L A N , y o u m u s t c o n n e c t y o u r L A N t o t h e E t h e r n e t p o r t s o n t h e b u i l t - i n E t h e r n e t s w i t c h . Y ou m u s t a s s i g n a u n i q u e I P a d d r e s s t o e a c h de vi c e re s id i ng o n y o ur L A N. Th e L A N IP a dd re s s t ha t i de nt i fi e s t h e R X 3 0 4 2 H a s a n o d e o n y o u r n e t w o r k m u s t b e i n t h e s a m e subnet as the PCs on your LAN. The default LAN IP address for the RX3042H is 192.168.1.1. Deï¬nition: A network node can be thought of as any i n t e r f a c e w h e r e a d e v i c e c o n n e c t s t o t h e n e t w o r k , su c h a s t h e R X 3 0 4 2 H Ê¼s L A N p o r t a n d t he ne t w o r k interface cards on your PCs. See Appendix 1 1 for an explanation of subnets. Y ou can change the default IP address to reï¬ect the true IP address that you want to use with your network. 5.1.2 LAN Conï¬guration Parameters T able 5.1 describes the conï¬guration parameters available for LAN IP conï¬guration.
Router Setup RX3042H User's Manual 28 T able 5.1 LAN Conï¬guration Parameters Settings Description Host Name For identiï¬cation only . IP Address T h e L A N I P a d d r e s s o f t h e R X 3 0 4 2 H . T h i s I P a d d r e s s i s u s e d b y y o u r c o m p u t e r s t o i d e n t i f y the RX3042HÊ¼s LAN port. Note that the public IP address assigned to you by your ISP is not your LAN IP address. The public IP address identiï¬es the W AN port on the RX3042H to the Internet. Subnet Mask The L A N s u bn e t m a s k i d e nt i fi e s wh i c h p a rt s of th e L AN I P A d d r es s r ef e r t o y o u r n e t w or k a s a whole and which parts refer speciï¬cally to nodes on the network. Y our device is preconï¬gured with a default subnet mask of 255.255.255.0. 5.1.3 Conï¬guring the LAN IP Address Follow these steps to change the default LAN IP address. 1. Open the Connecti on conï¬guration page, as sh own in Figure 5.1 by clicking the Router Setup -> Connection menu. Figure 5.1 Network Setup Conï¬guration- LAN Conï¬guration 2. (O pt io na l ) En te r th e h os t na m e fo r RX 30 4 2H . No te t h at h os t name is used for identiï¬cation only and is not used for any other purpose. 3. Enter the LAN IP address and subnet mask for the RX3042H in the space provided. 4. P ro c ee d t o th e WAN Co nf i gu ra ti o n se c ti on f o r in s tr uc ti o ns o n setting up the W AN port if you have not yet done so.
RX3042H User's Manual Router Setup 29 5. Click " Apply " to save the settings. If you were using an Ethernet connection for the current session, and changed the IP address or subnet mask, the connection will be terminated. 6. Y ou will see the following message displayed as shown below . 7. Y ou will be prompted to log back into the Conï¬guration Manager once the timer elapses. 5.2 W AN/DMZ Conï¬guration This section describes how to conï¬gure W AN/DMZ settings for the W AN interface on the RX3042H that communicates with you r ISP . Y ouÊ¼ll learn to conï¬gure IP address, DHCP and DNS server for your W AN in this section. DMZ (short for demilitarized zone) is a host or a small network that sits between a trusted internal network, such as a corporate private L A N , a n d a n u n t r u s t e d e x t e r n a l n e t w o r k , s u c h a s t h e I n t e r n e t . T y p i c a l l y , t h e D M Z c o n t a i n s d e v i c e s a c c e s s i b l e t o t h e I n t e r n e t trafï¬c , su ch as Web serv ers, FTP serve rs, S MTP (e-ma il) server s a n d D N S s e r v e r s . T h e D M Z c o n t a i n s n o c o r p o r a t e c o n f i d e n t i a l in fo rm at io n . In t h e ev en t t ha t th e D MZ i s c om pr om i se d, n o o th er company information will be exposed. Note: Only static IP connection mode is supported for DMZ. 5.2.1 W AN Connection Mode Five mode s of WAN connect ion are supported by the RX3042H â static IP , dynamic IP , PPPoE (multi-session), PPPoE unnumbered, a n d P P T P . Y o u m a y s e l e c t o n e o f t h e WA N c o n n e c t i o n m o d e s requi red by y our ISP from the Con nect ion Mode drop -dow n li st i n Network Setup Conï¬guration page as shown in Figure 5.2.
Router Setup RX3042H User's Manual 30 F i g u r e 5. 2 Ne tw or k S e t u p C o n ï¬ g u r at io n Pa ge - W A N C o n ï¬ gu ra ti on 5.2.2 PPPoE P P P oE c on ne c t i o n i s mo st o f t e n us ed b y AD SL s er v i c e p ro vi de rs . Figure 5.3. W AN â PPPoE Conï¬guration
RX3042H User's Manual Router Setup 31 5.2.2.1 W AN PPPoE Conï¬guration Parameters T a b l e 5 . 2 d e s c r i b e s t h e c o n f i g u r a t i o n p a r a m e t e r s a v a i l a b l e f o r PPPoE connection mode. T able 5.2. W AN PPPoE Conï¬guration Parameters Setting Description Link Select a port to conï¬gure. Available options are W AN1, WAN2 or DMZ. Connection Mode S e l ec t P P P o E f ro m t h e co nn ec t i o n m od e d r o p -d ow n l i s t . PPPoE Session Select the PPPoE session ID for this PPPoE session. Note that only two simultaneous PPPoE sessions are supported. Enable Check or uncheck this box to activate or de-activate this PPPoE session. User Name and Password E n t er t he u s e r n a me a nd p a s s w o rd y ou u s e t o l og i nt o y o u r IS P . (N ot e : t h i s is d if fe re nt f r o m th e in fo r m a t i on y ou u s e d to l og i n t o C on ï¬g ur a t i o n M an ag er . ) Service Name E n t er t he s e r v i c e na me p r o v i d ed b y yo u r I S P . S e rv ic e n a m e is o pt i o n a l b ut m ay b e r eq ui re d b y s o me I SP . AC Name Enter the access concentrator name provided by your ISP . Access concentrator name is optional but may be required by some ISPs. IP Address If your ISP allows you to always obtain the same IP address for your W AN, enter it here. Primary / Secondary DNS Server IP address of the primary and/or secondary DNS are optional as PPPoE will automatically detect the DNS IP addresses conï¬gured at your ISP . However , if there are other DNS servers you would rather use, enter the IP addresses here. MTU Y ou may s pecify the maxim um siz e of the t ransmi tted packet. For PPPoE, the range of MTU is from 546 to 1492. The default value is 1492. Disconnect after idle (min.) Enter the inactivity timeout period at which you want to disconnect the Internet connection when there is no trafï¬c. A value of 0 means no activity time out. Note that SNTP service may interfere with this function if there are activities from the service.
Router Setup RX3042H User's Manual 32 Setting Description Connect on Demand Click on the Enable or Disable radio button to enable or disable this option. Status On: PPPoE connection is active. Off: No PPPoE connection is active. Connecting: RX3042H is trying to connect to your ISP using PPPoE connection mode. Manual Disconnect/ Connect Click the D isconnect or Connect button to disconnec t or connect using the PPPoE connection mode. 5.2.2.2 Conï¬guring PPPoE for W AN Follow the instructions below to conï¬gure PPPoE settings: 1 . O p e n t h e N e t w o r k S e t u p c o n f i g u r a t i o n p a g e b y c l i c k i n g t h e Router Setup -> Connection menu. 2. Select which W AN port (W AN1/W AN2) to conï¬ gure for PPPoE connection mode. 3. Sele ct PPPoE from the WAN Con nection Mode drop-do wn li st as shown in Figure 5.3. 4. S e le c t PP P o E s e s s io n I D f r o m t h e P PP o E se s s i on I D dr o p - down list. Currently , two sessions are supported for each W AN port. 5. Enter the service name if required by your ISP . 6. (Optional) Enter the service name and/or AC name if required by your ISP . 7. (Optional) If your ISP al lows you to alw ays obtain the same IP address for your W AN, enter it in the IP Address ï¬e ld; otherwise, skip this step. 8. ( O p t i o n a l ) E n t e r t h e I P a d d r e s s e s f o r t h e p r i m a r y a n d / o r secondary DNS servers if you want to use your preferred DNS servers; otherwise, skip this step. 9. ( O p t i o n a l ) C h a n g e t h e M T U v a l u e i f n e c e s s a r y. I f y o u d o n o t k n o w w h a t v a l u e t o e n t e r , l e a v e i t a s i s . F o r d y n a m i c I P
RX3042H User's Manual Router Setup 33 Figure 5.4. W AN â PPPoE Unnumbered Conï¬guration conne ctio n mo de, the rang e of MTU is from 546 to 1492 . T he default value is 1492. 10 . E n t e r a p p r o p r i a t e co n n e c t i o n s e t t i n g s f or â Di s c o n n e c t a f t e r Idle (min) â and â Connect on Demand â. 1 1.Click " Apply " to save the settings. 5.2.3 PPPoE Unnumbered Some of the ADSL service providers may offer PPPoE unnumbered se r vi ce . Ch o os e t h is c on n ec t io n m o de i f y ou r I S P p r ov i de s s u ch service.
Router Setup RX3042H User's Manual 34 5 . 2 . 3 . 1 W A N P P P o E U n n u m b e r e d C o n ï¬ g u r a t i o n P a r a m e t e r s T a b l e 5 . 3 d e s c r i b e s t h e c o n f i g u r a t i o n p a r a m e t e r s a v a i l a b l e f o r PPPoE Unnumbered connection mode. T able 5.3. W AN PPPoE Unnumbered Conï¬guration Parameters Setting Description Link Select a port to conï¬gure. Available options are W AN1, WAN2 or DMZ. Connection Mode S e l ec t PP Po E U n n um be re d f r o m th e co nn e c t i o n m o d e dr op -d o w n l is t. T r a d i t i on al ly , ea ch n e t w o r k i n t er fa ce m u s t h av e a un i q u e IP a d d r e s s . Ho we ve r , a n un nu mb er e d i n te rf ac e d o e s no t ha ve t o h av e a u n i qu e IP a dd re ss . Th is m e a n s t h at w he n t h i s op ti on i s se le ct ed , t h e W AN a nd t h e L A N us e th e s a m e IP a d d re ss . Ne t w o r k r es ou rc e s a r e th er ef o r e c on se rv ed b e c au se f ew e r n e tw or k IP a dd re s s e s a r e us ed a n d r o u ti ng t ab l e i s s ma ll er . Enable NAPT Check or uncheck this box to enable NAPT for this connection. User Name and Password E n te r t h e u se r n a m e a n d p as s w o r d yo u u s e t o l og i n t o y o u r IS P . (N ot e : t h is i s d i f f e r e n t fr o m t h e in fo r m a t io n y o u u se d t o lo g in t o C on ï¬g ur a t i o n Ma na g e r . ) Service Name E n t e r t h e s e r v i c e n a m e p r o v i d e d b y y o u r I S P . S e r v i c e n a m e i s o p t i o n a l b u t m a y b e r e q u i r e d b y s o m e I S P s . AC Name Enter the access concentrator name provided by your ISP . Access concentrator name is optional but may be required by some ISPs. IP Address Enter a static IP address here for the PPPoE unnumbered connection. This IP address must be provided by your service provider . Unnumbered Network Address Enter the network address provided by your ISP . Primary / Secondary DNS Server IP address of the primary and/or secondary DNS are optional as PPPoE will automatically detect the DNS IP addresses conï¬gured at your ISP . However , if there are other DNS servers you would rather use, enter the IP addresses here.
RX3042H User's Manual Router Setup 35 Setting Description MTU Y ou may specify the maximum size of the transmitted packet. For PPPoE, the range of MTU is from 546 to 1492. The default value is 1492. Disconnect after Idle (min.) Enter the inactivity timeout period at which you want to disconnect the Internet connection when there is no trafï¬c. A value of 0 means no activity time out. Note that SNTP service may interfere with this function if there are activities from the service. Connect on Demand Click on the Enable or Disable radio button to enable or disable this option. Status On: PPPoE unnumbered connection is active. Off: No PPPoE unnumbered connection is active. Connecting: RX3042H is trying to connect to your ISP using PPPoE unnumbered connection mode. Manual Disconnect/ Connect Click the Disconnect or Connect button to disconnect or connect using the PPPoE unnumbered connection mode. 5.2.3.2 Conï¬guring PPPoE Unnumbered for W AN F o l l o w t h e i n s t r u c t i o n s b e l o w t o c o n f i g u r e P P P o E u n n u m b e r e d settings: 1 . O p e n t h e N e t w o r k S e t u p c o n f i g u r a t i o n p a g e b y c l i c k i n g t h e Router Setup -> Connection menu. 2. Select which W AN port (W AN1/W AN2) to conï¬ gure for PPPoE unnumbered connection mode. 3. S ele ct PPPo E U nnum ber ed fro m t he W AN C onn ecti on Mod e drop-down list as shown in Figure 5.4. 4. Check NAPT box if NA T is to be used for this connection. 5. Enter user name and password provided by your ISP 6. (Optional) Enter the service name and/or AC name if required by your ISP . 7. E n t e r t h e I P a d d r e s s , u n n u m b e r e d n e t w o r k a d d r e s s , a n d unnumbered netmask provided by your ISP . 8. ( O p t i o n a l ) E n t e r t h e I P a d d r e s s e s f o r t h e p r i m a r y a n d / o r
Router Setup RX3042H User's Manual 36 Figure 5.5. W AN â Dynamic IP (DHCP client) Conï¬guration 5.2.4.1 Conï¬guring Dynamic IP for W AN Follow the instructions below to conï¬gure dynamic IP settings: 1 . Op e n t h e N e tw o r k S e t u p c o n fi g u r a t i o n p a g e b y c l i c k i n g t h e Router Setup -> Connection menu. 2. S el ec t w hi ch WAN p o rt ( W AN 1 /WAN2 ) to c on f ig ur e fo r dynamic connection mode. 3. Se le ct Dyn am ic fr om t he Co nn ec tio n Mo de d rop -d own l is t as shown in Figure 5.5. Note that the IP addresses for the primary and/or the seco ndary DNS serve rs ar e aut omati cally assi gned secondary DNS servers if you want to use your preferred DNS servers; otherwise, skip this step. 9. ( O p t i o n a l ) C h a n g e t h e M T U v a l u e i f n e c e s s a r y. I f y o u d o n o t k n o w w h a t v a l u e t o e n t e r , l e a v e i t a s i s . F o r d y n a m i c I P conne ctio n mo de, the rang e of MTU is from 546 to 1492 . T he default value is 1492. 10.Enter appropriate connection settings for Disconnect after Idle (min) and Connect on Demand . 1 1.Click Apply to save the settings. 5.2.4 Dynamic IP D y n a m i c I P i s m o s t o f t e n u s e d b y t h e c a b l e m o d e m s e r v i c e providers.
RX3042H User's Manual Router Setup 37 by the DHCP server of your ISP . 4. ( O p t i o n a l ) C h a n g e t h e M T U v a l u e i f n e c e s s a r y. I f y o u d o n o t k n o w w h a t v a l u e t o e n t e r , l e a v e i t a s i s . F o r d y n a m i c I P conne ctio n mo de, the rang e of MTU is from 546 to 1500 . T he default value is 1500. 5. Click Apply "to save the settings. 5.2.5 Static IP Figure 5.6. W AN â Static IP Conï¬guration 5.2.5.1 W AN or DMZ Static IP Conï¬guration Parameters T able 5.4 describes the conï¬guration parameters available for static IP connection mode. T able 5.4. W AN Static IP Conï¬guration Parameters Setting Description Link Select a port to conï¬gure. Available options are W AN1/WAN2 or W AN/DMZ. Connection Mode Select Static from the connection mode drop- down list. IP Address W AN IP address provided by your ISP . For DMZ mode, typically , it is a private IP address.
Router Setup RX3042H User's Manual 38 Setting Description Subnet Mask W AN subnet mask provided by your ISP . T ypically , it is set as 255.255.255.0. Gateway Address Gateway IP address provided by your ISP . It must be in the same subnet as the W AN on the RX3042H. Primary/ Secondary DNS Server Y ou must at least enter the IP address of the primary DNS server . Secondary DNS server is optional MTU Y ou may specify the maximum size of the transmitted packet. F or static IP connection, the range of MTU is from 546 to 1500. The default value is 1500. 5.2.5.2 Conï¬guring Static IP for W AN or DMZ Follow the instructions below to conï¬gure static IP settings: 1 . Op e n t h e N e tw o r k S e t u p c o n fi g u r a t i o n p a g e b y c l i c k i n g t h e Router Setup -> Connection menu. 2. Select which W AN port (W AN1/W AN2) or DMZ port to conï¬gure for static connection mode. 3 . S e l e c t S t a t i c f r o m t h e C o n n e c t i o n M o d e d r o p - d o w n l i s t a s shown in Figure 5.6. 4. Enter W AN IP address in the IP Address ï¬eld. This information should be provided by your ISP . 5. E n t e r S u bn e t M a s k f or t h e WAN . T h i s in f o r m a t i o n s h o u l d b e provided by your ISP . T ypically , it is 255.255.255.0. 6. E n t e r g a t e w a y a d d r e s s p r o v i d e d b y y o u r I S P i n t h e s p a c e provided. 7. Enter the IP address of the primary DNS s erver . This infor mation s h o u l d b e p r o v i d e d b y y o u r I S P . S e c o n d a r y a n d t h i r d D N S servers are optional. 8. ( O p t i o n a l ) C h a n g e t h e M T U v a l u e i f n e c e s s a r y. I f y o u d o n o t k n o w w h a t v a l u e t o e n t e r , l e a v e i t a s i s . F o r d y n a m i c I P conne ctio n mo de, the rang e of MTU is from 546 to 1500 . T he default value is 1500.
RX3042H User's Manual Router Setup 39 9. Click Apply to save the settings 5.2.6 PPTP So m e o f th e s e r vi c e p r o vi d e r s re q u i r e us e r t o l og i n u s in g P P T P connection. 5.2.6.1 W AN PPTP Conï¬guration Parameters T a b l e 5 . 5 d e s c r i b e s t h e c o n f i g u r a t i o n p a r a m e t e r s a v a i l a b l e f o r PPTP connection mode. T able 5.5. W AN PPTP Conï¬guration Parameters Setting Description Link Sel ec t a po rt t o co nfi gu re . Av ail ab le o pt io ns a re WAN1, W A N 2 o r DM Z. Connection Mode S e l ec t PP TP f ro m t h e c o n ne ct io n m o d e dr op -d ow n l i s t. W AN Interface IP Select how W AN IP add ress is to be confi gured â st atic ( m a n u a l l y s e t t h e I P a d d r e s s ) o r d y n a m i c ( o b t a i n e d a u t om at ic al l y f r om t he D H C P s er v e r ) . Static Choos e this connec tion mode if the W AN IP is a fixed IP p r o vi de d by y o u r I SP . IP Address E n t er t he W A N I P a dd re s s p r o vi de d by y o u r I SP . Subnet Mask E n t er t he s u b n e t m as k fo r t h e W AN I P p r ov id ed b y y o u r IS P . Gateway Address E n t er th e ga te w a y I P ad d r e s s fo r th e W AN pr ov i d e d b y yo ur I S P . Dynamic (DHCP) Se le ct t hi s c on ne c ti on m od e i f yo u r WAN I P a dd re ss is o b t ai ne d au t o m a t ic al ly f r o m y ou r IS PÊ¼ s DH CP s er ve r . User Name and Password E nt er th e u se rn a m e an d pa s s wo rd yo u u se to lo g in to yo u r I S P . ( No te : th i s i s di f f e r en t fr om t h e i nf or ma t i on yo u us e d t o l o g i nt o Co n ï¬ g u r at io n Ma n a g e r .) Server IP Address E n t er t he P P T P s er v e r I P a dd r e s s p ro vi de d b y y o ur I SP . MTU Y o u m a y s p e c i f y t h e m a x i m u m s i z e o f t h e t r a n s m i t t e d p a c k e t. F o r P PT P , th e r a n g e o f MT U i s fr om 5 46 t o 14 60 . Th e de fa u l t v a l ue i s 14 6 0 . MPPE M P P E s t a n d s f o r M i c r o s o f t P o i n t - t o - P o i n t E n c r y p t i o n p r o to co l. Ch ec k th i s bo x , if th e pa ck e t is to be en cr y p t e d w / t h i s pr ot oc o l .
Router Setup RX3042H User's Manual 40 Setting Description Connect on Demand Click on t he Enable or Disabl e radio b utton to enable or d i s ab le t hi s o p t io n. Disconnect after Idle (min) En te r th e in ac ti vi t y ti me ou t pe ri od at w hi ch y ou w a nt t o d i s co nn ec t th e In te rn et co nn e c t i o n wh e n th er e is no tr af ï¬c . A v a l u e o f 0 m e a n s n o a c t iv i t y t i m e o u t . N o t e t h a t S N T P s e r v i c e m a y in te r f e r e wi th t h is fu nc t i o n if th e r e ar e ac ti v i t i e s fr om t h e s e r vi ce . Status O n : P PT P c o n ne ct io n i s a c ti ve . O f f: N o P P T P c on n e c t i on i s ac t i v e . C o n ne ct in g: RX 30 42 H is t ry in g t o co nn e c t to yo ur IS P us in g P P T P c o n n e c t i on m od e. Manual Disconnect/ Connect Click the D isconn ect or Conn ect bu tton t o dis connec t or c o n ne ct u si n g t h e PP TP c on ne ct io n m o d e. Figure 5.7. W AN â PPTP Conï¬guration
RX3042H User's Manual DHCP Server Conï¬guration 41 5.2.6.2 Conï¬guring PPTP for W AN Follow the instructions below to conï¬gure PPTP settings: 1 . O p e n t h e N e t w o r k S e t u p c o n f i g u r a t i o n p a g e b y c l i c k i n g t h e Router Setup ->Connection menu. 2. S e le ct wh i ch W AN po rt (WAN1 / W AN 2 ) t o co n fi g ur e f or PP TP connection mode. 3. S elect PPTP fro m th e W AN Conne ctio n Mo de dro p-dow n li st as shown in Figure 5.7. 4 . S e l e c t h o w WAN I P i s t o b e o b t a i n e d â s t a t i c o r d y n a m i c . I f your ISP provides a ï¬xed IP address, select Static in the WAN Interface IP drop-down list. Consult with your ISP if you have no idea. 5. Enter IP address, subnet mask and gateway IP address for your W AN if your WAN IP is to be set manually . 6. Enter user name and password provided by your ISP . 7. Enter PPTP server IP address provided by your ISP . 8. (O p t io n al ) Ch a n ge th e MT U va l ue i f n e ce s s ar y . I f yo u d o no t know what value to e nter , leave it as is . For PPTP conn ectio n mode, the range of MTU is from 546 to 1460. The default value is 1460. 9 . C h e c k M P P E b o x i f t h e p a c k e t i s t o b e e n c r y p t e d w i t h t h i s protocol. 10.Enter appropriate connection settings for Disconnect after Idle (min) and Connect on Demand . 1 1.Click Apply to save the settings. 5.3 W AN Load Balancing and Line Back Up RX 30 42 H su pp or ts l o ad b al an ci ng a nd li ne b ac k up o n t he WAN c o n n e c t i o n . T h i s f u n c t i o n i s a v a i l a b l e o n l y w h e n â D u a l - WAN â i s sel ect ed in the Ro ute r C onn ect ion co nï¬g ura tio n p age (a cce ssi ble by clicking the Router Setup ->Connection menu). WAN l o a d b a l a n ci n g d i s t r i bu t e s c o m m u ni c a t i o n a c t iv i t i e s a c r os s the two W ANs on RX3042H based on the preconï¬gured bandwidth
DHCP Server Conï¬guration RX3042H User's Manual 42 re qu ir em e nt o n t he W AN s. A no t he r f ea tu re su pp or t ed i s f ai l- o ve r for the W AN ports. If one of the W AN links is down, RX3042H will direct the trafï¬c destined for the downed W AN port to the still active W AN port. The li ne b ack u p fu nc ti on i s a no the r fe at ur e su pp or te d to e ns ur e uninterrupted Internet access. When the primary W AN link is down, the I nte rne t acc es s i s aut om ati cal ly sw it che d to th e b ac kup WAN link. 5.3.1 WA N L o a d B a l a n c i n g a n d L i n e B a c k U p Conï¬guration Parameters T able 5.6 describes the conï¬guration parameters available for WAN load balancing and line back up. T able 5.6. W AN Load Balancing and Line Back Up Conï¬guration Parameters Setting Description Load Balance S e l ec t on e o f t h e th re e a v a i l ab le o pt i o n s : Disable: disable both the W AN load balancing and line b a c k up f un c t i o n al it ie s. A ut o M od e: s el ec t th is op ti on if l oa d b al an ci ng i s de s i re d. The al gor ithm us ed for th e loa d b ala nci ng is wei ght ed r o u nd r ob in . L i n e Ba c k u p : se l e c t th is op ti on if li ne ba ck u p is ne ed e d . In t h e ex is ti n g im pl em e n t at io n, t h e pr im ar y l in k is al w a ys se t t o W A N 1 an d th e b a c k u p li nk i s a l w ay s se t t o W A N 2 . W AN1/W AN2 Bandwidth E n te r t h e r a t i o o f t h e t r a ff i c a m o u n t t h a t y o u w a n t t o di s tr i bu t e b e t we e n t h e WANs . Th e nu m b er sh o u ld be b e t we en 0 t o 1 0 0 %. F or e x a m p l e, 8 0% f o r W A N 1 a n d 20 % fo r W AN2 mean s 80 % of the tr af fic is dir ect ed to W AN1 a n d 2 0% o f t h e t ra fï¬ c is d i r e ct ed t o W A N2 . Connectivity Check Cl i ck En a bl e or Di sa b le ra d io bu tto n to en ab le or dis abl e this fe atu re. Co nne cti vity ch eck is us ed to mon ito r th e link status for the W AN ports. If this option is disabled, RX 30 4 2H w i ll no t p er f or m f ai l -o ve r ; t hi s m ea n s th a t i f one of the W AN link s is dow n, the traf fic dir ect ed to the do wn ed li nk wil l not be re- di r ec te d to th e act iv e lin k. It is r e c om me nd ed t ha t yo u ke ep t h i s o pt io n e n ab le d. H o w ev er , if the gat ew ay or the spe ci fi c ne tw or k de vi ce tha t wi ll be c h e ck ed f or c o n n ec ti vi ty d o e s n ot r es p o n d to p in g, y o u
RX3042H User's Manual DHCP Server Conï¬guration 43 Setting Description Connectivity Check (Cont.) w il l ne ed to d i sa bl e th is f ea tu r e . Ot he rw is e , RX 30 4 2H wi l l make incorre ct judgme nt regar ding the W AN link status an d th us af fe ct th e be ha v io r of th e loa d ba la nci n g or lin e b a c k up . Connectivity Check Interval The inte rval th at RX304 2H wil l check for the W AN link s t a tu s. T h e al lo wa bl e v a l ue i s 1 t o 6 0 s ec on ds . Connectivity Check IP Address (W AN1) Ent er the IP add res s of the spe cif ic net wor k devic e that t h e tr af ï¬c wi ll pa s s th r o u g h . T hi s ï¬e l d is op t i o n a l . No rm al l y , y o u do n Ê¼ t ne ed to pr ov id e an y I P ad dr es s he re , un le ss yo u k n o w th e tr a f ï¬ c mu st p as s a s pe ci ï¬c n e t w o r k de vi ce . Connectivity Check IP Address (W AN2) Ent er the IP add res s of the spe cif ic net wor k devic e that t h e tr af ï¬c wi ll pa s s th r o u g h . T hi s ï¬e l d is op t i o n a l . No rm al l y , y o u do n Ê¼ t ne ed to pr ov id e an y I P ad dr es s he re , un le ss yo u k n o w th e tr a f ï¬ c mu st p as s a s pe ci ï¬c n e t w o r k de vi ce . 5.3.2 Setting Up W AN Load Balancing and Line Back Up Figure 5.8. Load Balancing Conï¬guration
DHCP Server Conï¬guration RX3042H User's Manual 44 Follow the instructions below to set up W AN load balancing: 1 . O p e n t h e L o a d B a l a n c i n g c o n f i g u r a t i o n p a g e b y c l i c k i n g t h e Router Setup ->Load Balance menu. 2. Select Auto Mode in the Load Balance ï¬eld. 3. E nter the rati o of the tra fï¬c amou nt t hat you want to dist ribu te between the two W ANs. The allowable value is from 0 to 100%. The sum of the two numbers is 100%. 4 . S e l e c t w h e t h e r y o u n e e d t o e n a b l e o r d i s a b l e c o n n e c t i v i t y check. If this option is enabled, please also enter the following: a) Enter the connectivity check interval. b) (O p ti o na l ) E n te r t h e c o nn e ct i vi t y c h ec k I P ad d re s s f o r WAN1 and/or W AN2. 5. Click Apply to save the settings. 5.3.3 Setting Up W AN Line Back Up Follow the instructions below to set up line backup: 1 . O p e n t h e L o a d B a l a n c i n g c o n f i g u r a t i o n p a g e b y c l i c k i n g t h e Router Setup ->Load Balance menu. 2. Select â Line Backup â in the Load Balance ï¬eld. 3 . S e l e c t w h e t h e r y o u n e e d t o e n a b l e o r d i s a b l e c o n n e c t i v i t y check. If this option is enabled, please also enter the following: a) Enter the connectivity check interval. b) (Optional) Enter the connectivity check IP address for W AN1 and/or W AN2. 4. Click Apply to save the settings.
RX3042H User's Manual DHCP Server Conï¬guration 45 6 DHCP Server Conï¬guration 6.1 DHCP (Dynamic Host Control Protocol) 6.1.1 What is DHCP? DHCP is a protocol that enables network administrators to centrally m a n a g e t h e a s s i g n m e n t a n d d i s t r i b u t i o n o f I P i n f o r m a t i o n t o computers on a network. When you enable DHCP on a network, you allow a device â such a s t h e R X 3 0 4 2 H â t o a s s i g n t e m p o r a r y I P a d d r e s s e s t o y o u r computers whenever they connect to your network. The assigning device is called a DH CP server , and the receiving device is a DH CP client. N o t e : I f y o u f o l l o w ed th e Q u i c k St a r t Gu id e in st r u c t i o n s , y o u ei th er c o n ï¬ gu re d ea ch L A N PC wi t h a n IP ad d r e s s , o r y o u s p e c i f i e d t h a t i t w i l l r e c e i v e I P i n f o r m a t i o n dynami cally (autom aticall y). If you chose to have the in f or ma tio n ass ign e d dy nam ic all y , th en yo u con ï¬gu re d y o u r PC s as DH CP cl ie nt s th at wi ll ac ce pt IP ad dr es se s a s s i g n e d fr om a D C H P s er ve r su c h a s t h e R X 3 0 4 2H . The DHCP server dr aws from a deï¬ned po ol of IP addresses and â l ea s e s â t h e m f o r a s p e c i f i e d a m o u n t o f t i m e t o y o u r c o m p u t e r s wh en th e y r eq u es t a n I n te rn e t s es s io n . It mo n it o rs , c ol l ec t s, an d redistributes the addresses as needed. O n a D H C P - e n a b l e d n e t w o r k , t h e I P i n f o r m a t i o n i s a s s i g n e d dynam ical ly r athe r th an s tati call y . A D HCP cli ent can be assi gned a d i ff e r e n t ad d r e s s f r o m t h e p o o l e ac h t i m e i t r e c o n n e c t s t o t h e network. 6.1.2 Why use DHCP? DHCP all ows yo u to manage and di stribu te IP addresses thro ughout your ne two rk fro m t he RX3 042 H. With out DH CP , y ou wou ld ha ve to conï¬gure each computer separately with IP address and related i n f o r m a t i o n . D H C P i s c o m m o n l y u s e d w i t h l a r g e n e t w o r k s a n d those that are frequently expanded or otherwise updated.
DHCP Server Conï¬guration RX3042H User's Manual 46 6.1.3 Conï¬guring DHCP Server N o t e : B y d e f a u l t , t h e R X 3 0 4 2 H i s c o n f i g u r e d a s a DHCP server on the L AN si de, w ith a pred eï¬ned IP addre ss po ol of 192.1 68.1. 100 t hrough 192. 168.1. 149 (subn et mask 25 5.25 5.25 5.0) . T o ch ange th is r ange of addresses, follow the procedures described in this section. Fi r s t , yo u m u s t co n f i g u re y o u r P Cs t o a c c ep t D H C P i n fo r m a t i on assigned by a DHCP server: 1. Ope n the DHCP Serve r Conï¬g uration page, shown i n Figur e 6.1, by clicking Advanced -> DHCP Server menu. Figure 6.1. DHCP Server Conï¬guration Page 2 . E n t e r t h e i n f o r m a t i o n f o r t h e I P A d d r e s s P o o l ( B e g i n / E n d Ad dr es s) , S ub n et M a sk , Le a se T im e a nd D e fa ul t G at ew ay IP Address, ï¬elds; others, such as Primary/Secondary DNS Server IP Address and Primary/Second ary WINS Ser ver IP Address are optional. However , it is recommended that you enter the primary DNS s erv er I P add re ss in t he s pac e pro vi de d. Y o u ma y e nt er th e LA N I P o r yo u r IS P Ê¼s D N S IP i n t h e pr i m ar y D NS S er v e r IP A dd r es s f ie l d. T ab le 6 . 1 d es cr i be s t he DH C P c on fi g ur a ti on parameters in detail.
RX3042H User's Manual DHCP Server Conï¬guration 47 T able 6.1. DHCP Conï¬guration Parameters Field Description Enable Check or uncheck this box to enable or disable DHCP server service for your LAN. I P A dd r e s s P o o l Be gi n/ E n d Specify the lowest and highest addresses in the DHCP address pool. Lease T ime Th e a mo un t o f ti me i n se con ds t he a ss ig ned ad dr es s wi ll b e u se d by a d ev ice c on ne ct ed o n t he LA N. Default Gateway IP Address Th e ad dr es s of th e de fa ul t ga tew ay f or c om pu ter s th at r ec ei ve I P ad dr es se s f ro m th is p oo l. T he de fa ul t ga te wa y i s th e de vi ce th at t he D HC P cl ie nt co mp ut er s ï¬r st co nt ac te d to c omm un ic at e wi th th e In te rn et . T yp ic al ly , it i s t he R X3 04 2H Ê¼ s L AN p or t IP ad dr es s. Primary/ Secondary DNS Server IP Address T h e I P a d d r e s s of t he D o m a in N am e S y s t e m se rv er t o be u se d b y c o mp ut er s t h a t re ce iv e I P a dd re s s e s f r o m th is p o o l . Th e D N S s er ve r tr a n s l a te s co mm o n I n t er ne t na m e s t ha t yo u t y p e in to y ou r w e b b ro ws er i n t o th ei r e q u i v al en t nu m e r i c I P a d d r e s se s. T yp ic al l y , t h e s er ve r( s ) a r e lo ca te d w i t h yo ur I S P . H o w e v e r , y o u m ay e nt e r L A N IP a d d r es s of t h e R X 30 42 H as i t wi ll s er v e a s D NS p ro x y f o r th e LA N c o m pu te rs a n d f or wa rd t h e DN S re qu e s t f ro m th e L A N t o D N S s er ve rs a n d re la y th e r e s ul ts b ac k t o th e L A N c om pu te r s . N ot e th at b o t h t he p ri m a r y an d s e c on da ry D N S s e rv er s ar e o p t io na l. P r i ma ry / S e c on da ry W I N S S er ve r I P A dd r e s s ( o p ti on al ) The IP address of the WINS servers to be used by computers that receive IP addresses from the DHCP IP address pool. Y ou donÊ¼t need to enter this information unless your network has WINS servers. 3. Click Apply to save the DHCP server conï¬gurations.
DHCP Server Conï¬guration RX3042H User's Manual 48 6. 1. 4 V iewi ng C ur ren t DH CP Add re ss As si gn men ts Whe n the RX 30 42H f unc tio ns as a D HCP s erv er fo r you r L AN , i t keeps a record of any addresses it has leased to your computers. T o v ie w a t a b le o f a l l c u rr e n t I P a d d re s s a s s ig n me n t s, j us t op e n the DHCP Server Conï¬guration page and click on the link âCurrent DHCP Lease T ableâ located at the bottom of the co nï¬guration page. A page displays similar to that shown in Figure 6.2. T h e D H C P l e a s e t a b l e l i s t s a n y I P a d d r e s s e s l e a s e d a n d t h e corresponding MAC addresses. Figure 6.2. DHCP Lease T able 6.1.5 Fixed DHCP Lease Fixed DHCP lease is used in situation when a ï¬xed DHCP address is desired for a host that gets IP from the DHCP server . First, you sho ul d con ï¬g ur e y ou r PCs t o ac cep t DH CP i nfo rm at ion a ss ign ed by a DHCP server: 6.1.5.1 Access Fixed DHCP Conï¬guration Page â (Advanced ->DHCP Server) O p e n t h e F i x e d D H C P L e a s e c o n f i g u r a t i o n p a g e , a s s h o w n i n Figure 6.3, by clicking Advanced ->DHCP Server menu. N o t e t h a t w h e n y o u o p e n t h e F i x e d D H C P L e a s e c o n f i g u r a t i o n page, a list of existing lease is also displayed at the bottom half of the conï¬guration page such as those shown in Figure 6.3.
RX3042H User's Manual DHCP Server Conï¬ guration 49 Figure 6.3. Fixed DHCP Lease Conï¬ guration Page 6.1.5.2 Add a Fixed DHCP Lease T o add a ï¬ xed DHCP lease, follow the instructions below: 1. O pen the Fixe d DH CP Leas e co nï¬ guration pa ge, as s hown in Figure 6.3, by clicking Advanced ->DHCP Server menu. 2. Enter the MAC address and the desired IP address of the host requiring a ï¬ xed IP address. T able 6.2 describes th e ï¬ xed DHCP lease conï¬ guration parameters in detail. T able 6.2. Fixed DHCP Lease Conï¬ guration Parameters Field Description Fixed DHCP Lease MAC A h ar dw a r e I D o f th e d e v i c e th at n e e d s a ï¬ xe d I P a dd r e s s f ro m th e D H C P s er v e r . Fixed DHCP Lease IP T h e I P a d d r e s s le as ed f r o m t he D HC P s er ve r . N o t e th at i t i s re co mm en d e d t ha t th is I P a d d re ss b e o u t s i de o f th e D H C P I P p oo l. 3. Cl ick on t he Add bu tt on to ad d t he ne w ï¬ xe d D HCP le ase en tr y . 6.1.5.3 Delete a Fixed DHCP Lease T o d e l e t e a f i x e d D H C P l e a s e , c l i c k o n t h e i n f r o n t o f t h e speciï¬ c ï¬ xed DHCP lease to be deleted. 6.1.5.4 V iewing Fixed DHCP Lease T able T o s e e e x i s t i n g i n b o u n d f i x e d D H C P l e a s e , j u s t o p e n t h e F i x e d
DHCP Server Conï¬guration RX3042H User's Manual 50 D H C P L e a s e c o n f i g u r a t i o n p a g e b y c l i c k i n g A d v a n c e d - > D H C P Server menu 6.2 DNS 6.2.1 About DNS Domain Name System (DNS) servers map the user-friendly domain names that users type into their Web browsers (e.g., âyahoo.comâ) to the equivalent numerical IP addresses that are used for Internet routing. When a PC user types a domain name into a browser , the PC must fi r s t s e n d a re q u e s t t o a DN S s e rv e r t o o b t a i n t h e e q ui v a l e nt I P address. The DNS server will attempt to look up the domain name in it s own d at aba se , a nd w ill c om mun ic ate w it h h ig he r-l ev el DN S servers when the name cannot be found locally . When the address is found, it is sent back to the requesting PC and is referenced in IP packets for the remainder of the communication. 6.2.2 Assigning DNS Addresses Mu l t i p le D N S ad d r e ss e s a re u s ef u l t o p r o v id e a l t er n a t i ve s w h en on e of t he s er ve r s is d ow n or is e nc ou nt er in g he a vy t ra ffic . I SP s typically provide primary and secondary DNS addresses, and may p r o v i d e a d d i t i o n a l a d d r e s s e s . Y o u r L A N P C s l e a r n t h e s e D N S addresses in one of the following ways: â¢ S t a t i c a l l y : I f y o u r I S P p r o v i d e s y o u w i t h t h e i r D N S s e r v e r addre sses , yo u ca n a ssign th em t o ea ch P C by mo difyi ng t he PCsÊ¼ IP properties. â¢ D ynam ical ly f rom a DH CP Serv er: Y ou can conï¬ gure the DN S add res se s i n the DH CP s erv er in th e RX3 04 2H and a llo w the DHCP server to distribute the DNS addresses to the PCs. Refer to the section 6.1.3 âConï¬guring DHCP Serverâ for instructions on conï¬guring DHCP server . In ei th er ca se , yo u c an s pe cif y th e act ua l ad dre ss es of t he I SPÊ¼s DNS servers (on the PC o r in the DHCP Server conï¬guratio n page), or yo u ca n sp ec if y th e ad dr ess o f th e LA N po rt o n th e RX 30 42 H (e.g., 192.168.1.1). When you specify the LAN port IP address, the device performs DNS relay , as described in the following section.
RX3042H User's Manual DHCP Server Conï¬guration 51 Not e: If you sp eci fy the ac tua l DNS add res se s on th e PCs or in th e DHC P pool , th e DNS rela y fea tur e is not use d. 6.2.3 Conï¬guring DNS Relay Wh e n y ou sp e ci f y t he de v ic e Ê¼s L AN po r t I P a dd r es s as th e D N S addr ess , th en the Int erne t S ecu rity Ro uter au toma tic ally pe rfor ms âDNS relayâ ; i.e ., be cause the devic e its elf i s not a DN S ser ver , it f o rw a r d s d o m a i n n a m e l o o k u p r e q u e s t s f r o m t h e L A N P C s t o a DNS server at the ISP . It then relays the DNS server Ê¼s response to the PC. W h e n p e r f o r m i n g D N S r e l a y , t h e R X 3 0 4 2 H m u s t m a i n t a i n t h e I P a d d r e s s e s o f t h e D N S s e r v e r s i t c o n t a c t s . I t c a n l e a r n t h e s e addresses in either or both of the following ways: â¢ L e a r n e d t h r o u g h P P P o E o r D y n a m i c I P C o n n e c t i o n : I f t h e R X 30 4 2 H u s e s a P P P o E ( s e e s e c t i o n 5 . 2 . 2 P P P o E o r 5 . 2 . 3 P P P o E U n n u m b e r e d ) o r D y n a m i c I P ( s e e s e c t i o n 5 . 2 . 4 Dynamic IP) connection to the ISP , the primary and secondary DNS addresses can be learned via the PPPoE protocol. Using t h i s o p t i o n p r o v i d e s t h e a d v a n t a g e t h a t y o u w i l l n o t n e e d t o rec on fig ur e th e PCs o r th e RX3 04 2H i f the I SP c ha ng es th ei r DNS addresses. â¢ C o n f i g u r e d o n t h e R X 3 0 4 2 H : Y ou c a n a l s o s p e c i f y t h e I S P Ê¼s D N S a d d r e s s e s i n t h e WAN c o n fi g ur a ti on p a g e a s s h o w n i n Figure 5.3, Figure 5.4 or Figure 5.5 or Figure 5.6. Follow these steps to conï¬gure DNS relay: 1 . E n t e r L A N I P i n t h e D N S S e r v e r I P A d d r e s s f i e l d i n D H C P c o n ï¬g ur at io n p a g e as s ho w n i n F ig ur e 6 . 1 . 2. C on f ig ur e t he L A N PC s t o us e t he IP ad dr es se s a ss i gn ed by the DHC P s erv er on the Int erne t S ecu rity Ro uter , or en ter the Internet Security Router Ê¼s LAN IP address as their DNS server address manually for each PC on your LAN. Note: DNS addresses that are assigned to LAN PCs prior to enabling DNS relay will remain in effect until th e PC i s r e b oo t e d. D N S r e la y w il l on l y ta k e e ff e ct when a PCÊ¼s DNS address is the LAN IP address. Similarly , if after enabling DNS relay , you specify a
Routing RX3042H User's Manual 52 DN S a dd r es s ( ot he r th an th e L A N I P a dd r es s) in a DHC P poo l or st ati cal ly on a P C, the n tha t add res s will be used instead of the DNS relay address.
RX3042H User's Manual Routing 53 7 Routing Y o u c a n u s e C o n f i g u r a t i o n M a n a g e r t o d e f i n e s p e c i f i c r o u t e s fo r y o u r I nt e r n e t a n d n e t w o r k da t a c o m m u ni c a t i o n . T hi s c h a p t e r d e s c r i b e s b a s i c r o u t i n g c o n c e p t s a n d p r o v i d e s i n s t r u c t i o n s f o r creati ng st atic r outes . Note that most users do not ne ed to deï¬n e static routes. 7.1 Overview of IP Routes T h e e s s e n t i a l c h a l l e n g e o f a r o u t e r i s : w h e n i t r e c e i v e s d a t a in t e nd e d f o r a p a rt i c ul a r d e s ti n a ti o n , w h i ch n ex t d ev i c e s h ou l d it send that data to? When you deï¬ne IP routes, you provide the rules that the RX3042H uses to make these decisions. 7.1.1 Do I need to deï¬ne static routes? Most users do not need to deï¬ne sta tic routes . On a typical sm all home o r ofï¬ ce net work, the e xistin g rou tes th at se t up the d efault gateways for your LAN co mputers and for the RX3042H pro vide the most appropriate path for all your Internet trafï¬c. â¢ On your LA N c omp uter s, a d efau lt gate way di rect s a ll Inte rne t tra ffi c to t he L AN p or t o n th e RX 30 42 H. Y ou r LA N c om pu te rs kn ow th e ir d e fa u lt ga te w ay ei th e r b ec au s e y ou as si g ne d i t t o th e m w h en yo u mo d i fi e d t h ei r TC P / IP p ro p er t i es , o r be c a us e you conï¬gured them to receive the information dynamically from a s e r v e r w h e n e v e r t h e y a c c e s s t h e I n t e r n e t . ( E a c h o f t h e s e pr o c es s e s i s d e s cr i b ed i n t h e Q u i ck S ta r t G u i de i n st r uc t i on s , Part 2.) â¢ On th e R X 30 4 2H it s el f , a d e fa u lt ga t ew a y i s d ef i ne d t o d i re c t all outbound Internet trafï¬c to a router at your ISP . This default ga te w ay is a ss i gn e d a ut o ma t ic a ll y b y y o ur IS P w h en e ve r t h e d e v i c e n e g o t i a t e s a n I n t e r n e t c o n n e c t i o n . ( T h e p r o c e s s f o r adding a default rout e is described in section 7 .3.2 Adding Static Routes.) Y ou m ay n eed to deï¬n e st atic rou tes if y our home set up i nclu des two or more networks or subnets, if you connect to two or more ISP services, or if you connect to a remote corporate LAN.
Routing RX3042H User's Manual 54 7.2 Dynamic Routing using RIP (Routing Information Protocol) RIP e nab le s r ou tin g inf orm at ion e xch ang e bet we en ro ute rs; t hus , r o u t e s a r e u p d a t e d a u t o m a t i c a l l y w i t h o u t h u m a n i n t e r v e n t i o n . I t i s r e c o m m e n d e d t h a t y o u e n a b l e R I P i n t h e S y s t e m S e r v i c e s Conï¬guration Page as shown in Figure 10.1. Figure 7.1. RIP Conï¬guration Page 7.2.1 RIP Conï¬guration Parameters The fol lowing table deï¬nes the a vailabl e conï¬g uration param eters for static routing conï¬guration. T able 7.1. Static Route Conï¬guration Parameters Field Description Interface S e l ec t a n i n te rf ac e t h ro ug h w h i c h th e r o u t in g i n f or ma t i o n is e xc h a n g ed . A v ai la b l e o pt io ns a r e L A N , W A N 1 , W A N 2 , P PP o E 1 , PP Po E2 , P P Po E3 a n d P PP o E 4 . RIP C l i ck t h e â E na bl eâ o r âD is ab l e â ra di o b u t t on t o e n a bl e o r d i sa bl e â R I P â fo r t h e in te rf a c e se le ct e d . N o t e th a t y o u mu st e n a bl e RI P s e r v i c e ï¬r s t i n t he M a n ag em e n t / S ys te m S e rv ic es c o n ï¬g ur at i o n p a g e ï¬r s t .
RX3042H User's Manual Routing 55 Field Description Passive Mode E n a b l e th i s m o d e i f R I P c o n ï¬g u r e d f o r t h i s i n t e r f a c e w i l l o n ly r e c e i v e r o u t in g i n f o r m a t i o n f r o m o t h e r r o u t e r s a n d n o t s e n d r ou t i n g i n f o r m a t io n t o o t h e r r o u t e r s . D i s a b l e t h i s mo d e i f y o u w a n t t h i s i n t e r f a c e t o s e n d a n d r e c e i v e r o ut i n g i n f o r m a t i on t o / f r o m o t h e r r ou t e r s . RIP V ersion (Send) S e l ec t th e R I P v er s i o n f o r se nd in g t h e r ou ti ng i n fo r m at i o n . T hr e e o p t i on s ar e a va i l a bl e : V er s i o n 1 . V er si on 2 a n d B ot h. RIP V ersion (Receive) S e l ec t th e R I P v er s i o n f o r re ce iv i n g t he r ou ti n g i n fo r m at i o n . T hr e e o p t i on s ar e a va i l a bl e : V er s i o n 1 . V er si on 2 a n d B ot h. Authentication Click on âEnableâ or âDisableâ radio button to enable/disable authentication for exchanging the routing information. Note that all the routers exchanging routing information must use the same authentication key . Authentication Mode S e l ec t R I P a u t h en ti ca t i o n m od e f r o m t he d r o p d o w n li s t . T wo m o d es a re s u p po rt ed - C le ar T e xt a n d M D5 . Authentication Key E n t er t h e a u th en ti c a t i on k ey s h a re d by a l l t he r o u te rs e x c h an gi ng t h e r ou ti n g i nf or ma t i o n . 7.2.2 Conï¬guring RIP Follow these instructions to enable or disable RIP: 1 . I n t h e S y s t e m S e r v i c e s C o n f i g u r a t i o n p a g e ( a s s h o w n i n F i g u r e 1 0 . 1 ) , c l i c k t h e E n a b l e o r D i s a b l e r a d i o b u t t o n depending on whether you want to enable or disable RIP . 2. Selec t an inter face f rom t he dr op-dow n lis t for routi ng in forma tion excha nge. 3. C li ck t he En ab le r ad io b ut to n t o en ab le RI P fo r t he p ar ti cu la r interface selected. 4. Decide whether the RIP is operated in passive mode or not by clicking the Enable or Disable radio button. 5 . C h o o s e R I P v e r s i o n f o r s e n d i n g a n d r e c e i v i n g t h e r o u t i n g
Routing RX3042H User's Manual 56 information. Available optio ns are V ersion 1, V ersion 2 and Both. 6 . C h o o s e w h e t h e r a u t h e n t i c a t i o n i s r e q u i r e d b y c l i c k i n g t h e Enable or Disable radio button. 7 . ( O p t i o n a l ) I f a u t h e n t i c a t i o n i s e n a b l e , y o u m u s t a l s o s e l e c t authentication mode and the desired authentication key . 8. Click Apply to save the settings. 7.3 Static Route Figure 7.2. Static Route Conï¬guration Page 7.3.1 Static Route Conï¬guration Parameters The fol lowing table deï¬nes the a vailabl e conï¬g uration param eters for static routing conï¬guration. T able 7.2. Static Route Conï¬guration Parameters Field Description Destination Address Specifies the IP a ddress of the destinati on computer or an en t ir e de s ti n a ti o n n e tw o rk . It ca n al s o b e s p e ci f ie d as all zer os to in dic at e th at thi s ro ut e sho ul d be use d fo r all destina tions for which no o ther route is defined (this is the route that creates the default gateway). Note that d e s ti na ti on I P mu st be a n et w o r k I D . Th e d e f a u l t r o ut e u se s a desti nation IP of 0.0.0.0. Refer to Appendi x 1 1 f or an e x p la na ti on o f n et wo rk I D .
RX3042H User's Manual Routing 57 Field Description Subnet Mask I n d ic at es wh ic h pa rt s of th e de st in at i o n ad d r e s s re f e r to th e n e t w o r k a n d w h i c h p a rt s re f er t o a co m p u te r on th e n e t wo rk . R e f er t o A p p e n d ix 1 1, fo r an ex pl an a t i o n of ne tw or k ma sk s . T h e d ef au lt r o u t e us es a 0 . 0 . 0. 0 fo r s u b n e t ma sk . Gateway G a t ew ay I P ad dr es s Interface A va il ab le opt io n inc lu de AUT O, Eth 0 (L AN ), Et h1 (W AN) , PPP oE: 0 (unnu mbe red) , PPPo E:1 (1st PPP oE sess ion ), P P P o E : 2 ( 2 n d P P P o E s e s s i o n ) . T h e s e o p t i o n s a r e s e l ec ta bl e fr om th e dr o p - d o wn l i s t. I f A UT O is se le ct e d , th e router will automatically assign an interface to route the p a c ke ts b as e d o n t he g at e w a y IP a d d r e s s . 7.3.2 Adding Static Routes Figure 7.3. Static Route Conï¬guration Follow these instructions to add a static route to the routing table. 1. Open the Static Route conï¬guration page by clicking the Advanced ->Static Route menu. 2. Enter static routes information such as destination IP address, destination subnet mask, gateway IP address and the interface in the corresponding ï¬elds. F o r a d e s c r i p t i o n o f t h e s e f i e l d s , r e f e r t o T a b l e 7 . 2 . S t a t i c Route Conï¬guration Parameters. T o c r e a t e a r o u t e t h a t d e f i n e s t h e d e f a u l t g a t e w a y f o r y o u r L A N , e n t e r 0 . 0 . 0 . 0 i n b o t h t h e D e s t i n a t i o n I P A d d r e s s a n d Subnet Mask ï¬elds. 3. Click Add to add a new route.
Routing RX3042H User's Manual 58 7.3.3 Deleting Static Routes Figure 7.4. Sample Routing T able Fol lo w th es e in st ru ct io ns to d el et e a st at ic r ou te f ro m the r ou ti ng table. 1 . O p e n t h e S t a t i c R o u t e c o n f i g u r a t i o n p a g e b y c l i c k i n g t h e Advanced ->Static Route menu. 2. Cli ck on the ic on of the ro ute to be de let ed in the Ro uti ng T able. W ARNING D o n o t r e m o v e t h e r o u t e f o r d e f a u l t g a t e w a y u n l e s s y o u k n o w w h a t y o u a r e d o i n g . Re m o vi n g t he d e f au l t ro u t e wi l l r en d e r th e I nt e r n et unreachable. 7.3.4 V iewing the Static Routing T able A l l I P - e n a b l e d c o m p u t e r s a n d r o u t e r s m a i n t a i n a t a b l e o f I P addresses that are commonly accessed by their users. For each of these destination IP addresses, the table lists the IP address of the ï¬ rst hop the data should take. Th is table is known as the deviceÊ¼s routing table. T o view the RX3042HÊ¼s routing table, click the Advanced ->Static Rou te me nu. T he Ro ut ing T abl e dis pla ys at t he up per ha lf of t he Static Route Conï¬ guration page, as shown in Figure 7.2: The Routing T able displays a row for each existing route containing t h e I P a d d r e s s o f t h e d e s t i n a t i o n n e t w o r k , s u b n e t m a s k o f de s t i na t i o n n e t w or k a nd t h e I P o f t he g a te w a y th a t f or w a r ds t h e trafï¬ c.
59 RX3042H User's Manual Conï¬guring DDNS 8 Conï¬guring DDNS Dynamic DNS (DDNS) is a service that allows computers to use the same domain name, even when the IP address changes from time to t im e (d u r in g re b o o t o r w h e n t h e I S PÊ¼s D HC P s er v e r r e s et s IP leases). RX3042H connects to a DDNS service provider whenever t h e WA N I P a d d r e s s c h a n g e s . I t s u p p o r t s s e t t i n g u p t h e w e b se r v i ce s s uc h a s We b s er v e r , F T P s e r v er u s in g a do m a i n n a m e ins tea d of th e IP ad dr ess . D DN S sup por ts th e DDN S cli en ts wi th the following features: â¢ U pdat e DN S re cord s (a ddit ion) whe n an ext erna l in terf ace comes up â¢ Force DNS update HTTP DDNS Client HTT P D DN S cl ie nt u se s th e me ch an is m pr ov id ed b y th e po pu lar DDNS service providers for updating the DNS records dynamically . In this case, the service provider updates DNS records in the DNS. R X 30 4 2 H u s e s H T T P t o t r i g g e r t h i s u p d a t e . R X 3 0 4 2 H s u p p o r t s HTTP DDNS update with the following service provider: â¢ www .dyndns.org Figure 8.1. Network Diagram for HTTP DDNS Whene ver IP addr ess of the conï¬ gured DD NS i nterf ace chan ges, D D N S u p d a t e i s s e n t t o t h e s p e c i f i e d D D N S s e r v i c e p r o v i d e r. R X 3 0 4 2 H s h o u l d b e c o n f i g u r e d w i t h t h e D D N S u s e r n a m e a n d password that are obtained from your DDNS service provider .
60 Conï¬guring DDNS RX3042H User's Manual 8.1 DDNS Conï¬guration Parameters T a b l e 8 . 1 d e s c r i b e s t h e c o n f i g u r a t i o n p a r a m e t e r s a v a i l a b l e f o r DDNS service. T able 8.1. DDNS Conï¬guration Parameters Field Description Interface S e l ec t th e i n t e r fa ce t ha t t h e D DN S se r v i c e i s to b e u s e d. Status S h o ws t he s t a t e of D DN S. Enable DDNS C h e ck t h i s bo x t o en ab l e DD NS se rv ic e; ot he rw i s e , ke ep th e b o x u nc he ck e d . Domain Name E n t er t he re gi st er e d d o m a i n n a m e i n t o t h i s ï¬ e l d. F or ex am pl e, I f th e ho st na m e o f yo ur RX 3 0 4 2 H is âh os t 1 â a n d th e do ma in name is âyour domain .comâ , The fully qualify domai n name ( F Q DN ) is â h o s t 1 .y ou rd om a i n . c om â. Username E n t er th e us er na m e pr ov i d e d b y y o ur DD NS se rv i c e pr o v i d e r i n th is ï¬ el d . Password E n t er t h e pa s s w o r d pr o v i d e d by yo ur DD NS se rv i c e pr o v i d e r i n th is ï¬ el d . 8.2 Conï¬guring HTTP DDNS Client Figure 8.2. HTTP DDNS Conï¬guration Page
61 RX3042H User's Manual Conï¬guring DDNS Follow these instructions to conï¬gure the HTTP DDNS: 1. First, you should have already registered a domain name to the DDNS service provider , dyndns. If you have not done so, please visit www .dyndns.org for more details. 2. Op en t he DD N S c on f ig u ra t io n p a ge by cl i ck i ng Ad va n ce d - > DDNS Service menu. 3. Select the interface that the DDNS service is to be used. 4. Check Enable DDNS checkbox to enable the DDNS service. 5. Enter the registered domain name in the Domain Name ï¬eld. 6 . E n t e r t h e u s e r n a m e a n d p a s s w o r d p r o v i d e d b y y o u r D D N S service provider . 7. C li ck o n Ap pl y b ut to n to s en d a D NS u pd at e r eq ue st t o yo ur DDNS service provider . Note that DNS update request will also be sent to your DDNS service provider automatically whenever the W AN port status is changed.

RX3042H User's Manual Conï¬guring Firewall 63 9 Conï¬guring Firewall and NA T T h e R X 3 0 4 2 H p r o v i d e s b u i l t - i n f i r e w a l l / N A T f u n c t i o n s , e n a b l i n g you to p rot ect t he sys te m a ga ins t d en ial of s erv ic e ( Do S) att ac ks and other types of malicious accesses to your LAN while providing Internet access sharing at the same time. Y ou can also specify how t o m o n i t o r a t t e m p t e d a t t a c k s , a n d w h o s h o u l d b e a u t o m a t i c a l l y notiï¬ed. Th is c h ap te r d es cr i be s ho w t o c re at e/ m od if y/ d el et e AC L ( A cc es s Control List) rules to control the data passing through your network. Y ou will use ï¬rewall conï¬guration pages to: â¢ Conï¬gure ï¬rewall global and DoS settings â¢ Create, modify , delete and view ACL rules. Note : When you deï¬ne an ACL rule, y ou instruct the RX304 2H to examine each data packet it receives to determine whether it meets criteria set forth in the rule. The criteria can include the network or inter net p rotoc ol it is ca rryin g, the dire ction in wh ich i t is travel ing ( for example, from the LAN to the Internet or vice versa), the IP address o f t h e s e n d i n g c o m p u t e r , t h e d e s t i n a t i o n I P a d d r e s s , a n d o t h e r characteristics of the packet data. If the pac ket matche s the crit eria estab lished in a rule, t he packet c a n e i t h e r b e a c c e p t e d ( f o r w a r d e d t o w a r d s i t s d e s t i n a t i o n ) , o r denied (discarded), depending on the action speciï¬ed in the rule. 9.1 Firewall Overview 9.1.1 Stateful Packet Inspection The stateful packet inspection engine in the RX3042H maintains a state table that is used to keep track of connection states of all the packets passing through the ï¬rewall. The ï¬rewall will open a âholeâ to all ow the pa cke t to p ass thr oug h if the sta te of the p acke t t hat be l o n gs t o a n a lr e a d y e s t ab l i s he d c on n e c ti o n ma t c he s t he s t at e ma i n t a i n e d b y t h e s t a t e f u l p a c k et i n s p e c t i o n e n g i n e . O t h e r w i se , t h e p a c k e t w i l l b e d r o p p e d . T h i s â h o l e â w i l l b e c l o s e d w h e n t h e c o n n e c t i o n s e s s i o n t e r m i n a t e s . N o c o n f i g u r a t i o n i s r e q u i r e d f o r stateful packet inspection; it is enabled by default when the ï¬rewall is e n ab l e d . P l e a se r e f er t o se c t i on 9 . 3 .1 â F i re w a l l â t o e n a b l e o r disable ï¬rewall service on the RX3042H.
Conï¬guring Firewall RX3042H User's Manual 64 9.1.2 DoS (Denial of Service) Protection Both DoS protection and stateful packet inspection provide ï¬rst line of def ens e f or you r n etw ork . N o c onï¬ gur ati on is req uir ed fo r b oth pro tec tion s on you r n etw ork a s l ong as ï¬r ewa ll is en abl ed for th e RX3042H. By default, the ï¬rewall is enabled at the factory . Please refer to section 9.3.1 âFirewall â to enable or disable ï¬rewall service on the RX3042H. 9.1.3 Firewall and Access Control List (ACL) 9.1.3.1 Priority Order of ACL Rule All ACL rules have a rule ID assigned â the smaller the rule ID, the higher the priority . Firewall monitors the trafï¬c by extracting header informa tion fr om the packet and then ei ther d rops o r forwa rds th e pack et by lo okin g for a mat ch in the ACL ru le tab le ba sed on th e header information. Note that the ACL rule checking starts from the rule with the smalles t rule ID until a ma tch is foun d or all the ACL ru le s a re e xa m in ed . If no m a tc h is fo un d, t h e pa ck e t is dr op pe d ; otherwise, the packet is either dropped or forwarded based on the action deï¬ned in the matched ACL rule. 9.1.3.2 T racking Connection State Th e s ta t e f ul p a c ke t i ns p e c ti o n e ng i n e i n t he f i r ew a l l k e e p s t r a c k o f t h e s t a t e , o r p r o g r e s s , o f a n e t w o r k c o n n e c t i o n . B y s t o r i n g in f o r m a t i on a b o u t e ac h c o n n e c t io n i n a s t at e t a b l e , R X 3 0 4 2 H i s abl e to qui ck ly d et er mi ne i f a pa ck et p as si ng t hr oug h th e fi re wa ll belongs to an already established connection. If it does, it is passed through the ï¬rewall without going through ACL rule evaluation. F o r e x a m p l e , a n A C L r u l e a l l o w s o u t b o u n d I C M P p a c k e t f r o m 192.168.1.1 to 192.168.2.1. When 192.168.1.1 send an ICMP echo request (i.e. a ping packet) to 192.168.2.1, 192.168.2.1 will send an ICMP echo reply to 192.168.1.1. In the RX3042H, you donÊ¼t need to create another inbound ACL rule because stateful packet inspection en g i ne w il l re m e mb e r th e co n n ec t i on s ta t e a n d a l l ow s th e IC M P echo reply to pass through the ï¬rewall 9.1.4 Default ACL Rules The RX3042H supports two types of access rules:
RX3042H User's Manual Conï¬guring Firewall 65 â¢ A C L R u le s : f or c on t ro l li n g a ll ac c es s t o th e c o mp u te r s o n t he LAN and DMZ an d f or c ont roll ing acc ess to ext ern al n etw orks for hosts on the LAN and DMZ. â¢ Self-Access Rules: for controlling access to the RX3042H itself. Default Access Rules â¢ All trafï¬c from external hosts to the hosts on the LAN and DMZ is denied. â¢ Al l tr affi c or ig in ate d fr om t he L AN i s fo rw ar de d to t he ex te rn al network using NA T . W ARNING: It is not necessary to remove the default ACL rule from the ACL rule table! It is better to create higher priority ACL rules to override the default rule. 9.2 NA T Overview Ne tw or k Ad dr es s Tran sl a ti on a l lo ws us e of a si n gl e d ev ic e, su ch as the RX 304 2H, to a ct as an age nt be twe en the In ter net ( pub lic n e t w o r k ) a n d a l o c a l ( p r i v a t e ) n e t w o r k . T h i s m e a n s t h a t a N A T I P a d d r e s s c a n r e p r e s e n t a n e n t i r e g r o u p o f c o m p u t e r s t o a n y e n t i t y o u t s i d e a n e t w o r k . N e t w o r k A d d r e s s Tr a n s l a t i o n ( N A T ) i s a m e c h a n i s m f o r c o n s e r v i n g r e g i s t e r e d I P a d d r e s s e s i n l a r g e n e t w o r k s a n d s i m p l i f y i n g I P a d d r e s s i n g m a n a g e m e n t t a s k s . B e c a u s e o f t h e t r a n s l a t i o n o f I P a d d r e s s e s , N A T a l s o c o n c e a l s true network address from privy eyes and provide a certain degree security to the local network. Th e N A T mo d e s su p p o rt e d a r e s t a ti c N A T , d y n a mi c N A T , N A P T , reverse static NA T and reverse NAPT . 9. 2. 1 N A PT ( N e t w or k A d dr es s a n d Po r t T ra n s l a ti on ) or P A T ( Por t Add res s T ran sl at io n) Also calle d IP Masque rading , this feature maps many inter nal hosts to one globally valid Internet address . The mapping contain s a pool of netw ork port s to be use d fo r tr ansl atio n. Ever y pa cket is tra nsla ted w i t h t h e g l o b a l l y v a l i d I n t e r n e t a d d r e s s a n d t h e p o r t n u m b e r i s t r a n s l a t e d w i t h a n u n - u s e d p o r t f r o m t h e p o o l o f n e t w o r k p o r t s . Figur e 9.1 shows that all the hosts on the local networ k gain access to the Inter net by mappin g to only one global ly valid IP addres s and dif fer ent po rt nu mbers from a fre e poo l of n etwor k por ts.
Conï¬guring Firewall RX3042H User's Manual 66 Figure 9.1 NAPT â Map Any Internal PCs to a Single Global IP Address Fig ur e 9.2 Rev er se N AP T â Re lay ed I nc omi ng P ack et s to t he Internal Host Base on the Protocol, Port Number or IP Address
RX3042H User's Manual Conï¬guring Firewall 67 9.2.2 Reverse NAPT / V irtual Server Re ve rs e NA PT is a ls o ca ll ed in bo un d ma pp in g, p o rt m ap pi ng , or virtual server . Any packet coming to the RX3042H can be relaye d to th e i nt ern al ho st ba sed o n t he pr ot oco l, po rt nu mbe r and /o r I P a d d r e s s s p e c i f i e d i n t h e A C L r u l e . T h i s i s u s e f u l w h e n m u l t i p l e services are hosted o n differe nt internal hosts. Figure 9 .2shows that web server (TCP/80) is hosted on PC A, telnet server (TCP/23) on PC B, DNS server (UDP/53) on PC C and FTP server (TCP/21) on PC D. This means that the inbound trafï¬c of these four services will be directed to respective host hosting these services. 9 . 3 F i r e w a l l S e t t i n g s â ( F i r e w a l l / N A T - > S e t t i n g s ) 9.3.1 Firewall Options T able 9.1 lists the ï¬rewall options parameters. T able 9.1. Firewall Options Parameters Field Description DoS Check C he ck or un ch ec k th is bo x t o en a bl e or di sa bl e D oS check. Whe n DoS chec k is disab led, the following f u n ct io na li t i e s ar e di sa b l e d : â¢ St at ef ul p a c k et i ns pe c t i o n â¢ Sk ip a ll D o S at ta ck c h e c k Default NA T Log Po rt Prob ing Co nne ct ion att emp t to clo sed por ts will be log ge d if t h i s op ti on i s e na bl ed . Stealth Mode I f e na bl ed , R X 3 04 2H w i l l n o t r es po n d t o re mo te p e e rÊ¼ s a t t em pt t o c o n n e ct t o th e c l o se d T C P / U DP p o r t s . T o conï¬gure ï¬rewall settings, follow the instructions below: 1 . O p e n t h e F i r e w a l l S e t t i n g s c o n f i g u r a t i o n p a g e a s s h o w n i n Figure 9.3 by clicking on Firewall/NA T ->Settings menu. 2. Check or uncheck individual check box for each ï¬rewall option. 3. Click Apply to save the settings. 9.3.2 DoS Conï¬guration
Conï¬guring Firewall RX3042H User's Manual 68 The RX3042H has an Attack Defense Engine that protec ts internal n e t w o r k s f r o m D e n i a l o f S e r v i c e ( D o S ) a t t a c k s s u c h a s S Y N fl o o d i n g , I P s m u r f i n g , L A ND , P i n g o f D e a t h a n d a l l re - a s s e m b l y a t t a c k s . I t c a n d r o p I C M P r e d i r e c t s a n d I P l o o s e / s t r i c t s o u r c e routing packets. For example, a security device with the RX3042H Firew all provi des protec tion from âWin Nukeâ, a widely used program to r e mo t e ly c r a sh u n pr o t ec t e d W i n d ow s s ys t e m s i n th e I n te r n et . T h e R X 3 0 4 2 H F i r e w a l l a l s o p r o v i d e s p r o t e c t i o n f r o m a v a r i e t y of co m mo n In t er n e t a tt a c ks su c h a s I P Sp o o fi n g, P in g o f De a th , Land At tack, and Reass embly atta cks. For a com plete list of D oS prote ction prov ided b y the RX30 42H, p lease see T able 2.1 . 9.3.2.1 DoS Protection Conï¬guration Parameters T ab le 9.2 pr ovi des ex pla nat ion f or eac h t ype of Do S a tta cks . Y ou m a y c h e c k o r u n c h e c k t h e c h e c k b o x t o e n a b l e o r d i s a b l e t h e protection for each type DoS attacks. T able 9.2. DoS Attack Deï¬nition Field Description IP Source Route I n t ru de r us es âs ou rc e r ou ti n g â i n o rd er t o br ea k in to th e t a r ge t sy st e m . IP Spooï¬ng Sp o o f i n g i s th e c r e a t i o n o f T C P / I P p a c k et s u s i n g s o m eb od y e l se Ê¼ s IP ad dr es s . IP sp oo ï¬n g is an i nt eg ra l p a rt of ma ny n e t wo rk at t a c k s t ha t do no t ne e d t o se e r e s po ns es . Land Atta cker se nds out pac ket s to th e s yste m w ith the s a m e so ur c e an d de s t i n a t io n IP ad dr e s s be in g th at o f t h e t ar ge t sy st em an d ca us e s th e ta r g e t sy s t e m t r yi ng t o r e so lv e an i n ï¬ n i t e se ri es o f c o n n e ct io ns t o i t s e l f . Th is c a n c au se t h e t a rg et s ys t e m t o sl ow d o w n d ra st ic al l y . Ping of Death An attacker sends out larger than 64KB packets to c a u se c er ta i n o p er at in g s y s t e m to c ra s h . Smurf A n a t t a c k e r i s s u e s I C M P e c h o r e q u e s t s t o s o m e br o ad ca s t add re s se s. Ea c h dat ag ram ha s a sp oo f ed I P so ur ce ad dr e s s t o b e t ha t o f a re al ta rg et - h o s t . M o s t of the ad dre sse d h ost s wil l r esp ond wi th an IC MP e c h o r e p l y , b ut n o t t o th e r ea l i n i t ia ti ng ho st , in st ea d al l r e p li es ca rr y th e I P ad dr es s of th e p r e v i ou sl y sp oo f e d h os t a s th e ir cu r re nt de st in at i on an d ca u s e th e vi ct im h o s t or n et w o r k to s lo w d o w n dr as ti ca l l y .
RX3042H User's Manual Conï¬guring Firewall 69 Field Description SYN/ ICMP/ UDP Flooding C h e ck or un - c h e ck th is op t i o n t o en ab le o r di sa bl e th e loggin g for SYN/IC MP/UDP flooding attack s. These at ta ck s in vo lv e se nd in g lo ts of TC P SYN /I CM P/ UD P t o a h o s t in a v e r y s ho r t p er io d. RX 30 42 H w i ll no t d ro p th e fl o od in g p ac ke t s to av oi d a ffe ct in g t he n o rm al t r a fï¬ c. TCP XMAS/ NULL/ FIN Scan A hacker may be scannin g your syste m by sending t h e se sp ec ia l l y f o r m at te d p ac k e t s t o s e e w ha t s er vi c e s a r e a v a i la bl e. S om et i m e s t h i s i s d o n e in p re pa ra t i o n f o r a fu tu r e a tt ac k , o r so me t i me s it i s do ne to s ee if y o ur sy ste m mi gh t ha ve a ser vic e, whi ch is su sc e pt ib le to a t t ac k. XMA S s ca n: A TCP p ack et ha s b een s een w ith a seq ue nce n um be r o f ze ro an d th e F IN , URG , an d P U S H bi ts a r e a l l se t. NU LL sc a n: A T C P p ac k et h a s b ee n s ee n w i th a s e q ue nc e n um be r o f z er o a nd a ll c on t r o l b i t s a r e s e t t o z e r o. FIN sc an: A h ack er is sca nni ng the t arg et sys tem u s in g a âs te a l th â me th o d . Th e go a l o f th e ha ck e r i s t o ï¬ n d o ut i f t h e y c an c on ne c t t o t h e s ys t e m w it ho u t r ea ll y connecting using the âFINâ scanning. It attempts to cl ose a no n- e xi s te n t con nec tio n on th e se rv er . Ei t he r way , it is an error , but systems sometimes respond w i t h d i f fe re nt e rr or r es ul t s d ep e n d i n g u p o n w he t h e r t he d e s ir ed s er v i c e is a va il a b l e or n ot . Re-assembly I n t h e t e a r d r o p a t t a c k , t h e a t t a c k e r Ê¼ s I P p u t s a c o n fu si ng of fs et va lu e in th e se c o n d or la t e r fr a g m e n t. I f th e re ce iv in g op er at i n g sy st e m do es no t h a v e a pl an f o r t hi s si t u a t i on , it c a n c a us e th e s y s t e m to c ra s h . WinNUKE Check or un-check this option to ena ble or disable p r o t e c t i o n a g a i n s t W i n n u k e a t t a c k s . S o m e o l d e r v e rs io ns o f t he Mi cr o s o ft Wi nd o w s O S ar e vu l n e r ab le to thi s a tta ck. If t he com put ers in t he LAN ar e not u p d at ed wi th r e c e n t v e r si on s/ pa t c h e s , yo u a re ad vi s e d t o en ab le t h i s p ro te ct io n b y ch ec ki ng t h i s c he ck b o x .
Conï¬guring Firewall RX3042H User's Manual 70 9.3.2.2 Conï¬guring DoS Settings T o conï¬gure DoS settings, follow the instructions below: 1 . O p e n t h e F i r e w a l l G e n e r a l c o n f i g u r a t i o n p a g e a s s h o w n i n Figure 9.3 by clicking on Firewall ->Security menu. 2 . C h e c k o r u n c h e c k i n d i v i d u a l c h e c k b o x f o r e a c h t y p e D o S protection. 3. Click Apply to save the settings. Figure 9.3. Firewall General Conï¬guration Page 9.4 ACL Rule Conï¬guration Parameters 9.4.1 ACL Rule Conï¬guration Parameters T able 9 .3 descri bes the conï¬gura tion pa rameters ï¬rewall inbound , outbound and self-access ACL rules.
RX3042H User's Manual Conï¬guring Firewall 71 T able 9.3. ACL Rule Conï¬guration Parameters Field Description Filter Direction â choose the available option from the drop-down list to conï¬gure the ACL. F o r du al -W AN co n ï¬ g u r a t io n, tw o op t i o n s a re av ai l a b l e â LA N -> W AN an d W A N - > L A N. Fo r W AN DMZ conf igu ra tio n, six op tio ns are ava il abl e â LAN ->W AN , W A N - > L A N, L AN - > D M Z , D MZ -> LA N , W A N - > D MZ a nd D M Z - > W A N . ID Add New C l i ck o n th i s o p ti on t o a d d a n ew A CL ru l e . Rule Number S e l e c t a r u l e f r o m t h e d r o p - d o w n l i s t , t o m o d i f y i t s s e t ti ng s. Move to Th i s opt io n al lo ws yo u to se t a pr io ri t y for th is ru le . The RX 30 42H Fi re w al l a c t s o n pa ck et s ba s e d o n t he pr io r i t y of th e ru l e s . S et a pr io r i t y b y s pe ci fy in g a n um be r fo r i t s p os it io n i n th e li st o f r ul es : 1 (First) T h i s nu mb er m a r k s th e hi g h e s t p ri or it y . Other numbers S e l ec t ot he r nu mb e r s t o i n d i c at e th e pr io ri t y y o u w i s h t o a s s ig n to t h e r u le . Log C l i c k o n t he âE na bl e â o r â D i s a b l e â ra di o bu tt on t o e n a b l e o r d is ab le l og gi n g f o r t h i s AC L r ul e . Action Allow S e l ec t th is b u t t on t o co n ï¬ g u r e th e ru l e a s a n al lo w r u l e. T h i s ru l e wh en bo un d to t h e Fi r e w a l l wi ll al lo w ma tc hi n g p a c ke ts t o p a s s th ro ug h. Deny S e l ec t th is b u t t on t o co n ï¬ g u r e th e ru l e a s a d en y r u l e . T h i s r u l e w h e n b o u n d t o t h e F i r e w a l l w i l l n o t a l l o w m a t ch in g pa c k e t s t o pa ss t h r o ug h. R o u te t o â k ee p th e s e t t i ng t o âA U T Oâ u nl e s s p ac ke ts a r e r o ut ed t o s p e c i ï¬c i nt er f a c e . A va il a b l e o p ti on s in c l u d e AU T O , et h1 ( W AN 1) , e t h 2 ( W A N 2 ) , PP P1 ( W A N1 - u n n um be re d) , PP P1 (W AN 2- u n n u m be re d) , PP P3 (W AN 1- P P P o E 1 ), PP P4 ( W A N1 -P PP o E 2 ), P P P5 ( W AN 2- PP Po E 1 ) , P P P 6 ( W AN 2- PP Po E 2 ) . I f W AN in te rf ac e is set to DMZ mod e, onl y AUT O, eth 1, PPP 1/ 3/ 4 are ava il ab le . T h e se o pt io ns ar e se le c t a b l e f r o m t h e d r o p -d ow n li st . If AU T O is se l e c t e d , the route r will route the pack ets based on the info rma tion in the rou ting t a b le .
Conï¬guring Firewall RX3042H User's Manual 72 Field Description NA T None Se le c t th is op ti on if you do nÊ¼ t int en d to use NA T in th is A C L r u l e . IP Address Sel ect this opti on to sp ecif y the IP addre ss of the you w a n t t h e o u t g o i n g t r a f ï¬c t o u s e a s t he so ur c e I P a d d r e s s . N o t e th is o p t i o n i s ca ll e d . Auto R X 3 0 4 2 H a u t o m a t i c a l l y u s e s t h e I P a d d r e s s o f t h e i n t er fa ce t h a t th e tr a f ï¬ c is to be f o rw ar de d a s th e so ur c e I P a dd r e s s . I t is r ec om me nd e d t ha t yo u s e l ec t th i s o p t io n i f NA T i s to b e u s ed f or o u t g o in g tr af ï¬ c Source T h i s o p t i o n a l l o w s y o u t o s e t t h e s o u r c e n e t w o r k t o w h i c h t h i s r u l e s h o u l d a p p l y . U s e t h e d r o p - d o w n l i s t t o s e l e c t o n e o f t h e f o l l o w i n g options: Any T h i s o p t i o n a l l o w s y o u t o a p p l y t h i s r u l e t o a l l t h e c om pu te rs in th e so u r ce ne tw or k, su ch as th os e on t he I n t er ne t f o r th e in bo un d tr af ï¬c or a l l th e co mp ut e r s in th e l o c al n et wo r k f o r ou tb ou n d t r af ï¬c . IP Address T h i s o p t i o n al lo w s yo u t o sp ec i f y an IP a dd re ss on wh ic h t h i s ru le w i l l b e ap pl ie d . IP Address S p e ci fy t he a p p r op ri at e n e t w o rk a dd re s s Subnet Th is op t io n al low s yo u t o in cl ude al l th e co mp ut ers tha t ar e c o n ne c t e d i n a n I P s ub n e t . Wh e n t h i s o p t i o n i s s e l ec te d, t h e f o ll ow in g ï¬ e l d s b ec om e a v a i l ab le : Field Description Address E n t er t he a p p r o p ri at e IP a dd re s s . Mask E n t er t he c o r r e s po nd in g s u b n e t ma sk . MAC Address This opt ion allo ws y ou t o sp ecif y a MAC addr ess on w h i ch t hi s r u l e wi ll b e a p p l i ed . MAC E n t er t he d e s i r e d MA C ad d r e s s . Destination Thi s op ti on a ll ow s yo u to s et th e de st in at io n ne tw or k to wh ic h this rule should apply . Use the drop-down list to select one of the following options: Any T h i s o p t i o n a l l o w s y o u t o a p p l y t h i s r u l e t o a l l t h e c o m pu te rs in th e lo ca l ne t w o r k f o r in b o u n d t r a fï¬ c or a ny c o m pu te r in t h e In te rn et f o r ou tb ou nd t r a f ï¬c .
RX3042H User's Manual Conï¬guring Firewall 73 IP Address, Subnet S e l e c t a n y o f t h e s e o p t i o n s a n d e n t e r d e t a i l s a s d e s cr ib ed i n t h e S ou rc e I P s ec ti o n a b ov e. Service S e le c t a s e r v i c e , f r o m t h e d r o p - d o w n l i s t , t o w h i c h t h i s r u l e sh ou ld ap p ly . I f t he d e si re d s er v ic e i s n ot l i st ed , c li c k on th e Edit button to create a new service. Time Select a time slot during which this rule should apply . Enable C h e ck t h i s b o x if y o u w a n t to a ct iv at e th e A C L ru le at th e t i m e sp ec iï¬ e d . D a t e a n d T i m e C h c k th e de s i r e d d at es a n d t i me f or t h i s AC L r ul e. T able 9.4. Service Conï¬guration Parameters Field Description Service Name E n t er a d is t i n c t iv e na me i d e n ti fy in g t h e n ew s er vi c e . Protocol Sel ec t a prot oc ol ty pe fr om th e dro p-d ow n lis t. Av ail ab le op tio ns are All, T C P , U D P , I C MP , I G M P , AH E SP a nd T C P / U D P . Port Range T hi s op t i o n al lo w s y ou to se t t h e de st i n at io n p o rt to wh i ch th is r u le sh o u l d a p p ly . U s e t he d ro p - d o w n li st t o s e l ec t on e o f t h e fo ll ow i n g o pt io ns : Any Select this option if you want this rule to apply to all a p p li ca ti on s w i t h an a rb i t r a r y so ur ce p o r t n um be r . Single T h i s o p t i o n a l l o w s y o u t o a pp ly th is ru le to a n a p p l i c a t io n w i t h a sp ec i ï¬ c s ou rc e po r t n u mb er . Port Number E n t er t he s o u r c e p or t nu m b e r Range S e l e c t t h i s o p t i o n i f y o u w a n t t h i s r u l e t o a p p l y t o applications with this port range. The following fields b e c om e av ai l a b l e f or e nt r y w h en t hi s o p t i o n is s el e c t e d . Start Port E n t er t he s t a r t i ng p or t n u m b e r of t he r a n g e End Port E n t er t he e n d i n g p or t nu m b e r of t he r a n g e
Conï¬guring Firewall RX3042H User's Manual 74 Field Description T h i s op ti on a l lo ws y o u to s e le ct t h e IC MP me ss a g e ty pe f o r th e se r v i c e . T he s u p po rt ed I C M P m es s a g e t y pe s ar e: â¢ Any (default) â¢ 0: Echo reply â¢ 1: T ype 1 â¢ 2: T ype 2 â¢ 3: Dst unreach: destination unreachable â¢ 4: Src quench: source quench â¢ 5: Redirect â¢ 6: T ype 6 â¢ 7: T ype 7 â¢ 8: Echo req: â¢ 9: Router advertisement â¢ 10: Router solicitation â¢ 1 1: T ime exceed: time exceeded â¢ 12: Parameter problem â¢ 13: T imestamp request â¢ 14: T imestamp reply â¢ 15: Info request: information request â¢ 16: Info reply: information reply â¢ 17: Addr mask req: address mask request â¢ 18: Addr mask reply: address mask reply 9. 5 Co nï¬ gu ri ng A CL Ru le s â (F ir ew al l -> AC L) By cre ati ng A CL ru les in th e AC L co nï¬g ura tio n p age as sh own i n Figure 9.4, you can perform access control (allow or deny) to both the trusted and un-trusted networks. Options in this conï¬guration page allow you to: â¢ Add a rule, and set parameters for it â¢ Modify an existing rule â¢ Delete an existing rule â¢ View conï¬gured ACL rules
RX3042H User's Manual Conï¬guring Firewall 75 Figure 9.4. ACL Conï¬guration Page 9.5.1 Add an ACL Rule T o add an ACL rule, follow the instructions below: 1. Open the ACL Rule conï¬guration page, as shown in Figure 9.4, by clicking Firewall ->ACL menu. 2 . S ele ct an op tion f rom th e â Fil ter Di rec tio nâ dro p-d own li st. Fo r e xa mp le , if y o u wa nt t o c re at e an A C L t o ï¬ lt er t ra fï¬ c o ri gi na te d f ro m LA N an d de st in ed to W AN , th en c ho os e LA N -> W A N o pt io n. 3. Select Add New from the âIDâ drop-down list. 4. S et d es ir ed ac ti on ( Al lo w o r De ny ) fr om th e Ac ti on d ro p- do wn l is t. 5. Select from the Route T o drop-down list if you intend to direct the tra fï¬c to a sp eciï¬ c inte rfa ce. Ch oos e AU TO if yo u w ant to have RX3042H route the trafï¬c automatically . 6. C h o o s e N A T t y p e a n d e n t e r t h e r e q u i r e d i n f o r m a t i o n f o r t h e selected NA T type. 7. M a k e c h a n g e s t o a n y o r a l l o f t h e f o l l o w i n g f i e l d s : s o u r c e / des tin at ion I P , se rv ice , tim e and l og. P lea se se e T a ble 9 .3 fo r
Conï¬guring Firewall RX3042H User's Manual 76 Figure 9.5. ACL Conï¬guration Example explanation of these ï¬elds. 8. A s s ig n a pr i o r it y f or t h is r ul e b y s e l e ct i n g a n u mb e r fr o m th e M o v e t o d r o p - d o w n l i s t . N o t e t h a t t h e n u m b e r i n d i c a t e s t h e priority of the rule with 1 being the highest. Higher priority rules will be examined prior to the lower priority rules by the ï¬rewall. 9. C lick on th e Add but ton to cre ate th e n ew AC L rul e. The ne w ACL rule will then be displayed in the inbound access control list table at the bottom half of the Inbound ACL Conï¬guration page. Figure 9.5 illustrates how to create a rule to deny outbound HTTP trafï¬c originated from the host w/ IP address 192.168.1.129. Figure 9.6. Sample ACL List T able
RX3042H User's Manual Conï¬ guring Firewall 77 9.5.2 Modify an ACL Rule T o modify an inbound ACL rule, follow the instructions below: 1. O pe n t he O ut b ou nd A CL Ru le Co nf ig ur a ti on P a ge b y c li ck in g Firewall/NA T ->ACL menu. 2. Click on the icon of the ru le to be modiï¬ ed in th e inbound ACL table or select the rule number from the ID drop-down list. 3. Make desired chang es to any or all of the fol lowing ï¬ elds: action, sour ce/d estin atio n IP , servi ce, time and log. Ple ase see T able 9 .3 for explanation of these ï¬ elds. 4. C li c k on t he Mo d i fy b u t to n t o m o di f y th i s A C L r u l e . T h e n e w setting s for this ACL rule will t hen be displa yed in the i nbound access control list table at the bottom half of the Inbou nd ACL Conï¬ guration page. 9.5.3 Delete an ACL Rule T o delete an inbound ACL rule, click on the in front of the rule to be deleted. 9.5.4 Display ACL Rules T o se e e x is t in g AC L ru l es , j u st op e n t he A C L R u le Co n fi g ur a ti o n page by clicki ng Firewall/NA T ->ACL menu and then select a trafï¬ c direction from the T rafï¬ c Direction drop-down list. 9.6 Conï¬ guring Self-Access ACL Rules â(Firewall/NA T ->Self-Access ACL) Sel f- Acc es s ru les c on tro l ac ces s to /f rom t he RX 30 42 H i ts el f. Y o u m a y u s e S e l f - A c c e s s R u l e C o n f i g u r a t i o n p a g e , a s i l l u s t r a t e d i n Figure 9.7, to: â¢ Add a Self-Access rule â¢ Modify an existing Self-Access rule â¢ Delete an existing Self-Access rule â¢ View existing Self-Access rules
Conï¬guring Firewall RX3042H User's Manual 78 9.6.1 Add a Self-Access Rule T o add a Self-Access rule, follow the instructions below: 1 . O p e n t h e S e l f - A c c e s s R u l e C o n f i g u r a t i o n p a g e b y c l i c k i n g Firewall/NA T ->Self-Access ACL menu. 2. Select â Add New â from the âIDâ drop-down list. 3. S et d es ir ed ac ti on ( Al lo w or De ny ) fr om t he â Ac ti on â dr op -d ow n li st. 4. As s i gn a p ri o r i t y f o r th i s ru l e b y s e l e ct i n g a n u m be r f r om t h e â Mo ve t o â dr o p- do wn li s t. N o te t ha t t he nu mb e r in d ic at e s th e priority of the rule with 1 being the highest. Higher priority rules will be examined prior to the lower priority rules by the ï¬rewall. 5 . M a k e d e s i r e d c h a n g e s t o a n y o r a l l o f t h e f o l l o w i n g f i e l d s : sour ce/d estin atio n IP , servi ce, time and log. Ple ase see T able 9 .3 for explanation of these ï¬elds. 6 . C l i c k o n t h e " A d d " b u t t o n t o c r e a t e t h e n e w S e l f - A c c e s s ru le . T he n e w ru l e wi ll th en be d is p la ye d i n th e E xi st i ng S el f - Access ACL list table at the bottom half of the Self-Access ACL conï¬guration page. Figure 9.7. Self-Access ACL Conï¬guration Page
RX3042H User's Manual Conï¬guring Firewall 79 Figure 9.8. Self-Access ACL Conï¬guration Example 9.6.2 Modify a Self-Access Rule T o modify a Self-Access rule, follow the instructions below: 1 . O p e n t h e S e l f - A c c e s s A C L c o n f i g u r a t i o n p a g e b y c l i c k i n g Firewall/NA T ->Self-Access ACL menu. 2. Click on the icon of the Self-Access rule to be modiï¬ed in the Existing Self-Access ACL table or select the Self-Access ACL from the ID drop-down list. 3. Make desired chang es to any or all of the fol lowing ï¬elds: action, sour ce/d estin atio n IP , servi ce, time and log. Ple ase see T able 9 .3 for explanation of these ï¬elds. 4. C l i c k o n t h e " Mo d i f i y " b u t t o n to s a v e t h e c h a n g e s . Th e n e w se tt in gs f or t hi s S el f- Ac ce ss r ul e w il l th en b e d is pl ay ed i n t he Existing Self-Access ACL table located at the bottom half of the Self-Access ACL conï¬guration page. 9.6.3 Delete a Self-Access Rule T o d el et e a S el f- Ac ce ss r ul e, c li ck o n t he i co n o f th e ru le t o be deleted. Example Figure 9.8 shows a sample self-access ACL conï¬guration to allow HTTP trafï¬c from any one to RX3042H.
Conï¬guring Firewall RX3042H User's Manual 80 9.7 Conï¬gure V irtual Server Virtual server allows you to conï¬gure up to ten public servers, such as a Web, E-mail, FTP server and etc. accessible by external users o f t h e I n t e r n e t . E a c h s e r v i c e i s p r o v i d e d b y a d e d i c a t e d s e r v e r co n fi g ur e d w i th a f i xe d IP A d d re s s. A l th o ug h th e i n t er n al s er v ic e a d d r e s s e s a r e n o t d i r e c t l y a c c e s s i b l e t o t h e e x t e r n a l u s e r s t h e router is able to i dentif y th e ser vice reque sted by th e ser vice port number and redirects the request to the appropriate internal server . N o t e : R X 3 0 4 2 H s u p p o r t s o n l y o n e s e r v e r o f a n y particular type at a time. 9.6.4 V iew Conï¬gured Self-Access Rules T o see e xisting Se lf-Access Rules, jus t open the Self-Acce ss ACL co n fi gu r at i on p ag e b y c l ic k in g Fi r ew al l /N A T - > Se l f- A cc e ss A CL menu. Figure 9.9. Virtual Server Conï¬guration Page 9.7.1 V irtual Server Conï¬guration Parameters T a b l e 9 . 5 d e s c r i b e s t h e c o n f i g u r a t i o n p a r a m e t e r s a v a i l a b l e f o r
RX3042H User's Manual Conï¬guring Firewall 81 virtual server conï¬guration. T able 9.5. Virtual Server Conï¬guration Parameters Setting Description ID Add New C l i ck o n th i s o p ti on t o a d d a n ew v ir t u a l se rv er . Number S e l ec t t h e ID of a v i rt ua l se rv er fr om th e dr op -d o w n li st to m o d if y it s s e t t i ng s. Move to Th is opti on allo ws you to set a pri or ity for vir tu al serv er rul e che ck . NA T do e s the IP an d/ o r por t ma pp i ng ba s ed on th e pr io rit y of th e ru le s. Se t a p r i or it y by s p e c if yi ng a n u m b er f or i t s p o si ti on i n t h e l is t of r u l e s 1 (First) T h i s nu mb er m a r k s th e hi g h e s t p ri or it y . Other numbers Se l ec t ot he r nu mb e rs to in d ic a te th e pr io r it y yo u wis h to a s s ig n to t h e r u le . Destination IP This option allows you to set the destination network to which this rule s h o ul d ap pl y . Us e t h e dr op -d ow n l i s t to s el e c t o ne o f th e f o l lo wi ng o p t i o n s: Any IP Address Enter the IP addr ess o f th e vi rtual ser ver i f th e vi rtual s e r ve r ha s a k n o wn p ub li c I P a dd r e s s . Interface U s e t h e I P a d d r e s s o f t h e s e l e c t e d i n t e r f a c e a s t h e d e s ti na ti on I P a dd r e s s . A v a i l a b le o pt io n s a r e: e t h 1 (W AN 1) e t h 2 (W AN 2) p p p 1 (W AN 1 â u n n u m be re d) p p p 2 (W AN 2 â u n n u m be re d) p p p 3 (W AN 1 â P P P o E 1 ) p p p 4 (W AN 1 â P P P o E 2 ) p p p 5 (W AN 2 â P P P o E 1 ) p p p 6 (W AN 2 â P P P o E 2 ) Service S e l ec t a s e r v i c e , f r o m t h e d ro p - d o w n l i s t , t o w hi c h t hi s r ul e sh o ul d app l y . If the de s ir ed se rvi ce is no t lis ted , cli ck on t h e E d i t b u tt on t o c r e a t e a ne w s e r v i ce . Redirect IP E n t er t h e I P a d d r es s o f th e co mp u t e r (u s u a l l y a se rv er in y o u r L A N ) t h a t y o u w a n t t h e in c o m in g t ra f ï¬ c t o b e d i r ec t e d . F o r ex am p l e , if IP a d d re ss o f t he we b s e r v e r on yo ur L AN i s 19 2. 16 8. 1 . 2 8 , p le as e e n t e r 1 92 .1 68 . 1 . 2 8 h er e.
Conï¬guring Firewall RX3042H User's Manual 82 Setting Description Redirect Service S e l ec t a s e r v i c e , f r o m t h e d ro p - d o w n l i s t , t o w hi c h t hi s r ul e sh o ul d app l y . If the de s ir ed se rvi ce is no t lis ted , cli ck on t h e " E d i t " b ut to n to c r e a te a n ew s e r v ic e. Bypass ACL Che ck this opt ion if you do not wan t fire wal l to per for m acc es s con tr ol o n t hi s vi rtu al s er ver . Thi s me ans t ha t the virtual server allo ws anyone to access th e service pro vid ed. If you want to contr ol who has acce ss to thi s vir tua l serve r , un- che ck this optio n and cre ate a prop er A C L r u l e t o co nt r o l a cc es s to t h e vi rt ua l s e r v e r . T able 9.6. Port Numbers for Popular Applications Application Service Port Numbers AOE II (Server) 2300-2400 AUTH 1 13 Baldurs Gate II 2300-2400 Battle Isle 3004-3004 Counter Strike 27005-27015 Cu See Me 7648-7648, 56800, 24032 Diablo II 4000-4000 DNS UDP 53-53 FTP TCP 21-21 FTP TCP 20(ALG)-21 GOPHER TCP 70-70 HTTP TCP 80-80 THHP8080 TCP 8080-80880 HTTPS TCP 443-443 I-phone 5.0 TCP/UDP 22555-22555 ISAKMP UDP 500-500 mirc 6601 1-700 MSN Messenger 1863 ALG Need for Speed 5 9400-9400 Netmeeting Audio TCPP 1731-1731 Netmeeting Call TCP 1720-1720 Netmeeting Conference UDP 495000-49700 Netmeeting File T ransfer TCP 1503--1503
RX3042H User's Manual Conï¬guring Firewall 83 Application Service Port Numbers Netmeeting or V oIP 1503-1503, 1720(ALG) NEWS TCP 1 19-1 19 PC Anywhere TCP 5631 PC Anywhere TCP 5631, UDP 5632 POP3 TCP 1 10-1 10 Powwow Chat 13233-13233 Red Alert II 1234-1237 SMTP TCP 25-25 Sudden Strike 2300-2400 TELNET TCP 23-23 Win VNC UDP 5800-5800 9.7.2 V irtual Server Example 1 â Web Server F i g u r e 9 . 1 0 i l l u s t r a t e s t h e n e t w o r k t o p o l o g y f o r t h e w e b s e r v e r de p l o y m e n t . T h i s w e b s er v e r p r o v i d e s H T T P s e r v ic e u s i n g T C P port 8080. Figure 9.10. Virtual Server Deployment T opology F o l l o w i n g d e s c r i b e s t h e p r o c e d u r e t o s e t u p t h e w e b s e r v e r a s illustrated in Figure 9.10. 1. Open the Virtual Server conï¬guration page, as shown in Figure 9.9, by clicking the Firewall/NA T ->Virtual Server menu. 2. Select destination IP type and service type as shown in Figure 9.1 1.
Conï¬guring Firewall RX3042H User's Manual 84 Figure 9.1 1. Virtual Server Example 1 â W eb Server 3. Enter the IP address of the web server , which is 192.168.1.28, in Redirect IP ï¬eld. 4. Since the web server is not using the standard TCP port, which is 80 , f or pr o vi d in g t h e h tt p s e rv i ce , a ne w s e rv i ce ty pe mu s t be created for http service using TCP port 80. Click on the Edit button on the redirect service ï¬eld to create a new service type. In the popped up Service conï¬guration page, enter the service name , p roto col an d po rt num ber as sho wn in Figu re 9.12 an d th e n cl i c k o n t h e Ad d t o l i s t t o c re a t e th e n ew s e r vi c e ty p e , HTT P_ 808 0. F in all y , c li ck th e Sav e & Ex it bu tt on t o s av e th e new service. Figure 9.12. Adding a New Service
RX3042H User's Manual Conï¬guring Firewall 85 5. Select the service, HTTP_8080, from the Redirect Service drop- down list. 6. Click Add to save the virtual server settings. 9.7.3 V irtual Server Example 2 â FTP Server F i g u r e 9 . 1 0 i l l u s t r a t e s t h e n e t w o r k t o p o l o g y f o r t h e F T P s e r v e r deployment. This FTP server provides FTP service using standard FTP port. F o l l o w i n g d e s c r i b e s t h e p r o c e d u r e t o s e t u p t h e F T P s e r v e r a s illustrated in Figure 9.10. 1. Open the Virtual Server conï¬guration page, as shown in Figure 9.9, by clicking the Firewall/NA T ->Virtual Server menu. 2. Enter the needed information as shown in Figure 9.13. 3. Click Add to save the virtual server settings. Figure 9.13. Virtual Server Example 2 â FTP Server 9.8 Conï¬gure Special Application So me ap p li c at i on s u s e m ul t ip l e T CP / UD P p o rt s t o t r an sm i t d at a . Due to NA T , these applications cannot work with the router . Special A p p l i c a t i o n s e t t i n g a l l o w s s o m e o f t h e s e a p p l i c a t i o n s t o w o r k properly .
Conï¬guring Firewall RX3042H User's Manual 86 N o t e : O n l y o n e P C c a n u s e o n e p a r t i c u l a r s p e c i a l application at a time.. 9. 8. 1 Sp e ci al A pp l ic at io n C on ï¬ gu ra t io n P ar am e te rs T a b l e 9 . 7 d e s c r i b e s t h e c o n f i g u r a t i o n p a r a m e t e r s a v a i l a b l e f o r virtual server conï¬guration. T able 9.7. Special Application Conï¬guration Parameters Setting Description Enabled C h e ck t hi s b o x t o ac ti va t e t h e po li cy . T rigger Protocol Se le ct th e pro to co l typ e fro m th e dro p- do wn li st . The a v a il ab le o p t i o n s ar e T C P , U DP a n d TC P/ UD P . Outgoing (T rigger) Port The po rt ra nge th is ap plicat ion u ses w hen i t send s ou tb ou nd pa ck et s . T he o ut g oi ng p o rt n um b er s ac t as the trigge r . When the rout er dete cts the outgo ing p a c k e t s w i t h t h e s e p o r t n u m b e r s , i t w i l l a l l o w t h e c o r re sp on di n g in b o u n d pa c k e t s w i t h th e in co m i n g po r t n u m be rs s pe c i ï¬ e d i n th e I n c om in g Po r t R a ng e ï¬ e ld t o p a s s t h r o u g h t he r ou te r . F o r a l i s t o f p or t n um be rs us ed b y so me p op u l a r ap pl ic at i o n s , p le as e r e f e r t o T ab le 9 . 8 Incoming Protocol The proto col that the corre spond ing inboun d packet us ed . The av ai la bl e opt i on s are TCP , UD P an d TC P/ U D P . Incoming Port T h e p o r t ra n g e th at th e co rr es po n d i n g in b o u n d pa c k e t u s ed . F o r a li s t o f p o r t n u mb e r s u s ed b y s o me p op u l a r ap pl ic at io ns , ple as e ref er to T abl e 9.8 . Not e th at po rt ran ge i s ind ic at ed by a p air o f nu mbe rs w / a das h separating the numbers, e.g. 100-200. Multiple port r a n g e s is s e p a r a t e d b y a c o m m a , e . g . 10 0 - 2 0 0 , 7 0 0 - 8 0 0. Comment Y o u m a y e n te r a d e s c ri p t i on f or t h e a p p li c a ti o n he r e , e . g . a n am e id en t i f y i ng t he a p p l i c at io n. T able 9.8. Port Numbers for Popular Applications Application Outgoing Port Number Incoming Port Range Battle.net 61 12 61 12 DialPad 7175 51200, 51201, 51210
RX3042H User's Manual Conï¬guring Firewall 87 Application Outgoing Port Number Incoming Port Range ICU II 2019 2000-2038, 2050-2051, 2069, 2085, 3010-3030 MSN Gaming Zone 47624 2300-2400, 28800-29000 PC to Phone 12053 12120, 12122, 150-24220 Quick T ime 4 554 6970-6999 wowcall 8000 4000-4020 Y ahoo Messenger 5050 5000-5101 9.8.2 Special Application Example Figure 9.14. Special Application Conï¬guration Page Following describes the procedure to setup a special application for MSN Gaming Zone. 1. Op en th e Sp eci al Ap pl ica ti on c onï¬ gu ra tio n pa ge, a s sho wn i n Figure 9.14, by clicking the Firewal l/NA T ->Specia l Application menu. 2. Check Enabled checkbox. 3. Select TCP/UDP from the trigger protocol drop-down list. If you are not sure whether the application uses TCP or UDP protocol, you may select TCP/UDP in this ï¬eld. 4. Enter outgoing port range, in this case: 47624 ~ 47624.
Conï¬guring Firewall RX3042H User's Manual 88 5 . S e l e c t T C P / U D P f r o m t h e i n c o m i n g p r o t o c o l d r o p - d o w n l i s t . If yo u ar e not s ur e wh eth er t he a ppl ic at io n u se s TC P or U DP protocol, you may select TCP/UDP in this ï¬eld. 6 . E n t e r i n c o m i n g p o r t r a n g e , i n t h i s c a s e : 2 3 0 0 - 2 4 0 0 a n d 28800-29000 7. In the Commen t ï¬eld, enter the nam e ident ifying this ap plicat ion, which is MSN Gaming Zone in this instance. 8. Click Apply to save the settings.
89 RX3042H User's Manual System Management 10 System Management This ch apte r d esc ribe s t he foll owi ng admi nis trat ive tas ks tha t yo u can perform using the Conï¬guration Manager: â¢ Conï¬gure available system services â¢ Modify password and conï¬gure system settings â¢ View system information â¢ Modify system date and time â¢ Conï¬gure SNMP â¢ Reset system conï¬guration to factory default settings â¢ Backup and restore system conï¬guration â¢ Restart system â¢ Update ï¬rmware 10.1 Conï¬gure System Services A s s h o w n i n F i g u r e 1 0 . 1 , y o u c a n u s e t h e S y s t e m S e r v i c e s conï¬gur ation p age to enable or dis able se rvices suppor ted by the RX3 04 2H . A ll s er vi ce s, e xc ep t DD NS , SN TP , UP nP a nd R IP , a re all en ab led a t t he fa cto ry . T o di sa ble o r e nab le in di vid ual s erv ic e, follow the steps below: 1 . O p e n t h e S y s t e m S e r v i c e s c o n f i g u r a t i o n p a g e b y c l i c k i n g Management ->System Services menu. 2. Cl ick o n t he co rre sp ond in g Ena ble or Dis abl e ra di o b utt on to enable or disable the desired service. 3. Click on Apply button to save the changes. Figure 10.1. System Services Conï¬guration Page
90 System Management RX3042H User's Manual 10.2 Login Password and System Settings 10.2.1 Changing Password The ï¬ rst t im e y ou l og in to t he Co nï¬ gur at ion M an ag er , t he de fa ult username and password (admin and admin) are used. For security reasons, it is advised that you change this password to avoid router conï¬guration from unauthorized changes. Note: This u sername and password is only u sed for loggi ng into th e C onï¬g urat ion Man ager ; i t i s n ot the same login password that you use to connect to your ISP . Figure 10.2. System Administration Conï¬guration Page Follow the steps below to change password: 1. Open the System Ad ministr ation c onï¬gura tion p age, as shown in Figure 10.2, by clicking the Router Setup ->Administration menu. 2. Changing login password a) T yp e t he n ew pa ss w or d in th e N ew P as s wo rd t e xt f ie l d an d again in the Conï¬rm Password text ï¬eld. The password can be up to 16 characters long. When logging in, you must type the
91 RX3042H User's Manual System Management new passw ord in t he s ame uppe r an d lo wer case cha ract ers that you enter here. 3. Click on Apply button to save the new password. 10.2.2 Conï¬gure System Settings Follow the steps below to modify system settings: 1. Op en th e Sy st em Adm ini st rat io n co nï¬ gu r at io n pa ge , as sho w n in F i g ur e 10 .2 , b y cl ic ki ng t h e R o u te r Se tu p - > A dm in is tr a t i o n m e nu . 2. Clone the MAC address for W AN a) I f y ou ha d p r ev io u sl y r eg i st er e d a s pe c if i c MA C a d dr es s w i th your ISP for Internet access, check the Clone W AN MAC check box and enter the registered MAC address here. 3. Allow Administration from W AN: check or uncheck the chec k box to enable or disable remote management via W AN port. 4. Al low P ing I nterf ace: This opti on al lows user to c ontro l acc ess to th e ro uter usi ng pi ng v ia t he L AN o r WAN p orts . Ch eck the re spe ct ive c hec k bo x t o ena bl e pin g fro m the r es pec ti ve in ter fa ce . 5. Click on Apply button to save the settings. 10.3 V iewing System Information System Information page displays whenever you log into RX3042H. Y o u m a y a l s o c l i c k o n t h e S t a t u s m e n u t o s e e t h e s y s t e m i n f o r m a t i o n . T h i s p a g e s h o w s i n f o r m a t i o n o f t h e o v e r a l l s y s t e m settings.
92 System Management RX3042H User's Manual Figure 10.3. System Information Page 10.4 Setup Date and T ime RX3042H keeps a record of the curr ent date and time, which it uses to c alcu late and rep ort vari ous data . Alth ough the re i s a rea l ti me clock inside RX3042H; you may also rely on external time servers to m ai n ta in co rr e ct t i me . R X3 04 2H al l ow s y ou t o c on fi g ur e u p t o three external time servers. Make sure that the âEnableâ check box is ch ec ke d to a ct iv at e th e SN TP ( Si mp le Ne tw or k Time Pr ot oc ol) service for time keeping. Note: Changing the date and time on RX3042H does not affect the date and time on your PCs.
93 RX3042H User's Manual System Management Figure 10.4. Time Zone Conï¬guration Page T o manually change the time for the router: 1 . O p e n t h e T i m e Z o n e c o n f i g u r a t i o n p a g e b y c l i c k i n g t h e Management ->Time Zone menu. 2. Enter the current date and time in the proper ï¬elds. 3. Select your time zone from the drop-down list. 4. Click on Apply button to save the settings. The synchronize the time between the real time clock and the external time servers: 1 . O p e n t h e T i m e Z o n e c o n f i g u r a t i o n p a g e b y c l i c k i n g t h e Management ->Time Zone menu. 2. Select your time zone from the drop-down list. 3. Check the Enable check box to activate the SNTP service. 4. E nt e r IP ad dr e ss es fo r t he S NT P s e rv er s t ha t w il l b e us e d to update the system time. 5. Click on Apply button to save the settings. 10.4.1 V iew the System Date and Time T o view the upd ated sys tem date and tim e, l og i nto Conï¬ gura tion
94 System Management RX3042H User's Manual Manager , click the Management ->Time Zone menu. 10.5 SNMP Setup S N M P ( S i m p l e N e t w o r k M a n a g e m e n t P r o t o c o l ) a s i t s n a m e suggests is used for network management. Y ou may use the SNMP conï¬guration page to enable or disable the SNMP support. 10.5.1 SNMP Conï¬guration Parameters T a b l e 1 0 . 1 d e s c r i b e s t h e c o n f i g u r a t i o n p a r a m e t e r s a v a i l a b l e f o r SNMP setup. T able 10.1. SNMP Conï¬guration Parameters Field Description SNMP Enable C h e c k t hi s b o x t o e n ab l e t h e S N M P s u p p or t ; o t h e r w i s e , u n c h e c k t h i s b o x . RO Community Name C o mm un i t y s t r i ng i s a c l ea r te xt s tr in g th at i s u s e d a s pas swor d betwe en the SNM P manage ment statio n and the Internet Security Router . This âRead Onlyâ c o m mu ni t y na me i s us e d by t h e SN M P m a n a ge me n t station to read the settings in the Internet Security R o u t e r . RW Community Name Commu nity stri ng is a clear text strin g that is used a s p a s s w o r d b e t w e e n t h e S N M P m a n a g e m e n t st at ion and th e Int er ne t Sec ur ity Ro ut er . Th is âR ea d and Wri teâ communit y name is used by the SNMP m a n a g e m e n t s t a t i o n t o r e a d a n d c o n f i g u r e t h e s e t ti ng s in t h e In te rn et S e c u ri ty R ou t e r . T rap Address T r a p me s s a g e is se nt by th e In t e r n e t Se cu ri ty Ro u t e r t o t el l th e SN MP m a na ge me nt st a t i o n t ha t so me th i n g ha s ha pp ene d on the Int er ne t Se cu ri ty Rou te r . Th is field i s used to ent er the IP ad dress o f the S NMP m a n ag em en t st a t i o n t h at is su pp o s e d t o r e c e iv e tr ap m e s sa ge s fr o m t h e In te rn e t S e cu ri ty R o u t e r . 10.5.2 Conï¬guring SNMP 1. Open the SNMP conï¬guration page, as shown in Figure 10.5, by clicking the Management ->SNMP menu.
95 RX3042H User's Manual System Management Figure 10.5. SNMP Conï¬guration Page 2 . C h e c k t h e S N M P E n a b l e b o x t o e n a b l e t h e S N M P s u p p o r t ; otherwise, uncheck the box. 3. Enter the RO (read o nly) and R/W (read and write) community names. 4 . E n t e r t h e I P a d d r e s s o f t h e S N M P m a n a g e m e n t s t a t i o n t h a t receives trap messages from the RX3042H. 5. Click on Apply button to save the settings. 10.6 Log Setup Log m es sa ge s ar e st or ed i n dy nam ic m em or y an d wi ll d is ap pea r after system is rebooted. T o keep a copy of the log messages, you ca n s e t u p a s y s l o g s e r v e r a n d h av e R X 3 0 4 2 H s e n d o u t t h e l o g messages to the server . 1 0 . 6 . 1 S e t t i n g U p R e m o t e L o g g i n g U s i n g a S y s l o g S e r v e r Figure 10.6. Syslog Server Conï¬guration
96 System Management RX3042H User's Manual 1. Open t he Log c onï¬guration page, as shown i n Figure 10.6, by clicking the Management ->Log menu 2. Click Enabl e Rem ote L og chec k box to e nable remot e log ging. 3 . E n t e r t h e s y s l o g s e r v e r I P a d d r e s s i n t h e S y s l o g S e r v e r I P Address ï¬eld. 4. Click on Apply button to save the settings. 10.6.2 V iew the System Log Y o u m a y o pe n th e fi r ew a ll l og p ag e b y cl i ck i ng Fi r ew a ll / NA T -> Lo g m en u t o s ee a ny lo gg e d. F ig u re 1 0 .7 s ho w s a s am pl e lo g. Y ou m ay c li ck on t he Re lo ad b ut to n a t th e b ot to m of th e Lo g c on fi g ur a ti on pa g e to se e t h e up d at e d lo g m e ss ag e s. T o clear the log messages, just click on the Clear Log button. Figure 10.7 Sample Log 10.7 Conï¬guration Management 10.7.1 Restore System Conï¬guration to Factory Default Settings A t t i m e s , y o u m a y w a n t t o r e s t o r e s y s t e m c o n f i g u r a t i o n t o t h e factory default settings to eliminat e problems resulted fr om incorrect sys tem c on ï¬gu ra tio n. F oll ow t he st eps b el ow to r ese t the s ys tem conï¬guration: 1. Open the Factory Defa ult conï¬gurati on page, as s hown in Figur e 10.8, by clicking the Management ->Conï¬gu ration ->Factory Default menu.
97 RX3042H User's Manual System Management Figure 10.8 Factory Reset Page 2. Click on Apply button to restore the system conï¬guration to the factory default settings. 3. A dialog window as shown in Figure 10.7 will pop up to ask for conï¬rmation. Click on the OK button to proceed; o therwise, click on the Cancel button to cancel the action. Figure 10.9 Factory Reset Conï¬rmation 4. RX3042H will then reboot thereafter to make the factory default conï¬guration in effect. Note a count down timer such as the one sh ow n i n F i gu r e 1 0. 8 w il l d i sp l ay to i n di c at e w h en th e r eb o ot process will be completed. Figure 10.10 Factory Reset Count Down Timer
98 System Management RX3042H User's Manual S o m e t i m e s , y o u m a y f i n d t h a t y o u h a v e n o w a y t o a c c e s s t h e R X 3 0 4 2 H , e . g . y o u f o r g e t y o u r p a s s w o r d o r t h e I P a d d r e s s o f RX3042H. The only way out in this scenario is to reset the system conï¬guration to the factory default by pressing the reset button for at least 5 seconds. The system conï¬guration will be reverted back to the factory default settings after RX3042H is rebooted. 10.7.2 Backup System Conï¬guration Follow the steps below to backup system conï¬guration: 1 . O p e n t h e C o n f i g u r a t i o n B a c k u p p a g e b y c l i c k i n g t h e Management ->Conï¬guration ->Backup menu. 2. Click on Apply button to backup the system conï¬guration. Figure 10.1 1 Backup System Conï¬guration Page 3. Click on Save button to backup the system conï¬guration.
99 RX3042H User's Manual System Management 4. Click on button to backup the system conï¬guration. 10.7.3 Restore System Conï¬guration Follow the steps below to backup system conï¬guration: 1. Op e n t h e S ys t e m C on f i gu r at i on R es t or e pa g e b y c l i ck i ng t he Management ->Conï¬guration ->Restore menu. Figure 10.12 Restore System Conï¬guration Page 2. Enter th e path and na me of the syst em conï¬gurati on ï¬le that y ou want to restore in the âConï¬guration Fileâ text box. Alternatively , you may click on the "Browse..." button to search for the system co n f i g u r a ti o n f i l e on y o u r h a r d d r i v e . A w in d o w s i m i la r t o t h e o n e s h o w n i n F i g u r e 1 0 . 1 3 w i l l p o p u p f o r y o u t o s e l e c t t h e conï¬guration ï¬le to restore.
100 System Management RX3042H User's Manual F ig u re 1 0 . 1 3 Se l e c t i n g S y st e m C o n ï¬ g u r a t i on f r o m t h e Fi l e M a n a g e r 3. C l i c k o n Ap p l y b u t t o n t o re s t o r e t h e s y s t e m c o n fi g u r a t i o n . A di a lo g wi n do w , s u ch as t he o ne b el o w , w il l po p up t o a s k f or conï¬rmation for restoring the system conï¬guration. Click the OK button to proceed; otherwise, click the Cance l button to cancel the action. Note that the RX3042H will reboot to make the new system conï¬guration in effect. Figure 10.14 System Conï¬guration Restoration Conï¬rmation 4 . A s y s t e m r e b o o t c o u n t d o w n t i m e r w i l l d i s p l a y , a s s h o w n i n Figure 10.15. Y ouÊ¼ll be reconnected back to RX3042H when the counter returns to zero. Y ou may need to manu ally conn ect back t o t h e R X 3 0 4 2 H i f y o u a r e n o t c o n n e c t e d b a c k t o R X 3 0 4 2 H automatically .
101 RX3042H User's Manual System Management Figure 10.15 System Reboot Counter Timer 10.8 Firmware Upgrade ASUST eK may from time to time provide you with an update to the ï¬rmware running on the RX3042H. All system software is contained in a single ï¬le, called an image. Conï¬guration Manager provides an easy way to upload the new ï¬rmware image. T o upgrade the image, follow this procedure: 1. Open the Firmware Upgrade page, as shown in Figure 10.16, by clicking the System ->Firmware Upgrade menu. Figure 10.16 Firmware Upgrade Page 2. In the Select Firmware text box, enter the path and name of the fi rm wa re i ma ge fi le . A lt er n at iv el y , y ou ma y cl ic k o n Br ow se .. . button to open a ï¬le manager , similar to Figure 10.17, to search for the ï¬rmware image on your computer .
102 System Management RX3042H User's Manual Figure 10.17 Selecting Firmware from the File Manager 3. Click on Apply button to update the ï¬rmware. A dialog window , such as the one below , will pop up to ask for conï¬rmation of the fir mw are u pg ra de. C li ck th e OK b utt on t o pr oce ed ; oth er wi se, click the Cancel button to cancel the action. Figure 10.18 Firmware Upgrade Conï¬rmation 4 . F i r m w a r e u p g r a d e s t a t u s a n d p r o g r e s s w i l l b e s h o w n a s illustrated in Figure 10.19 Figure 10.19 Firmware Upgrade Progress
103 RX3042H User's Manual System Management 5. A count down timer will display , as shown in Figure 10.20, after t h e f i r m w a r e u p g r a d e i s c o m p l e t e d . Y o u Ê¼ l l b e r e c o n n e c t e d bac k to R X30 42 H wh en th e co un ter r et ur ns to z er o. Y o u ma y need to ma nually con nect back to the RX3 042H if yo u are not connected back to RX3042H automatically . Figur e 10.2 0 Syst em Reb oot Cou nt Dow n Time r f or Firm war e Upgrade 6. When you are reconnected to the RX3042H, click Status menu to check if the new ï¬rmware is properly upgraded. Note that you pro ba bl y nee d to c le ar th e ca ch e of yo ur w eb b row se r to s ee the new System Information page. Following is the procedure to clear the browser cache for Microsoft Internet Explorer: a) Click on T ools menu b) Click on Internet Options... menu c) Click on Delete Files... button to clear the browser cache. 10.9 Restart System 1. Ope n t he Res tar t S yst em pag e, as sho wn in Fi gur e 1 0.2 1, by clicking the Management ->Restart System menu. 2. Click on the Apply button to restart the system.
104 System Management RX3042H User's Manual Figure 10.21 Restart System Page 10.9 Logout Conï¬guration Manager T o l o g o u t o f C o n f i g u r a t i o n M a n a g e r, o p e n t h e L o g o u t p a g e b y c l i c k i n g t h e L o g o u t m e n u a n d c l i c k o n t h e A p p l y b u t t o n . I f y o u are usi ng I E a s y our bro wser , a wind ow sim ilar to the on e s hown i n F i g u r e 1 0 . 2 2 w i l l p r o m p t f o r c o n f i r m a t i o n b e f o r e c l o s i n g y o u r browser . Figure 10.22 Conï¬guration Manager Logout Page Figure 10.23 Conï¬rmation for Closing Browser (IE)
105 RX3042H User's Manual IP Ad d re ss, N et wo rk M as ks, a nd S ub ne ts 1 1 IP Addresses, Network Masks, and Subnets 1 1.1 IP Addresses N o t e : T h i s s e c t i o n p e r t a i n s o n l y t o I P a d d r e s s e s f o r I P v 4 ( v e r s i o n 4 o f t h e I n t e r n e t P r o t o c o l ) . I P v 6 addresses are not covered. This section assumes basic knowledge of binary numbers, bits, and bytes. For details on this subject, see Appendix 1 1. IP addresses, th e InternetÊ¼ s version of telephon e numbers, ar e used to identify individual nodes (computers or devices) on the Internet. Every IP add ress con tains fou r nu mber s, e ach from 0 t o 25 5 an d separated by dots (perio ds), e.g. 20 .56.0.21 1. These numb ers are called, from left to right, ï¬eld1, ï¬eld2, ï¬eld3, and ï¬eld4. This style of writing IP addresses as decimal numbers separated by dots is called dotted decimal notation. The IP address 20.56.0.21 1 is read âtwenty dot ï¬fty-six dot zero dot two-eleven.â 1 1.1.1 Structure of an IP address IP addresses have a hierarchical design similar to that of telephone nu m b e rs . F or e x a mp l e , a 7 - di g i t te l e p ho n e nu m b e r s t a r ts w i th a 3-digit preï¬x that identiï¬es a group of thousands of telephone lines, and ends with four digits that identify one speciï¬c line in that group. Similarly , IP addresses contain two kinds of information. â¢ Network ID Identiï¬es a particular network within the Internet or Intranet â¢ Host ID Identiï¬es a particular computer or device on the network The ï¬rst part of every IP address contains the network ID, and the rest of the address contains the host ID. The length of the network ID d e pe nd s o n t he ne tw o rk Ê¼s cl as s ( se e f ol l ow i ng s e ct io n ). T a bl e 1 1.1 shows the structure of an IP address.
IP Ad d re ss, N et wo rk M as ks, a nd S ub ne ts RX3042H User's Manual 106 T able 1 1.1. IP Address Structure Field 1 Field 2 Field 3 Field 4 Network ID Host ID Network ID Host ID Network ID Host ID Class A Class B Class C Here are some examples of valid IP addresses: Class A: 10.30.6.125 (network = 10, host = 30.6.125) Class B: 129.88.16.49 (network = 129.88, host = 16.49) Class C: 192.60.201.1 1 (network = 192.60.201, host = 1 1) 1 1.2 Network classes The three commonly used network classes are A, B, and C. (There is also a class D but it has a special use beyond the scope of this discussion.) These classes have dif ferent uses and characteristics. C l a s s A n e t w o r k s a r e t h e I n t e r n e t Ê¼ s l a r g e s t n e t w o r k s , e a c h w i t h room fo r over 16 mi llion hosts. Up to 126 o f these huge networ ks can exist, fo r a total of over 2 b illion hos ts. Because o f their hug e si ze , th es e ne tw or ks a re u se d fo r WANs an d by o rg a ni za ti on s at the infrastructure level of the Internet, such as your ISP . Class B networks are smaller but still quite large, each able to hold ov e r 6 5 ,0 0 0 h o st s . T h e re c an be u p t o 1 6 , 38 4 cl a ss B n e t wo r ks in e xi s t en c e . A c l a ss B n e t wo r k mi g h t b e ap p r op r i at e fo r a l a r ge organization such as a business or government agency . Class C n etworks a re the sm allest, on ly able to hold 2 54 hosts at most, but the total possible number of class C networks exceeds 2 million (2,097,152 to be exact). LANs connected to the Internet are usually class C networks. Some important notes regarding IP addresses: The class can be determined easily from ï¬eld1: ï¬eld1 = 1-126: Class A ï¬eld1 = 128-191: Class B ï¬eld1 = 192-223: Class C (ï¬eld1 values not shown are reserved for special uses)
107 RX3042H User's Manual IP Ad d re ss, N et wo rk M as ks, a nd S ub ne ts â¢ A h os t ID ca n ha ve an y va lu e e xc ep t all f ie lds s et t o 0 or al l ï¬elds set to 255, as those values are reserved for special uses. 1 1.3 Subnet masks D e f i n i t i o n : m a s k : A m a s k l o o k s l i k e a r e g u l a r I P addre ss, but contai ns a patter n of bits that tells what parts of an IP addre ss ar e the netw ork I D and what par ts ar e th e ho st ID: bi ts s et t o 1 m ea n ât hi s bi t i s part of the network IDâ and bits set to 0 mean âthis bit is pa rt of the host ID.â S u b n e t m a s k s a r e u s e d t o d e f i n e s u b n e t s ( w h a t y o u g e t a f t e r di v id i ng a n e t wo r k i n to s ma l le r pi e ce s ) . A s ub n et Ê¼s n e t wo r k I D i s created by âborrowingâ one or more bits from the host ID portion of the address. The subnet mask identiï¬es these host ID bits. Fo r ex a mp le , co n si de r a c la s s C n et wo rk 1 9 2. 16 8. 1 . T o sp li t th i s into two subnets, you would use the subnet mask: 255.255.255.128 ItÊ¼s easier to see whatÊ¼ s happening if we write this in binary: 1 1 1 1 1 1 1 1. 1 1 1 1 1 1 1 1. 1 1 1 1 1 1 1 1.10000000 As with any class C address, all of the bits in ï¬eld1 through ï¬eld 3 are part of the network ID, but note how the mask speciï¬es that the ï¬rst bit in ï¬eld 4 is also included. Since this extra bit has only two valu es ( 0 a nd 1 ), this me ans ther e a re t wo subn ets. Ea ch s ubn et uses the remaining 7 bits in ï¬eld4 for its host IDs, which range from 0 to 127 (instead of the usual 0 to 255 for a class C address). Similarly , to split a class C network into four subnets, the mask is: 255.255.255.192 or 1 1 1 1 1 1 1 1. 1 1 1 1 1 1 1 1. 1 1 1 1 1 1 1 1.1 1000000 The two extra bits in ï¬eld4 can have four values (00, 01, 10, 1 1), so there are four subnets. Each subnet uses the remaining six bits in ï¬eld4 for its host IDs, ranging from 0 to 63. S o m e t i m e s a s u b n e t m a s k d o e s n o t s p e c i f y a n y additional network ID bits, and thus no subnets. Such a mask is called a de fault subnet mask. These masks are:
IP Ad d re ss, N et wo rk M as ks, a nd S ub ne ts RX3042H User's Manual 108 Class A: 255.0.0.0 Class B: 255.255.0.0 Class C: 255.255.255.0 These are called default because they are used when a network is initially conï¬gured, at which time it has no subnets.
RX3042H User's Manual T r ou ble sh oo ti ng 109 12 T roubleshooting This appendix suggests solutions for problems you may encounter in in s t al l in g or u si n g t h e R X 30 4 2H , an d pr o v id e s i n st r uc t i on s fo r using several IP utilities to diagnose problems. Contact Customer Support if these suggestions do not resolve the problem. Problem T roubleshooting Suggestion LEDs P o w er L ED d o e s n o t i ll um in a t e a ft er p r o d u c t i s tu rn ed o n. V er if y th a t yo u a r e us in g th e A C ad ap te r p r o vi de d wi th the d evi ce an d t ha t i t is se cu rel y con nec te d t o the R X 3 04 2H a nd a w a ll s oc ke t / p o w er s tr ip . L I N K W A N LE D d o e s no t il l u m i n at e a f t er E th er n e t c a b le i s at t a c h e d. V eri fy tha t an Et he rn et ca bl e lik e th e one pro vid ed is s ec ur e l y co nn e c t ed to th e E th er n e t po rt of y ou r AD SL or ca bl e mod em an d the W AN por t of the RX 30 4 2H . M a k e s u r e t h at y ou r AD SL or ca bl e m od e m i s p o w e r e d o n . W a i t 3 0 s e c o n d s to a ll ow t h e R X 3 0 4 2 H t o ne go ti at e a c on ne ct io n w i t h yo ur b r o a d b an d mo de m . L I N K LA N LE D d o e s no t il l u m i n at e a f t er E th er n e t c a b le i s at t a c h e d. V er if y th at t he E t h e rn et c a bl e is se cu re l y co nn e c t e d to y o u r LA N hu b o r PC an d to th e R X 30 42 H. Ma ke s u re t h e P C an d/ o r h u b is t ur n e d o n. V er ify t hat y our c abl e i s suffi ci ent f or you r net wo rk requirements. A 100 Mbit/sec network (100BaseTx) shoul d use cables labele d Cat 5. 10Mbit /sec cable s m a y t ol er at e l o w er q ua li t y c a bl es . Internet Access P C ca nn ot a c c es s In te r n e t U se th e p i ng ut il i ty , d is cu ss e d in th e f o ll ow i n g se ct i o n , to ch e ck wh e th er yo ur PC ca n co m mu n ic a te w it h th e R X 3 04 2H Ê¼ s L AN IP a d dr es s ( b y d e f a ul t 1 92 . 1 6 8 . 1 . 1) . I f i t ca nn ot , c h e c k t he E th e r n e t c ab li ng . If yo u stat ica lly assig ned a priv ate IP addre ss to the c om pu te r , (n ot a re g is te r ed pu bl ic ad dr es s) , ve ri fy th e f o l lo wi ng : â¢ C h e c k t h a t t h e g a t e w a y I P a d d r e s s o n t h e c o m p u t e r i s y o u r p u b l i c I P a d d r e s s ( s e e t h e Quick Start Guide cha pter , Part 2 for instructio ns on viewing the IP information.) If it is not, correct th e a dd r e ss o r co n f ig u r e t h e PC t o re c e i ve I P information automatically .
T r ou ble sh oo ti ng RX3042H User's Manual 1 10 Problem T roubleshooting Suggestion P C ca nn ot a c c e s s I n t er ne t (c o n t . ) â¢ V eri fy w ith you r IS P tha t th e DN S ser ve r sp eci ï¬ed f o r t h e P C i s v a l i d . C o r r e c t t h e a d d r e s s o r c o n f i g u r e t h e P C t o r e c e i v e t h i s i n f o r m a t i o n aut om ati cal ly . â¢ V e r if y th at a Ne tw or k A dd r es s Trans la ti on r ul e has b een d eï¬ned on t he R X3042H to trans late th e pr i v at e ad d r es s to y o ur p ub l i c I P ad d r es s . T h e a s s i g n e d I P a d d r e s s m u s t b e w i t h i n t h e ran ge sp eci ï¬ed i n t he NA T ru les . O r , co nï¬g ur e th e P C to ac cep t an ad dr ess a ss ign ed by a not he r de vi c e ( se e s ec t io n 3 .2 âP a rt 2 â C on f ig u ri ng Y o u r C o m p u t e r s â ) . T h e d e f a u l t c o n f i g u r a t i o n includes a NA T rule for all dynamically assigned addresses within a predeï¬ned pool P C s c an no t d i s p l ay w e b p ag es o n t h e I nt er ne t . V eri fy tha t th e D NS serv er spe cifi ed on the PCs is co rr ec t fo r yo ur ISP , as disc us se d in th e it em abo ve . Y o u c a n u s e th e pi ng ut i l i t y , di sc u s s e d i n t he fo ll ow i n g s e c ti on , to t e s t c on ne ct i v i t y w it h yo u r I S PÊ¼ s D N S s er ve r . Conï¬guration Manager Program Y o u f or go t/ lo s t y o u r Co nï¬ gu r a t i o n M a n ag er u se r I D o r pa ss wo rd . I f y o u h a v e n o t c h a n g e d t h e p a s s w o r d f r o m t h e de fa ult , try us in g âad mi nâ as th e us e r ID an d âad mi n â f o r t h e p a s s w o r d . O t h e r w i s e , y o u c a n r e s e t t h e dev ice to t he def au lt con fig ura ti on by fo llo win g the i n s tr uc ti on s p ro vi de d in s e c t i o n 1 0. 6. 1 âR es to re Sy st em C o n f i g u r a t i o n â . WA R N I N G : R e s e t t i n g t h e d e v i c e r e m ov es a n y c u s t o m s e t t i n g s a n d r et ur n s a ll se tt in g s t o t h e ir d ef au l t v a lu es . C a n no t ac ce s s t h e C on ï¬g ur a t i o n M a n ag er p ro g r a m f r o m yo ur b r o w s e r . U se th e p i ng ut il i ty , d is cu ss e d in th e f o ll ow i n g se ct i o n , to ch e ck wh e th er yo ur PC ca n co m mu n ic a te w it h th e R X 3 04 2H Ê¼ s L AN IP a d dr es s ( b y d e f a ul t 1 92 . 1 6 8 . 1 . 1) . I f i t ca nn ot , c h e c k t he E th e r n e t c ab li ng . V er if y th at y o u a re us in g I n t er ne t E x pl or er 6 .0 o r n ew er . S u p p o r t f o r J a v a s c r i p t Â® m u s t b e e n a b l e d i n y o u r b r o ws er . S u p p o rt f or J a v a Â® ma y al so b e r eq ui re d. V er if y th a t th e P C Ê¼ s IP ad d r e s s i s d e ï¬n ed as be in g o n the same subnet as the IP addres s assigned to the L A N p or t on t h e RX 30 42 H. C h a ng es t o C o n ï¬g ur at io n M a n ag er a re n o t b e i ng r et ai n e d . B e s u r e t o c l i c k o n " A p p l y " b u t t o n t o s a v e a n y c h a ng es .
RX3042H User's Manual T r ou ble sh oo ti ng 1 1 1 12.1 Diagnosing Problem using IP Utilities 12.1.1 ping Pi n g i s a c o m m a nd y o u c an u s e t o c h e c k w he t h e r yo u r P C ca n recognize other computers on your network and the Internet. A ping c o m m a n d s e n d s a m e s s a g e t o t h e c o m p u t e r y o u s p e c i f y . I f t h e computer receives the message, it sends messages in reply . T o use it, you mu st know th e I P a ddr ess of the co mput er with wh ich yo u are trying to communicate. On Windows-based computers, you can execute a ping command from the Start menu. Click the Start button, and then click Run. In the Open text box, type a statement such as the following: ping 192.168.1.1 Click OK . Y ou can substitute any private IP address on your LAN or a public IP address for an Internet site, if known. If the target computer recei ves the message , a Command P rompt window displays like that shown in Figure 12.1. Figure 12.1. Using the ping Utility I f t h e t a r g e t c o m p u t e r c a n n o t b e l o c a t e d , y o u w i l l r e c e i v e t h e message âRequest timed out.â
T r ou ble sh oo ti ng RX3042H User's Manual 1 12 U s i n g t h e p i n g c o m m a n d , y o u c a n t e s t w h e t h e r t h e p a t h t o t h e R X 3 0 4 2 H i s w o r k i n g ( u s i n g t h e p r e c o n f i g u r e d d e f a u l t L A N I P address 192.168.1.1) or another address you assigned. Y ou c a n a l s o t e s t w h e t h e r a c c e s s t o t h e I n t e r n e t i s w o r k i n g b y t y p i n g a n e x t e r n a l a d d r e s s , s u c h a s t h a t f o r w w w. y a h o o . c o m (216.1 15.108.243). If you do not know the IP address of a particular Internet location, you can use the nslookup command, as explained in the following section. Fro m mos t oth er IP -e na ble d op era ti ng sy ste ms , you c an ex ec ute th e s a m e c o m m a n d a t a c o m m a n d pr o m p t o r t h r o u g h a s y s t e m administration utility . 12.1.2 nslookup Y ou can use th e n sloo kup co mman d t o d eter min e t he I P addr ess as s o c i a t e d w i t h a n I n t er n e t s i t e n a m e . Y ou s p e c i f y t h e c om m o n name, and the nslookup command looks up the name on your DNS server (usually located with your ISP). If that name is not an entry in y o u r IS P Ê¼s D N S t a b l e , t h e r e q ue s t i s th e n r e fe r r e d t o a n o t h er higher-leve l server , and so o n, until the entry is found . The s erver then returns the associated IP address. O n W i n d o w s - b a s e d c o m p u t e r s , y o u c a n e x e c u t e t h e n s l o o k u p command from the Start menu. Click t he Start button, a nd then click Run. In the Open text box, type the following: nslookup C l i c k O K . A C o m m a n d P r o m p t w i n d o w d i s p l a y s w i t h a b r a c k e t pro mp t (> ). At th e p ro mp t, ty pe t he n ame o f th e In ter ne t ad dre ss you are interested in, such as www .absnews.com. T h e w i n d o w w i l l d i s p l a y t h e a s s o c i a t e I P a d d r e s s , i f k n o w n , a s shown in Figure 12.2.
1 13 RX3042H User's Manual Index Figure 12.2. Using the nslookup Utility There may be several addresses associated with an Internet name. Thi s is c omm on f or we b si te s t ha t re cei ve h ea vy tr affi c; th ey u se multiple, redundant servers to carry the same information. T o exit from the nslookup utility , type exit and press <Enter> at the command prompt.

1 15 RX3042H User's Manual Index 13 Index ACL Conï¬guration page, 74 Computers conï¬guring IP information, 13 Conï¬guration Manager overview , 25 troubleshooting, 109 Connectors rear panel, 8 Date and time, changing, 92 Default conï¬guration, 21 Default gateway , 53 DHCP deï¬ned, 45 DHCP Address T able page, 47 DHCP client deï¬ned, 45 DHCP Lease T able page, 49 DHCP server deï¬ned, 45 pools, 45 viewing assigned addresses, 48 DHCP Server Conï¬guration pa ge, 46 Diagnosing problems after installation, 20 DMZ IP address, 29 DNS, 50 deï¬ned, 50 relay , 51 Domain Name System. See DNS Dyn am ica ll y ass ig ne d I P ad dr ess es , 36 Eth-0 interface deï¬ned, 22 Ethernet cable, 12 Features, 1 Firmware Upgrade page, 101 Firmware upgrades, 101 Front panel, 5 Gateways in DHCP pools, 45 Gateway deï¬ned, 53 Hardware connections, 1 1, 12 Host ID, 105 HTTP DDNS, 60 Internet troubleshooting access to, 109 IP address in deviceÊ¼s routing table, 58 IP addresses explained, 105 IP conï¬guration static, 17 static IP addresses, 17 Windows 2000, 14
1 16 In de x RX3042H User's Manual Windows Me, 15 Windows NT 4.0, 16 IP Conï¬guration Windows XP , 13 IP information conï¬guring on LAN computers, 13 , 54-58 IP routes dynamically conï¬guring, 54 IP Routes deï¬ned, 54 LAN IP address, 27 specifying, 27 LAN network mask, 107 LAN subnet mask, 107 LEDs, 7 troubleshooting, 109 Login to Conï¬guration Manager , 23 MAC address in Fixed DHCP Lease T able, 49 NA T deï¬ned, 63 NAPT , 65 Overload, 68 P A T , 65 Reverse NAPT , 67 Virtual Server , 67 Navigating, 26 Netmask. See Network mask Network classes, 107 Network ID, 107 Network interface card, 1 Network mask, 107 Network Setup, 28 Ne t wo r k S et u p Co n f ig u ra t i on p a g e, 28 Node on network deï¬ned, 27 Notational conventions, 1 nslookup, 1 12 Packet ï¬ltering, 63 Pages DHCP Address T able, 47 DHCP Lease T able, 49 DHCP Server Conï¬guration, 46 Firmware Upgrade Upgrade, 101 LAN Conï¬guration, 27 RIP Conï¬guration, 54 Routing Conï¬guration, 57, 58 Static Route Conï¬guration, 56,57,58 System Status, 20 User Password Conï¬guration, 90 Pages ACL Conï¬guration, 74 Parts checking for , 3 Password
1 17 RX3042H User's Manual Index changing, 90 default, 19, 24 recovering, 1 1 1 PC conï¬guration, 13 PC Conï¬guration static IP addresses, 17 Ping, 1 1 1 Power adapter , 12 Primary DNS, 37 Quick Conï¬guration logging in, 19 Rear Panel, 8 RIP Conï¬guration page, 54 Routing Conï¬guration page, 54, 56 Secondary DNS, 37 Static IP addresses, 17 Static Route Conï¬guration page, 56 Static routes adding, 57 Statically assigned IP addresses, 45 Subnet masks, 107 System requirements for Conï¬guration Manager , 23 System requirements, 1 System Status page, 20 T esting setup, 20 T ime and date, changing, 92 T roubleshooting, 109 T ypographical conventions, 1 Upgrading ï¬rmware, 101 Use r P ass wo rd Con ï¬g ura ti on pag e, 90 Username default, 19, 24 W AN DHCP , 29 W AN IP address, 29 Web browser requirements, 1 version requirements, 23 Web browsers compatible versions, 23 Windows NT conï¬guring IP information, 17