ASUS RX3141 User's Manual
Contents
1. button to continue Choose file c E rx3141 2004101102 rom My Recent RX3141 Production Test Program v4 zip Documents Ej 3141 in 3j rx3141 txt E rx3141 v1 24 2004101501 bin Desktop 3 x314is v1 22 20041011 rom zip E rx3141 upgrade part1 bin El rx3141 upgrade part2 bin My Documents E My Computer P a My Network File name corfig_101 BIA do Z Places Files of type a Files ka Cancel Figure 11 20 System Configuration Restore Page Choose File Dialog 81 Chapter 11 System Management RX3141 User s Manual Click on PPlv Jbutton to restore the system configuration A message will pop up as illustrated in Figure 11 21 to let you know whether the system configuration is successfully restored Note that you must reboot the RX3141 to make the new system configuration in effect Restore configuration success Please reboot the system Figure 11 21 System Configuration Restore Status 82 RX3141 User s Manual Chapter 12 IP Addresses Network Masks and Subnets 1 2 IP Addresses Network Masks and Subnets 12 1 IP Addresses This section pertains only to IP addresses for IPv4 version 4 of the Internet Protocol IPv6 addresses are not covered Note This section assumes basic knowledge of binary numbers bits and bytes For details on this subject see Appendix 12 IP addresses the Internet s version of telephone numbers are used to identify indi2. 4 i i Definition A Provides messages of high importance including messages relating to personal safety or system integrity WARNING RX3141 User s Manual Chapter 2 Getting to Know 2 Getting to Know RX3141 2 1 Parts List In addition to this document RX3141 should come with the following gt The System unit RX3141 gt AC Adapter gt User Manual gt Compact Disk of Multi language Quick installation Guide 2 2 Hardware Features gt LAN e 4 port Gigabit switch e Auto speed negotiation e 9KB jumbo frame support e 4K MAC address table w auto learning and aging gt WAN e 10 100M Ethernet e Auto MDI MDIX 2 3 Software Features 2 39 1 NAT Features RX3141 provides NAT to share a single high speed Internet connection and to save the cost of multiple connections required for the hosts on the LAN segments connected to it This feature conceals network address and prevents them from becoming public It maps unregistered IP address of hosts connected to the LAN with valid ones for Internet access RX3141 also provides reverse NAT capability which enables users to host various services such as e mail servers web servers etc The NAT rules drive the translation mechanism The following types of NAT are supported by RX3141 gt NAPT Network Address and Port Translation Also called IP Masquerading or ENAT Enhanced NAT Maps many internal hosts to only one globally valid IP address The mapping usual
3. Save As Save in gt English Ly Si EF HHL My Recent Documents d 5 E Desktop My Documents My Computer Enter desired filename a File name config_101504 cfg M Figure 11 17 System Configuration Backup Page Save As Dialog 6 Finally a message as shown in Figure 11 18 will display to let you know whether the system configuration is successfully saved to your computer Backup configuration success Download Configuration File Figure 11 18 System Configuration Backup Status 80 RX3141 User s Manual Chapter 11 System Management 11 7 2 Restore System Configuration Follow the steps below to backup system configuration 1 Open the System Configuration Backup Restore configuration page by double clicking the Management gt Backup Restore menu 2 Enter the path and filename of the system configuration file that you want to restore in the text field Status Management Backup Restore k Router Setup b Advanced k Management Factory Reset Firmware Upgrade Reboot Backup Restore Logout Backup system configuration Restore system configuration Figure 11 19 System Configuration Restore Page Alternatively you may click on the button to search for the system configuration file on your computer A window similar to the one shown in Figure 11 20 will pop up for you to select the configuration file to restore Select the desired configuration file and then click on the
4. myserv net PPPoEO Figure 5 4 WAN PPPoE Multi session Example 1 Open the Router Connection configuration page by double clicking the Router Setup gt Connection menu 2 Configure PPPoE settings as you normally would for each PPPoE session as described in section 5 2 2 2 Configuring PPPoE for WAN Note that maximum of two PPPoE sessions are supported The following figures show the settings for the two PPPoE sessions 28 RX3141 User s Manual N Configuratior lege 9 E Connection Mode PPPoE Session Enable Connect on Demand Disconnect after Idle min User Name Password Service Name AC Name IP Address Primary DNS Server Secondary DNS Server nable E Disable s Optional fontional 0 0 0 0 Optional ESI 0 0 0 0 Optional 0 0 0 0 Optional Chapter 5 Router Connection Setup Connection Mode PPPoE E PPPoE Session Connect on Demand Disconnect after Idle min Secondary DNS Server Enable 9 Enable Q Disable User Name mylleernamei Service Name Optional optional IP Address 0 0 0 0 KOptional Primary DNS Server 0 0 0 0 KOptional 0 0 0 0 KOptional Password AC Name Manual Manual Apply Apply j Figure 5 6 WAN PPPoE Settings Figure 5 5 WAN PPPoEO Settings 3 Configure firewall outbound ACL rules to forward the designated traffic to each intended PPPoE session Please r
5. RX3141 User s Manual Hevision 1 01 Oct 21 2004 Table of Contents 1 1515 ele 18 eio RTT TT 1 1 1 SE 1 1 2 SYSTEM Requirements un 1 1 3 Bele ths DOCUMEN NR Tem 2 1 3 1 Noraional Conventions ssr 2 1 3 2 Typographical conventions sse esse ee Feo bra eee eee 2 1 3 3 Special EIERE 2 Getting to Know RX3144 3 2 1 mica PH 3 2 2 HardWwWarS uiid TEN 3 2 3 Sol tWare Fedllfes ena toes red ee 3 2 3 1 KREE 3 2 3 2 Firewall E 4 2 3 2 1 Stateful Packet Inspection rresia a a 4 2 3 2 2 Packet Filtering ACL Access Control List 4 2 3 2 3 Defense against DOS Attacke 4 2 4 1 1 Application Level Gateway AC 5 2 4 1 2 Be E PI 5 2 4 FAAN YOUR Way ALOUNG TT 6 2 4 1 mp El LEE D 2 4 2 Heal TT H 7 2 4 3 BOLOM VICW Mer MN cs 8 2 5 gice ies f 9 2 5 1 Biz qe ee po 9 2 5 2 Magnet Mount Instruchons ek 9 2 5 9 Wall Mount InstrucliOlis 2 earn nasce tao a e pns a 9 Quick Start Guide 11 3 1 Part 1 Connecting the Hardware esses 11 3 1 1 Step 1 Connect an ADSL or a cable modem 11 3 1 2 Step 2 Connect computers or a Network sse eee ee 11 3 1 3 Step 3 Attach the AC adapter sse 12 3 1 4 Step 4 Power on RX3141 the ADSL or cable modem and power up yJeUigreio aqloU i e 12 3 2 Part 2 Configuring Your Computers 13 3 2 1 Bef re you ss T EE TES 13 3 2 2 WIndow
6. Reset system configuration Reboot system Update firmware Backup restore system configuration Login Password and System Wide Settings The first time you log into the Configuration Manager you use the default username and password admin and admin 70 GER j j This username and password is only used for logging into the Configuration Manager it is not the same login password that you Note use to connect to your ISP status Router Setup Administration Connection Security Inbound ACL Outbound ACL Self Access ACL Timezone Log bk Advanced b Management Logout Figure 11 1 System Name ASUS RxX3141 Router Setup Administration New Password Confirm Password LAN MAC 00 WAN MAC 0 C Clone WAN MAC Auto logout after Idle min Enable UPnP Service Enable DNS Proxy Allow Administration from Interface wan Allow Ping Interfaces LANC WAN Apply System Administration Configuration Page RX3141 User s Manual Chapter 11 System Management System Administration configuration page as shown in Figure 11 1 allows you to change login password and other global settings for RX3141 Follow the steps below to change password and or system wide settings 1 Open the System Administration configuration page as shown in Figure 11 1 by double clicking the Router Setup gt Administration menu Changing login password a Type the new pass
7. 9 7 1 LOO FOMA il sap E 62 Virtual Sever and Special Application 63 kW S PIES E 63 10 1 1 NAPT Network Address and Port Translation or PAT Port Address el e MENT E 63 10 1 2 Reverse NAPT Virtual Seer sese eee 64 10 2 CONMOUFE KOENEN 64 10 2 1 Virtual Server Configuration Harameierg eee eee eee eee ee 64 10 2 2 Virtual Server Example sese eee eee eee DD 10 2 3 Special Application Configuration Parameters 67 10 2 4 Special Application Example eese 68 system Management 70 11 1 Login Password and System Wide Settings A 70 11 2 Viewing System Intormaton enne 72 11 9 SSelup Dale QING nT 73 11 3 1 View the System Date and Tme sse eee eee eee 74 11 4 Reset to Factory Default Settings css sees eee esec eee 74 11 4 1 Reset to Factory Default Settings using GUI 74 11 4 2 Reset to Factory Default Settings using the Reset Button 75 RON len VT Melen E 75 TEG OVEM NEDO n inaa ee 78 vi 12 13 14 11 7 System Configuration Management 79 11 7 1 Backup System Configuration sss sees eee eee eee 79 11 7 2 Restore System Configuration eese 81 IP Addresses Network Masks and Gubnete cccccecececececcccecevevavavavavaeaeacass 83 2c JESAddIOSSES uibs item sida e disco e c dde deduc eese 83 12 1 1 Structure of a
8. Make sure that your ADSL or cable modem is powered on Wait 30 seconds to allow the RX3141 to negotiate a connection with your broadband modem Verify that the Ethernet cable is securely connected to your LAN hub or PC and to the RX3141 Make sure the PC and or hub is turned on Verify that your cable is sufficient for your network requirements A 100 Mbit sec network 100BaseTx should use cables labeled Cat 5 10Mbit sec cables may tolerate lower quality cables Use the ping utility discussed in the following section to check whether your PC can communicate with the RX3141 s LAN IP address by default 192 168 1 1 If it cannot check the Ethernet cabling If you statically assigned a private IP address to the computer not a registered public address verify the following e Check that the gateway IP address on the computer is your public IP address see the Quick Start Guide chapter Part 2 for instructions on viewing the IP information If it is not correct the address or configure the PC to receive IP information automatically e Verify with your ISP that the DNS server specified for the PC is valid Correct the address or configure the PC to receive this information automatically e Verify that a Network Address Translation rule has been defined on the RX3141 to translate the private address to your public IP address The assigned IP address must be within the range specified in the NAT rules Or configure the PC to acc
9. 1 NAPT Map Any Internal PCs to a Single Global IP Address 63 Chapter 11 System Management RX3141 User s Manual lt E m Internet 2 d e EE J nsi 2a Se TCPi80 UDP 53 TCP 21 E e o un D E S Ys D p a Z T u u Figure 10 2 Reverse NAPT Relayed Incoming Packets to the Internal Host Base on the Protocol Port Number or IP Address 10 1 2 Reverse NAPT Virtual Server Reverse NAPT is also called inbound mapping port mapping or virtual server Any packet coming to the RX3141 can be relayed to the internal host based on the protocol port number and or IP address specified in the ACL rule This is useful when multiple services are hosted on different internal hosts Figure 10 2 shows that web server TCP 80 is hosted on PC A telnet server TCP 23 on PC B DNS server UDP 53 on PC C and FTP server TCP 21 on PC D This means that the inbound traffic of these four services will be directed to respective host hosting these services 10 2 Configure Virtual Server Virtual server allows you to configure up to ten public servers such as a Web E mail FTP server and etc accessible by external users of the Internet Each service is provided by a dedicated server configured with a fixed IP Address Although the internal service addresses are not directly accessible to the external users the router is able to identify the service requested by the service port number and redirects the request to the R
10. 5 For security concerns the RX3141 denies all the access requests from the external users unless a proper inbound ACL rule is setup for each virtual server to allow external users to access the internal servers set up in the Virtual Server configuration page For example if you want to allow any one in the external network to access the FTP server define an inbound ACL rule as configured in Figure 10 4 Note that the destination IP address is the IP address entered in the To IP Address and the destination port is the port numbers entered in the Redirect Port Range in the Virtual Server configuration page If you want to restrict access to the FTP server from particular IP addresses change the settings for the source IP in the inbound ACL rule For example if source IP in the inbound ACL rule is configured as 198 175 2 10 the RX3141 will deny all the external access to the FTP server except those from this particular IP address For detail information about configuring an inbound ACL rule please refer to the section 9 4 Configuring Inbound ACL Rules ACL Configuration ID Add New Action Log Move to Route to Protocol Type GG Type IP Address Same as To IP Address IP Address 192 168 1 128 Source Port Type SES Same as Redirect Port Range Destination Port Start Port Destination IP End Port ICMP Type ER Modify Figure 10 4 Virtual Server Example Inbound ACL RuleConfigure Special App
11. 5 9 WAN Outbound ACL Rule Settings for PPPoE Multi session Example 30 Figure 5 10 WAN Default Outbound ACL Rule for PPPoE Multi session Example 30 Figure 5 11 WAN PPPoE Unnumbered Configuration sss sese esec eee eee eee 31 Figure 5 12 WAN Dynamic IP DHCP client Configuration nnn 33 Figure 5 13 WAN Static IP Configuration sss sese eee eee eee eee 34 Figure 6 1 DHCP Server Configuration Page 36 Figure 5 2 DACP Ee 37 Figure 7 4 Routing Config rallon aen Ee 40 Figure 7 2 Statie Route Gonflglilaligh i ecuador irte een dole Kock Fur didnt acra ric e d cerae dus 41 Figure 7 3 Sample RONG Ee TEE 42 Figure 8 1 Network Diagram for HTTP DDNS ss sese sees eee 43 Figure G 2 HTTP DONS Gonlgurauom Page uio lade tia edes a CX i sett iced M Ce eroe rr enden 45 Figure 9 1 Router Security Configuration Page 51 Figure 9 2 Inbound ACL Configuration e EE 55 Figure 9 3 Inbound ACL Configuration Exvample enne nnne enne 56 Figure 9 4 Sample Inbo ndAGE list Table EE 56 Figure 9 5 Outbound ACL Configuration Page sss sss sese eee eee eee 57 Figure 9 6 Outbound ACL Configuration Example eene 58 vil Figure 9 7 Sample Outbound ACL List Tale EE 58 Figure 9 8 Self Access ACL Configuration Page T 60 Figure 9 9 Self Access ACL Configuration Example sese eee eee 60 Figure 9 10 Existing Self Access ACL Sl 61 Flgure oTi Sample e Ree EE 62 Figure 10 1
12. Address 00 11 22 33 44 57 Figure 3 3 System Status Page 4 Follow the instructions described in Chapter 5 Router Connection Setup to set up the LAN and WAN settings for RX3141 After completing the basic configuration for RX3141 read the following section to determine if you can access the Internet 3 9 2 Testing Your Setup At this point the RX3141 should enable any computers on your LAN to use the RX3141 s ADSL or cable modem connection to access the Internet To test the Internet connection open your web browser and type the URL of any external website such as http www asus com The LED labeled WAN should be blinking rapidly and may appear solid as the device connects to the site You should also be able to browse the web site through your web browser If the LEDs do not illuminate as expected or the web page does not display see Appendix 13 for troubleshooting suggestions 17 Chapter 3 Quick Start Guide RX3141 User s Manual 3 3 3 Default Router Settings In addition to handling the DSL connection to your ISP the RX3141 can provide a variety of services to your network The device is pre configured with default settings for use with a typical home or small office network Table 3 2 lists some of the most important default settings these and other features are described fully in the subsequent chapters If you are familiar with network configuration settings review the settings in Table 3 2 to verify that they m
13. NAPT Map Any Internal PCs to a Single Global IP Address sss eee 63 Figure 10 2 Reverse NAPT Relayed Incoming Packets to the Internal Host Base on the Protocol Port NUMDErOrIP AddES S TR Tc c TET 64 Fig re 10 3 Virtual Server age EE 66 Figure 10 4 Virtual Server Example Inbound ACL Pule sss eee eee 67 Figure 10 5 Special Application Configuration Page 68 Figure 10 6 Special Application Example Outbound ACL Huie sss sese eee eee 69 Figure 10 7 Outbound AGL Rule Fables ta editio a CLP rade Decet usos 69 Figure 11 1 System Administration Configuration Page sss sese eee eee eee 70 Flgure 11 2 System otdius PACS EEN 72 Figure 11 3 Date and Time Configuration Page 73 Figure 11 4 Factory Reset Page xii ER ordre Cei a anu sav edaxi aisi run DOR GA esu dae cud adu Vobis 74 Figure 11 5 Factory Reset Eel nee o ios eoce cos cmt cere dre trinh EGER ude Io tut acie a in ceo ur besuds 74 Figure 11 6 Factory Reset Count Down Timer sss sese sees eee eee eee eee 75 Figure 11 7 Firmware Upgrade Page E 75 Figure WEN Elle VII gels EE 76 Figure 11 9 Firmware Upgrade Confirmation cccccccccccsssccecssssececssseeeesseeeessseseeecsseseeessaeeessesaeeessseeseessaeeeessaes 76 Figure 11 10 Firmware Upgrade Status sss sss sees eee eee 76 Figure 11 11 Firmware Upgrade Count Down Timer eee eee eee eee 77 Figure 11 12 Reeg Page EE 78 Figure 11 13 System Reboot Confirmation E 78 Figure 11 14 Sy
14. O or all fields set to 255 as those values are reserved for special uses 84 RX3141 User s Manual Chapter 12 IP Addresses Network Masks and Subnets 12 3 Subnet masks A mask looks like a regular IP address but contains a pattern of bits that tells what parts of an IP address are the network ID and Definition what parts are the host ID bits set to 1 mean this bit is part of the mask network ID and bits set to 0 mean this bit is part of the host ID Subnet masks are used to define subnets what you get after dividing a network into smaller pieces A subnet s network ID is created by borrowing one or more bits from the host ID portion of the address The subnet mask identifies these host ID bits For example consider a class C network 192 168 1 To split this into two subnets you would use the subnet mask 255 255 255 128 I s easier to see what s happening if we write this in binary 11111111 11111111 11111111 10000000 As with any class C address all of the bits in field1 through field 3 are part of the network ID but note how the mask specifies that the first bit in field 4 is also included Since this extra bit has only two values 0 and 1 this means there are two subnets Each subnet uses the remaining 7 bits in field4 for its host IDs which range from 0 to 127 instead of the usual 0 to 255 for a class C address Similarly to split a class C network into four subnets the mask is 255 255 255 192 or 11111111
15. Outbound ACL Rules To modify an outbound ACL rule follow the instructions below 1 Open the Outbound ACL Rule configuration page as shown in Figure 9 5 by double clicking the Router Setup Outbound ACL menu 58 RX3141 User s Manual Chapter 9 Configuring Firewall NAT Settings 2 Click on the icon of the rule to be modified in the outbound ACL table or select the rule number from the ID drop down list 3 Make desired changes to any or all of the following fields action source destination IP source destination port protocol ICMP message type and log Please see Table 9 3 for explanation of these fields 4 Click on fe Modif button to modify this ACL rule The new settings for this ACL rule will then be displayed in the outbound access control list table at the bottom half of the Outbound ACL Configuration page 9 5 3 Delete Outbound ACL Rules To delete an outbound ACL rule just open the Outbound ACL Rule configuration page by double clicking the Router Setup gt Outbound ACL menu and then click on the i in front of the rule to be deleted 9 5 4 Display Outbound ACL Rules Open the Outbound ACL Rule configuration page by double clicking the Router Setup gt Outbound ACL menu 9 6 Configuring Self Access ACL Rules Router Setup Self Access ACL Self Access rules control access to from the RX3141 itself You may use Self Access Rule Configuration page as illustrated in Figure 9 8 to gt Adda Self Access
16. TCP 70 70 TCP 80 80 TCP 8080 8080 TCP 443 443 TCP UDP 22555 22555 UDP 500 500 6601 700 1863 ALG 9400 9400 TCP 1731 1731 TCP 1720 1720 UDP 49500 49700 TCP 1503 1503 65 Chapter 11 System Management RX3141 User s Manual Application Service Port Numbers Netmeeting or VOIP 1503 1503 1720 ALG NEWS TCP 119 119 PC Anywhere TCP 5631 PC Anywhere TCP 5631 UDP 5632 POP3 TCP 110 110 Powwow Chat 13223 13223 Red Alert Il 1234 1237 SMTP TCP 25 25 Sudden Strike 2300 2400 TELNET TCP 23 23 Win VNC UDP 5800 5900 10 2 2 Virtual Server Example Following describes the procedure to setup a FTP server 66 1 Open the Virtual Server configuration page as shown in Figure 10 3 by double clicking the Advanced Virtual Server menu Select FTP from the Enable drop down list and the check the check box to activate this policy Note that the protocol and the redirect port range are automatically selected Enter the IP address of the FTP server Note that this IP address is a private IP address Click 2PPlY Jto save the settings Status Advanced Virtual Server b Router Setup b Advanced EE special Application m eS Redirect Port Range To IP Address Logout EE 192 Huss Ha Ho MEN ST SS D manuei seine wi rce Sie Ke Tse Wo Manual Setting elle sin Mu Apply j Undo 1 Figure 10 3 Virtual Server Example RX3141 User s Manual Chapter 11 System Management
17. connected on the LAN The address of the default gateway for computers that receive IP addresses from this pool The default gateway is the device that the DHCP client computers first contacted to communicate with the Internet Typically it is the RX3141 s LAN port IP address The IP address of the Domain Name System server to be used by computers that receive IP addresses from this pool The DNS server translates common Internet names that you type into your web browser into their equivalent numeric IP addresses Typically the server s are located with your ISP However you may enter LAN IP address of the RX3141 as it will serve as DNS proxy for the LAN computers and forward the DNS request from the RX3141 User s Manual Chapter Error Reference source not found Error Reference source not found Field Description LAN to DNS servers and relay the results back to the LAN computers Note that both the primary and secondary DNS servers are optional Primary Secondary The IP address of the WINS servers to be used by computers that receive IP WINS Server IP addresses from the DHCP IP address pool You don t need to enter this Address optional information unless your network has WINS servers 3 Click PPlY Jto save the DHCP server configurations 6 1 4 Viewing Current DHCP Address Assignments When the RX3141 functions as a DHCP server for your LAN it keeps a record of any addresses it has leased to your computers To view a table
18. default LAN IP address 24 Log into Configuration Manager and then double click Router Setup gt Connection menu The Router Connection Setup configuration page is then displayed as shown in Figure 5 1 status b Router Setup Administration EM 14 ECU FTN Inbound ACL Host Name RX3141 Outbound ACL l T IP Address 152 168 1 1 e s d e a RAE r Er e Self Access ACL Timezone Subnet Mask Log b Advanced b Management WAN CO LOGON Connection Mode Dynamic Ej Manual Disconnect Apply Figure 5 1 Router Connection Setup Configuration LAN Configuration Optional Enter the host name for RX3141 Note that the host name is used for identification only and is not used for any other purpose Enter the LAN IP address and subnet mask for the RX3141 in the spaces provided Proceed to the WAN Configuration section for instructions on setting up the WAN port if you have not yet done so Click amp PPlY Jto save the settings If you are using an Ethernet connection for the current session and change the IP address the connection will be terminated You will see the following message displayed as shown below Please wait Changing IP address or netmask 168 13in 3 seconds p192 The page is to be redirected to You will then be prompted to log back into the Configuration Manager once the timer elapses RX3
19. double clicking the Router Setup gt Connection menu 2 Select Static from the Connection Mode drop down list as shown in Figure 5 13 Enter WAN IP address in the IP Address field This information should be provided by your ISP 4 Enter Subnet Mask for the WAN This information should be provided by your ISP Typically it is 255 255 255 0 Enter gateway address provided by your ISP in the space provided Enter the IP address of the primary DNS server This information should be provided by your ISP secondary DNS server is optional 7 Click PPlY Jto save the settings 34 RX3141 User s Manual Chapter Error Reference source not found Error Reference source not found 6 DHCP Server Configuration 6 1 DHCP Dynamic Host Control Protocol 6 1 1 What is DHCP DHCP is a protocol that enables network administrators to centrally manage the assignment and distribution of IP information to computers on a network When you enable DHCP on a network you allow a device such as the RX3141 to assign temporary IP addresses to your computers whenever they connect to your network The assigning device is called a DHCP server and the receiving device is a DHCP client If you followed the Quick Start Guide instructions you either configured each LAN PC with an IP address or you specified that it will receive IP information dynamically automatically If you chose to have the information assigned dynamically then you configu
20. firewall You ll have to configure this rule see the default outbound ACL settings in Figure 5 10 if you had deleted The third rule is used to forward all the outbound traffic to PPPoEO session except those intended for PPPoE1 session 29 Chapter 5 Router Connection Setup RX3141 User s Manual ID Action Protocol Source Destination Service P TT ch o Figure 5 9 WAN Outbound ACL Rule Settings for PPPoE Multi session Example Figure 5 10 WAN Default Outbound ACL Rule for PPPoE Multi session Example 30 RX3141 User s Manual Chapter 5 Router Connection Setup 5 2 3 PPPoE Unnumbered Some of the ADSL service providers may offer PPPoE unnumbered service Choose this connection mode if your ISP provides such service Connection Mode PPPoE unnumbered ele Vonrection Mode drop Enable NAPT down list Connect on Demand Enable Disable Disconnect after Idle min lo User Name Po Password Do O Service Name fOptienal AC Name Optional IP Address Unnumbered network address Unnumbered netmask Primary DNS Server 0 0 0 KOptional Secondary DNS Server 0 0 0 0 Optional status Manual Apply Figure 5 11 WAN PPPoE Unnumbered Configuration 31 Chapter 5 Router Connection Setup RX3141 User s Manual 5 2 3 1 Table 5 3 describes the configuration parameters available for PPPoE unnumbered connection mode WAN PPPoE Unnumbered Configura
21. follow the instructions that correspond to the operating system installed on your PC Windows XP PCs In the Windows task bar click the Start button and then click Control Panel Double click the Network Connections icon In the LAN or High Speed Internet window right click on icon corresponding to your network interface card NIC and select Properties Often this icon is labeled Local Area Connection The Local Area Connection dialog box displays with a list of currently installed network items Ensure that the check box to the left of the item labeled Internet Protocol TCP IP is checked and click Properties button In the Internet Protocol TCP IP Properties dialog box click the radio button labeled Obtain an IP address automatically Also click the radio button labeled Obtain DNS server address automatically Click OK button twice to confirm your changes and close the Control Panel Windows 2000 PCs First check for the IP protocol and if necessary install it 1 In the Windows task bar click the Start button point to Settings and then click Control Panel Double click the Network and Dial up Connections icon In the Network and Dial up Connections window right click the Local Area Connection icon and then select Properties The Local Area Connection Properties dialog box displays a list of currently installed network components If the list includes Internet Protocol TCP IP then the
22. gateway address field and click Add button to add the default gateway entry Click OK button twice to confirm and save your changes and then close the Control Panel If prompted to restart your computer click OK button to do so with the new settings RX3141 User s Manual Chapter 3 Quick Start Guide 3 25 Windows NT 4 0 workstations First check for the IP protocol and if necessary install it 1 In the Windows NT task bar click the Start button point to Settings and then click Control Panel 2 Inthe Control Panel window double click the Network icon 3 In the Network dialog box click the Protocols tab The Protocols tab displays a list of currently installed network protocols If the list includes TCP IP Protocol then the protocol has already been enabled Skip to step 9 4 If TCP IP does not display as an installed component click Add button In the Select Network Protocol dialog box select TCP IP and then click OK button You may be prompted to install files from your Windows NT installation CD or other media Follow the instructions to install the files After all files are installed a window displays to inform you that a TCP IP service called DHCP can be set up to dynamically assign IP information 6 Click Yes button to continue and then click OK button if prompted to restart your computer Next configure the PCs to accept IP addresses assigned by the RX3141 Open the Contr
23. of all current IP address assignments just open the DHCP Server Configuration page and click on the link Current DHCP Lease Table located at the bottom of the configuration page A page displays similar to that shown in Figure 6 2 The DHCP lease table lists any IP addresses leased and the corresponding MAC addresses DHCP IP Address List IP Address MAC Address 192 168 1 100 00 07 40 1C DcC 0B Reload Figure 6 2 DHCP Lease Table 37 RX3141 User s Manual Chapter 7 Configuring Static Houtes D Configuring Static Routes You can use Configuration Manager to define specific routes for your Internet and network data communication This chapter describes basic routing concepts and provides instructions for creating static routes Note that most users do not need to define static routes 7 1 Overview of IP Routes The essential challenge of a router is when it receives data intended for a particular destination which next device should it send that data to When you define IP routes you provide the rules that the RX3141 uses to make these decisions 7 1 1 Dol need to define static routes Most users do not need to define static routes On a typical small home or office network the existing routes that set up the default gateways for your LAN computers and for the RX3141 provide the most appropriate path for all your Internet traffic gt On your LAN computers a default gateway directs all Internet traffic to the LA
24. probably need to clear the cache of your web browser to see the new System Information page Following is the procedure to clear the browser cache for Microsoft Internet Explorer a Click on Tools menu b Click on Internet Options menu c Click on Delete Files button to clear the browser cache T7 Chapter 11 System Management RX3141 User s Manual 11 6 System Reboot 1 Open the System reboot page as shown in Figure 11 12 by double clicking the Management gt Reboot menu 2 Click onthe PPl puttonin the reboot the system V LU d System Name ASUS RX3141 Status 7 Management Reboot k Router Setup b Advanced P Management Information Factory Reset l Firmware Upgrade Please apply all the changes before rebooting the system Backup Restore Apply jJ Logout Figure 11 12 System Reboot Page 3 Adialog window will popup as illustrated in Figure 11 13 Click on the button to proceed or click on the L EZE button to cancel Microsoft Internet Explorer E J Do you want to reboot the system Figure 11 13 System Reboot Confirmation Your browser will be reconnected back to the RX3141 when the timer as illustrated in 4 Figure 11 14 elapses Please watt System rebooting The page is to be reloaded in seconds Figure 11 14 System Reboot Countdown Timer 78 RX3141 User s Manual Chapter 11 System Management 11 7 System Configuration Man
25. protocol has already been enabled Skip to step 10 If Internet Protocol TCP IP does not display as an installed component click Install button 13 Chapter 3 Quick Start Guide RX3141 User s Manual 10 11 12 3 2 4 14 10 Tile 12 In the Select Network Component Type dialog box select Protocol and then click lt Add gt button Select Internet Protocol TCP IP in the Network Protocols list and then click lt OK gt button You may be prompted to install files from your Windows 2000 installation CD or other media Follow the instructions to install the files If prompted click OK button to restart your computer with the new settings Next configure the PCs to accept IP addresses assigned by the RX3141 In the Control Panel double click the Network and Dial up Connections icon In Network and Dial up Connections window right click the Local Area Connection icon and then select Properties In the Local Area Connection Properties dialog box select Internet Protocol TCP IP and then click Properties button In the Internet Protocol TCP IP Properties dialog box click the radio button labeled Obtain an IP address automatically Also click the radio button labeled Obtain DNS server address automatically Click OK button twice to confirm and save your changes and then close the Control Panel Windows 95 98 and Me PCs In the Windows task bar click the Start button point to
26. provided by the RX3141 is listed in Table 2 1 RX3141 User s Manual Chapter 2 Getting to Know Table 2 1 DoS Attacks Type of Attack Name of Attacks Breet Bonk Boink Teardrop New Tear Overdrop y Opentear Syndrop Jolt IP fragmentation overlap ICMP Attacks Ping of Death Smurf Twinge El odsrs Logging only for ICMP Flooder UDP Flooder SYN Flooder Logging only for TCP SYN Scan Port Scans Attack packets dropped TCP XMAS Scan TCP Null Scan TCP Stealth Scan Protection with PF Rules Echo Chargen Ascend Kill Miscellaneous Attacks IP Spoofing LAND Targa Winnuke 2 4 1 1 Application Level Gateway ALG Applications such as FTP open connections dynamically based on the respective application parameter To go through the firewall on the RX3141 packets pertaining to an application require a corresponding allow rule In the absence of such rules the packets will be dropped by the RX3141 Firewall As it is not feasible to create policies for numerous applications dynamically at the same time without compromising security intelligence in the form of Application Level Gateways ALG is built to parse packets for applications and open dynamic associations The RX3141 NAT provides a number of ALGs for popular applications such as FTP and Netmeeting 2 4 1 2 Log Events in the network that could be attempts to affect its security are recorded in the RX3141 system log file The log maintains a minimum log details such as
27. resulted from incorrect system configuration Follow the steps below to reset system configuration 1 Log into Configuration Manager by double clicking the Management gt Factory Reset menu The Default Settings Configuration page displays as shown in Figure 11 4 F Kal ia System Name ASUS RX3141 Status Management Factory Reset P Router Setup P Advanced D Management Informati aaa Fact t will the existi figurati d reset Em actory reset will erase the existing configuration and rese jen gege Upgrade all the settings to factory default Reboo gt Backup Restore Logout on Apply Figure 11 4 Factory Reset Page 2 Click on __ PP __ button to set the system configuration back to factory default 3 dialog window as shown in Figure 11 5 will pop up to ask for confirmation Click on the button to proceed otherwise click on the button to cancel the action Microsoft Internet Explorer LY Do you want to reset the configuration Figure 11 5 Factory Reset Confirmation 74 RX3141 User s Manual Chapter 11 System Management 5 RX3141 will then reboot thereafter to make the factory default configuration in effect Note a count down timer such as the one shown in Figure 11 6 will display to indicate when the reboot process will be completed Please wait System rebooting The page is to be reloaded in seconds Figure 11 6 Factory Reset Count Down Timer 11 4 2 Reset to F
28. rule gt Modify an existing Self Access rule gt Delete an existing Self Access rule gt View existing Self Access rules Status Router Setup Self Access ACL b Router Setup Administration n a Connection ACLC tion Security E 3Inbound ACL ID Add New me Action Log Outbound ACL Move to Route to Self Access ACL Timezone Log Protocol Type m b Advanced b Management Source IP Type Logout Destination IP Type Source Port Type Destination Port Type ICMP Type Add Modify Existing Self Access ACL ID Action Protocol Source Destination Service f it i Allow TCP Any Self 80 Lil 59 Chapter 9 Configuring Firewall NAT Settings RX3141 User s Manual Figure 9 8 Self Access ACL Configuration Page 9 6 1 Add a Self Access Rule To add a Self Access rule follow the instructions below 1 Open the Self Access Rule configuration page as shown in Figure 9 8 by double clicking the Router Setup gt Self Access ACL menu 2 Select Add New from the ID drop down list 3 Set desired action Allow or Deny from the Action drop down list 4 Assign a priority for this rule by selecting a number from the Move to drop down list Note that the number indicates the priority of the rule with 1 being the highest Higher priority rules will be examined prior to the lower priority rules by the firewall 5 Make desired changes to any or all of the following
29. source network such as those on the Internet for the inbound traffic or all the computers in the local network for outbound traffic IP Address This option allows you to specify an IP address on which this rule will be applied IP Address Specify the appropriate network address 52 RX3141 User s Manual Chapter 9 Configuring Firewall NAT Settings Subnet This option allows you to include all the computers that are connected in an IP subnet When this option is selected the following fields become available for entry Address Enter the appropriate IP address Mask Enter the corresponding subnet mask Self for self access Indicates the router itself rule only Destination IP This option allows you to set the destination network to which this rule should apply Use the drop down list to select one of the following options Any This option allows you to apply this rule to all the computers in the local network for inbound traffic or any computer in the Internet for outbound traffic IP Address Subnet Select any of these options and enter details as described in the Source IP section above Self for self access Indicates the router itself rule SE Domain In order for this option to work user s PC must use RX3141 as its DNS server The domain name variable IP addresses association is cleared after every system restart Multiple ACL rules can be associated to the same domain name IP addresses associati
30. the username and password provided by your DDNS service providers Click on PPlY button to send a DNS update request to your DDNS service provider Note that DNS update request will also be sent to your DDNS Service provider automatically whenever the WAN port status is changed 45 RX3141 User s Manual Chapter 9 Configuring Firewall NAT Settings 9 Configuring Firewall NAT Settings The RX3141 provides built in firewall NAT functions enabling you to protect the system against denial of service DoS attacks and other types of malicious accesses to your LAN while providing Internet access sharing at the same time You can also specify how to monitor attempted attacks and unwanted network access This chapter describes how to configure router security settings and create modify delete ACL Access Control List rules to control the data passing through your network You will use firewall configuration pages to gt Configure router security and DoS settings K Create modify delete and view inbound outbound self access ACL rules View firewall log Note When you define an ACL rule you instruct the RX3141 to examine each data packet it receives to determine whether it meets criteria set forth in the rule The criteria can include the network or Internet protocol it is carrying the direction in which it is traveling for example from the LAN to the Internet or vice versa the IP adaress of the sending computer the destinatio
31. 0 0 Optional Server IP Address Enter IP Primary WINS Server IP gt gt address of the DNS server Address 192 169 1 1 Optional Usually it is the IP address of the LAN interface of this device Both primary and secondary DNS Secondary WINS Server IP Co M Address 0 0 0 0 Optional servers are optional Apply Primary Secondary WINS Server IP Address Enter IP address of the WINS server Both Current DHCP Lease Table primary and secondary WINS Configuration servers are optional Online Help Figure 4 2 Typical Configuration Manager Page 4 2 1 Menu Navigation gt Toexpand a group of related menus double click the menu or the icon Je gt Tocontract a group of related menus double click the menu or the icon gt To open a specific configuration page click the menu or the icon gt 20 RX3141 User s Manual Chapter 4 Using the Configuration Manager 4 2 2 Commonly Used Buttons and Icons The following buttons or icons are used throughout the application The following table describes the function for each button or icon Table 4 1 Description of Commonly Used Buttons and Icons Button lcon Function Stores any changes you have made on the current page Add Adds a new configuration to the system e g a static route or a firewall ACL rule and etc Modify Modifies existing configuration in the system e g a static route or a firewall ACL rule and etc Reload Redispla
32. 11111111 11111111 11000000 The two extra bits in field4 can have four values 00 01 10 11 so there are four subnets Each subnet uses the remaining six bits in field4 for its host IDs ranging from O to 63 Sometimes a subnet mask does not specify any additional network ID bits and thus no subnets Such a mask is called a default subnet mask These masks are Class A 255 0 0 0 Class B 255 255 0 0 Class C 255 255 255 0 These are called default because they are used when a network is initially configured at which time it has no subnets 85 RX3141 User s Manual Appendix 1 3 Troubleshooting This appendix suggests solutions for problems you may encounter in installing or using the RX3141 and provides instructions for using several IP utilities to diagnose problems Contact Customer Support if these suggestions do not resolve the problem Problem Power LED does not illuminate after product is turned on LINK WAN LED does not illuminate after Ethernet cable is attached LINK LAN LED does not illuminate after Ethernet cable is attached Internet Access PC cannot access Internet Troubleshooting Suggestion Verify that you are using the AC adapter provided with the device and that it is securely connected to the RX3141 and a wall socket power strip Verify that an Ethernet cable like the one provided is securely connected to the Ethernet port of your ADSL or cable modem and the WAN port of the RX3141
33. 141 User s Manual Chapter 5 Router Connection Setup 5 2 WAN Configuration This section describes how to configure WAN settings for the WAN interface on the RX3141 that communicates with your ISP You ll learn to configure IP address DHCP and DNS server for your WAN in this section 5 2 1 WAN Connection Mode Four modes of WAN connection are supported by the RX3141 PPPoE multi session PPPoE unnumbered dynamic IP and static IP You may select one of the WAN connection modes required by your ISP from the Connection Mode drop down list in Network Setup Configuration page as shown in Figure 5 2 Status Router Setup Connection k Router Setup Administration Connection i fi ati Security Inbound ACL Host Name OQutbound ACL Self Access ACL Timezone Al og bk Advanced k Management Logout Connection Mode E eg E Connection Manuail Dynamic Mode drop PPPoE PPPoE unnumbered list DIV IP Address 192 168 1 1 Subnet Mask 255 255 255 0 Figure 5 2 Network Setup Configuration Page WAN Configuration 25 Chapter 5 Router Connection Setup 5 2 2 PPPoE PPPoE connection is most often used by ADSL service providers 26 enz ss 0 0 0 0 Optional er 0 0 0 0 Optional er 0 0 0 0 Optio OFF L Figure 5 3 WAN PPPoE Configuration RX3141 User s Manual HX3141 User s Manual PX3141 User s Manual Chapter 5 Router Connection Setup 5 2 2 1 WAN PPPoE Configuratio
34. 33 5 2 4 Dynamic IP eiae aE 33 5 2 4 1 Configuring Dynamic IP for WAN 33 5 2 5 e Ile cute HH TR 34 5 2 5 1 WAN Static IP Configuration Parameters 34 5 2 5 2 Configuring Static IP for WAN 34 DHCP Server Configuration 35 6 1 DHCP Dynamic Host Control Protocol sss sese eee eee 35 6 1 1 WV Feats DEO EE 35 6 1 2 LM AUI UB rd ME 35 6 1 3 Configuring DHCP T nennen nnns 35 6 1 4 Viewing Current DHCP Address Assignments sesnsneeneeneneenneeennnn 37 Configuring Static Routes 39 7 1 Overview OI IP el 39 7 1 1 Do need to define static routes sese eee 39 7 2 SE len ROUTO E 40 Tal Static Route Configuration Harameterg see eee eee eee ee eee ee 40 7 2 2 Adding State teur 41 7 2 3 Deleting Static Routes eeeee eese eonenn rner 42 7 2 4 Viewing the Static Routing Table 42 Configuring DDNS 43 8 1 DDNS Configuration Parametere 44 8 2 Gontngt ring MTTF DDNS IIb sihi oda pd ee diego 45 Configuring Firewall NAT Settings 47 9 1 Firewall Overview ccscccccccccsssssseeeeceeeeeeseseeeeecececesseeaeeeeeeeessseeaeeeeeeesessseseees 47 9 1 1 stateful Packet INSPECTION ossidi oodd teat tue doo testi o eI Etage descen 47 9 1 2 DoS Denial of Service Protection 47 9 1 3 Firewall and Access Control List ACL sss 47 9 1 3 1 Priority Order of ACL Rule nsnnnanonnennnnnnnnnn
35. 55 0 0 0 0 0 0 0 etho 0 m 5 0 0 0 0 0 0 0 0 10 10 31 1 eth 0 Reload Figure 7 3 Sample Routing Table Follow these instructions to delete a static route from the routing table 1 Open the Static Route configuration page by double clicking the Advanced gt Static Route menu 2 Click on the i icon of the route to be deleted in the Routing Table what you are doing Removing the default route will render the WARNING Internet unreachable A Do not remove the route for default gateway unless you know 7 2 4 Viewing the Static Routing Table All P enabled computers and routers maintain a table of IP addresses that are commonly accessed by their users For each of these destination IP addresses the table lists the IP address of the first hop the data should take This table is known as the device s routing table To view the RX3141 s routing table double click the Advanced Static Route menu The Routing Table displays at the upper half of the Static Route Configuration page as shown in Figure 7 1 The Routing Table displays a row for each existing route containing the IP address of the destination network subnet mask of destination network and the IP of the gateway that forwards the traffic 42 RX3141 User s Manual Chapter 8 Configuring DDNS 8 Configuring DDNS Dynamic DNS is a service that allows computers to use the same domain name even when the IP address changes from time to time during reboot or when the I
36. AN PPPoE 0 unnumbered PPPoE 1 1 PPPoE session PPPoE 2 2 PPPoE session These options are selectable from the drop down list If AUTO is selected the router will automatically assign an interface to route the packets based on the gateway IP address 40 RX3141 User s Manual Chapter 7 Configuring Static Routes 7 2 2 Adding Static Routes Routing Configuratioil Destination Address o Un He Wo j Subnet Mask 255 Uass lass Dn Interface AUTO wi Apply j Figure 7 2 Static Route Configuration Follow these instructions to add a static route to the routing table 1 Open the Static Route configuration page by double clicking the Advanced gt Static Route menu 2 Enter static routes information such as destination IP address destination subnet mask gateway IP address and the interface in the corresponding fields For a description of these fields refer to Table 7 1 Static Route Configuration Parameters To create a route that defines the default gateway for your LAN enter 0 0 0 0 in both the Destination IP Address and Subnet Mask fields 3 Click PPlY to add a new route 41 Chapter 7 Configuring Static Routes RX3141 User s Manual 7 2 3 Deleting Static Routes No Destination Address Subnet Mack Gateway Interface Metric moi 200 24 00 2 0 4 d 203 400 Dd cd 0 0 0 0 etho 0 ma 192 168 1 0 Fibs be Bike be Babe be i 0 0 0 0 eth 0 m 3 10 10 31 0 209 20490 2 93 0 0 0 0 0 ethi 0 m 4 239 0 0 0 2
37. Access ACL table located at the bottom half of the Self Access ACL configuration page 9 6 3 Delete a Self Access Rule To delete a Self Access rule open the Self Access Rule configuration page by double clicking the Router Setup gt Self Access ACL menu and then click on the i icon of the rule to be deleted 9 6 4 View Configured Self Access Rules To see existing Self Access Rules just open the Self Access ACL configuration page by double clicking Router Setup gt Self Access ACL menu Existing Self Access ACL SSES ID Action Protocol Source Destination Service m 1 Allow TCP Any Self 80 Figure 9 10 Existing Self Access ACL Rules 9 7 Firewall Log Router Setup gt Log You may open the firewall log page by double clicking Router Setup gt Log menu to see any logged events for any security breaches Figure 9 11 shows a sample firewall log You may click on the Reload 4 button at the bottom of the Log page to see the updated log messages ASUS status l Router Setup Administration Connection eee ea Security Jan 1 00 00 28 2000 klogd sys Smurf packet from 10 10 31 41 Jan 1 00 02 06 2000 klogd sys Smurf packet from 10 10 31 41 Jan 1 00 03 44 2000 klogd sys Smurf packet from 10 10 31 41 Inbound ACL Outbound ACL Jan 1 00 05 22 2000 klogd sys Smurf packet from 10 10 31 41 Self Access ACL Jan 1 00 07 00 2000 klogd sys Smurf packet from 10 10 31 41 Timezone Jan 1 00 08 36 2000 klog
38. DoS Attack Definition Field Description o IP Source Intruder uses source routing in order to break into the target system Route IP Spoofing opoofing is the creation of TCP IP packets using somebody else s IP address IP spoofing is an integral part of many network attacks that do not need to see responses Land Attacker sends out packets to the system with the same source and destination IP address being that of the target system and causes the target system trying to resolve an infinite series of connections to itself This can cause the target system to slow down drastically Ping of Death An attacker sends out larger than 64KB packets to cause certain operating system to crash An attacker issues ICMP echo requests to some broadcast addresses Each datagram has a spoofed IP source address to be that of a real target host Most of the addressed hosts will respond with an ICMP echo reply but not to the real initiating host instead all replies carry the IP address of the previously spoofed host as their current destination and cause the victim host or network to slow down drastically SYN ICMP UDP Check or un check this option to enable or disable the logging for SYN ICMP UDP Flooding flooding attacks These attacks involve sending lots of TCP SYN ICMP UDP to a host in a very short period of time RX3141 will not drop the flooding packets to avoid affecting the normal traffic TCP A hacker may be scanning your
39. N port on the RX3141 Your LAN computers know their default gateway either because you assigned it to them when you modified their TCP IP properties or because you configured them to receive the information dynamically from a server whenever they access the Internet Each of these processes is described in the Quick Start Guide instructions Part 2 K Onthe RX3141 itself a default gateway is defined to direct all outbound Internet traffic to a router at your ISP This default gateway is assigned automatically by your ISP whenever the device negotiates an Internet connection The process for adding a default route is described in section 7 2 2 Adding Static Routes You may need to define static routes if your home setup includes two or more networks or subnets if you connect to two or more ISP services or if you connect to a remote corporate LAN 39 Chapter 7 Configuring Static Houtes RX3141 User s Manual 7 2 Static Route aa Status 7 Advanced Static Route k Router Setup lr Advanced 3Virtual Server sSpecial Application No Destination Address Subnet Mask Gateway Interface Metric Static Route m i Fe e abe ee Be bo 209 2909 2905 255 0 0 0 0 etho 0 3DHCP Server m 2 192 168 1 0 255 255 255 0 0 0 0 0 eth 0 2DDNS Service m 3 10 10 31 0 255 255 255 0 0 0 0 0 ethi o b Management D 4 239 0 0 0 255 0 0 0 0 0 0 0 etho 0 Ho m 5 0 0 0 0 0 0 0 0 10 10 31 1 ethi 0 Reload I EE ben 1 inati Routing Configuration a
40. RX3141 open your Web browser and type the following URL in the address location box and press Enter http 192 168 1 1 This is the predefined IP address for the LAN port on the RX3141 A login screen displays as shown in Figure 3 2 Login Username admin Figure 3 2 Login Screen If you have problem connecting to the RX3141 you may want to check if your PC is configured to accept IP address assignment from the RX3141 Another method is to set the IP address of your PC to any IP address in the 192 168 1 0 network such as 192 168 1 2 3 Enter your username and password and then click to enter the Configuration Manager The first time you log into this program use these defaults Default Username admin Default Password admin m FC 4 You can change the password at any time see section 11 1 Login Note Password and System Wide Settings The System Information page displays each time you log into the Configuration Manager shown in Figure 3 3 16 RX3141 User s Manual Chapter 3 Quick Start Guide Status 5 Status l Router Setup amp Advanced k Management Logout System Name ERx3121 RX3141 1 22 Build Oct 6 2004 20 19 01 System Time Sat Jan 1 00 16 04 2000 Firmware Version Default Gateway 0 0 0 0 DNS Server IP Address 192 168 1 1 Netmask 255 255 255 0 MAC Address 00 11 22 33 44 56 WAN Information Connection Mode DHCP IP Address 169 254 1 13 Netmask 255 255 0 0 MAC
41. SP s DHCP server resets IP leases RX3141 connects to a Dynamic DNS service provider whenever the WAN IP address changes It supports setting up the web services such as Web server FTP server using a domain name instead of the IP address Dynamic DNS supports the DDNS clients with the following features gt Update DNS records addition when an external interface comes up gt Force DNS update Only HTTP DDNS client is supported HTTP Dynamic DNS Client HTTP DDNS client uses the mechanism provided by the popular DDNS service providers for updating the DNS records dynamically In this case the service provider updates DNS records in the DNS RX3141 uses HTTP to trigger this update RX3141 supports HTTP DDNS update with the following service provider gt www dyndns org HTTP DDNS Server DynDNS DynDNS d ISR isr homeunix com Figure 8 1 Network Diagram for HTTP DDNS Whenever IP address of the configured DDNS interface changes DDNS update is sent to the specified DDNS service provider RX3141 should be configured with the DDNS username and password that are obtained from your DDNS service provider 43 Chapter 8 Configuring DDNS RX3141 User s Manual 8 1 DDNS Configuration Parameters Table 8 1 describes the configuration parameters available for DDNS service Table 8 1 DDNS Configuration Parameters Fd Description Status Shows the state of DDNS Dynamic DNS Click on this radio button to enable the DDNS
42. Sent 4 Received 4 Lost Y iz loss gt Approximate round trip times in milli seconds Minimum Bms Maximum Zms Average ms C2 Documents and SettingsAlan Figure 13 1 Using the ping Utility If the target computer cannot be located you will receive the message Request timed out Using the ping command you can test whether the path to the RX3141 is working using the preconfigured default LAN IP address 192 168 1 1 or another address you assigned You can also test whether access to the Internet is working by typing an external address such as that for www yahoo com 216 115 108 243 If you do not know the IP address of a particular Internet location you can use the nslookup command as explained in the following section From most other IP enabled operating systems you can execute the same command at a command prompt or through a system administration utility 13 1 2 nslookup You can use the nslookup command to determine the IP address associated with an Internet site name You specify the common name and the nslookup command looks up the name on your DNS server usually located with your ISP If that name is not an entry in your ISP s DNS table the request is then referred to another higher level server and so on until the entry is found The server then returns the associated IP address On Windows based computers you can execute the nslookup command from the Start menu Click the Start button and t
43. Service Click on this radio button to disable the DDNS Service Domain Name Enter the registered domain name provided by your ISP into this field For example If the host name of your RX3141 is hosti and the domain name is yourdomain com The fully qualify domain name FQDN is host1 yourdomain com Username Enter the username provided by your DDNS service provider in this field Password Enter the password provided by your DDNS service provider in this field 44 RX3141 User s Manual Chapter 8 Configuring DDNS 8 2 Configuring HTTP DDNS Client Status Advanced DDNS Service Router Setup Advanced 5 Virtual Server en Special Application 3 i Status Not Update static Route DHCP Server Dynamic DNS O Enable 9 Disable DDNS Service b Management Domain Name lfadn dyndns org Logout User Name D Password Apply Figure 8 2 HTTP DDNS Configuration Page Follow these instructions to configure the HTTP DDNS 1 p X x we First you should have already registered a domain name to the DDNS service provider If you have not done so please visit www dyndns org for more details Log into the Configuration Manager and then click Advanced gt DDNS Service menu to open the DDNS Configuration page In the DDNS Configuration page select Enable for the Dynamic DNS Enter the domain name in the Domain Name field Enter
44. Settings and then click Control Panel Double click the Network icon In the Network dialog box look for an entry started w TCP IP gt and the name of your network adapter and then click Properties button You may have to scroll down the list to find this entry If the list includes such an entry then the TCP IP protocol has already been enabled Skip to step 8 If Internet Protocol TCP IP does not display as an installed component click Add button In the Select Network Component Type dialog box select Protocol and then click Add button Select Microsoft in the Manufacturers list box and then click TCP IP in the Network Protocols list box and then click OK button You may be prompted to install files from your Windows 95 98 or Me installation CD or other media Follow the instructions to install the files If prompted click OK button to restart your computer with the new settings Next configure the PCs to accept IP information assigned by the RX3141 In the Control Panel double click the Network icon In the Network dialog box select an entry started with TCP IP 2 and the name of your network adapter and then click Properties button In the TCP IP Properties dialog box click the radio button labeled Obtain an IP address automatically In the TCP IP Properties dialog box click the Default Gateway tab Enter 192 168 1 1 the default LAN port IP address of the RX3141 in the New
45. Table 3 1 LED Indicators This LED should be POWER Solid green to indicate that the device is turned on If this light is not on check if the AC adapter is attached to the RX3141 and if it is plugged into a power source 1 4 Solid green to indicate that the device can communicate with STATUS your LAN or flashing when the device is sending or receiving LED data to from your LAN computer s WAN Solid green to indicate that the device has successfully established a connection with your ISP or flashing when the device is sending or receiving data to from the Internet If the LEDs illuminate as expected the RX3141 is working properly 12 RX3141 User s Manual Chapter 3 Quick Start Guide 3 2 Part 2 Configuring Your Computers Part 2 of the Quick Start Guide provides instructions for configuring the network settings on your computers to work with the RX3141 3 2 1 Before you begin By default the RX3141 automatically assigns all required network settings e g IP address DNS server IP address default gateway IP address to your PCs You need only to configure your PCs to accept the network settings provided by the RX3141 3 2 3 peers In some cases you may want to configure network settings d manually to some or all of your computers rather than allow the RX3141 to do so See Assigning static IP addresses to your PCs in page 15 for instructions If you have connected your PC via Ethernet to the RX3141
46. X3141 supports only one server of any particular type at a time Note 10 2 1 Virtual Server Configuration Parameters Table 10 1 describes the configuration parameters available for virtual server configuration 64 RX3141 User s Manual Chapter 11 System Management Table 10 1 Virtual Server Configuration Parameters Setting Enable Description Select an application from the list of pre configured applications The corresponding protocol and the redirect port range will be automatically selected Select Manual Setting if you want to configure the settings yourself To activate the policy make sure the check box is checked For a list of pre configured applications please refer to Table 10 2 Protocol This option allows you to select protocol type from a drop down list Available settings are All TCP UDP TCP UDP and ESP Redirect Port Range To IP Address Enter the desired port numbers Enter the server IP address Table 10 2 Port Numbers for Popular Applications Application AOE Il Server AUTH Baldurs Gate Il Battle Isle Counter Strike Cu See Me Diablo Il DNS FTP FTP GOPHER HTTP HTTP8080 HTTPS I phone 5 0 ISAKMP mirc MSN Messenger Need for Speed 5 Netmeeting Audio Netmeeting Call Netmeeting Conference Netmeeting File Transfer Service Port Numbers 2300 2400 113 2300 2400 3004 3004 2 005 2 015 648 648 56800 24032 4000 4000 UDP 53 53 TCP 21 21 TCP 20 ALG 21
47. actory Default Settings using the Reset Button Sometimes you may find that you have no way to access the RX3141 e g you forget your password or the IP address of RX3141 The only way out in this scenario is to reset the system configuration to the factory default by pressing the reset button located on the rear panel the router for at least 5 seconds The system configuration will be reverted back to the factory default settings after RX3141 is rebooted 11 5 Firmware Upgrade ASUSTeK may from time to time provide you with an update to the firmware running on the RX3141 All system software is contained in a single file called an image Configuration Manager provides an easy way to upload the new firmware image To upgrade the image follow this procedure 1 Open the Firmware Upgrade page as shown in Figure 11 7 by double clicking the Management gt Firmware Upgrade menu Fd DUS System Name ASUS RX3141 Status Management Firmware Upgrade k Router Setup P Advanced p Management Firmware Upgrade Factory Reset Select saare LRR Reboot l Backup Restore Apply Logout Upgrade State Upgrade Progress lo ph Figure 11 7 Firmware Upgrade Page 75 Chapter 11 System Management RX3141 User s Manual 2 Inthe Firmware text box enter the path and name of the firmware image file Alternatively you may click on L Browse button to open a file manager to search for the firmware image on y
48. agement 11 7 1 Backup System Configuration Follow the steps below to backup system configuration 1 Open the System Configuration Backup Restore page as illustrated in Figure 11 15 by double clicking the Management gt Backup Restore menu E System Name ASUS RX3141 Status Management Backup Restore D Router Setup i P Advanced k Management Factory Reset Backup system Firmware Upgrade LO configuration Rebnoot Backup Restore o 35S Ooo ce configuration Logout Apply Figure 11 15 System Configuration Backup Page 2 Click the Backup system configuration radio button Click the __ P8 _ button to backup the system configuration If you are using Microsoft Windows a File Download dialog window will pop up click on the Save button as illustrated in Figure 11 16 File Download j P Some files can harm your computer If the file information below e looks suspicious or you do not fully trust the source do not open or save this file File name config cfg File type From 132 168 1 1 Would you like to open the file or save it to your computer Always ask before opening this type of file Figure 11 16 System Configuration Backup Page File Download Dialog 79 Chapter 11 System Management RX3141 User s Manual 5 Enter the desired filename for the backup configuration file as illustrated in Figure 11 17and click on the button to continue
49. apter 9 Configuring Firewall NAT Settings 9 2 2 2 Configuring DoS Settings To configure DoS settings follow the instructions below 1 Open the Router Security configuration page as shown in Figure 9 1 by double clicking on Router Setup gt Security menu 2 Check or uncheck individual check box for each type DoS attack 3 Click Ply Jto save the settings System Name ASUS RX3141 Status Router Setup Security k Router Setup Administration Inbound ACL Firewall Outbound ACL gt Self Access ACL DI Default NAT DI Timezone Log Port Probing Log b Advanced Stealth Mode b Management Logout SYN Flooding DI ICMP Flooding DI UDP Flooding Ping of Death DI LAND s s Re assembly IP Source Route Is s IP Spoofing TCP XMAS NULL SYNFIN Scan DI Smurf DI WinNUKE DI Apply Figure 9 1 Router Security Configuration Page 51 Chapter 9 Configuring Firewall NAT Settings RX3141 User s Manual 9 3 ACL Rule Configuration Parameters 9 3 1 ACL Rule Configuration Parameters Table 9 3 describes the configuration parameters firewall inbound outbound and self access ACL rules Table 9 3 ACL Rule Configuration Parameters Field Description Add New Click on this option to add a new ACL rule Rule Number Select a rule from the drop down list to modify its settings Mave This option allows you to set a priority
50. bound ACL menu 2 Click on the icon of the rule to be modified in the inbound ACL table or select the rule number from the ID drop down list 3 Make desired changes to any or all of the following fields action source destination IP source destination port protocol ICMP message type and log Please see Table 9 3 for explanation of these fields 4 Click on fe Modif button to modify this ACL rule The new settings for this ACL rule will then be displayed in the inbound access control list table at the bottom half of the Inbound ACL Configuration page 9 4 3 Delete Inbound ACL Rules To delete an inbound ACL rule open the Inbound ACL Rule configuration page by double clicking the Router Setup gt Inbound ACL menu and then click on the TT in front of the rule to be deleted 56 RX3141 User s Manual Chapter 9 Configuring Firewall NAT Settings 9 4 4 Display Inbound ACL Rules To see existing inbound ACL rules just open the Inbound ACL Rule configuration page by double clicking the Router Setup gt Inbound ACL menu The existing inbound ACL rules are displayed at the bottom of the configuration page 9 5 Configuring Outbound ACL Rules By creating ACL rules in outbound ACL configuration page as shown in Figure 9 5 you can control allow or deny Internet or external network access for computers on your LAN Options in this configuration page allow you to gt Add a rule and set parameters for it gt Modify an exist
51. button to save the settings T1 Chapter 11 System Management RX3141 User s Manual 11 2 Viewing System Information System Information page displays whenever you log into RX3141 It contains information for the overall system settings 72 Router Setup Advanced k Management Logout TE System Name RX3141 RX3141 1 22 Build Oct 6 2004 20 19 01 System Time Sat Jan 1 08 03 08 2000 Default Gateway 0 0 0 0 DN5 5erver Firmware Version IP Address 132 158 1 1 Netmask 255 255 255 0 MAC Address 00 11 22 33 44 56 Connection Mode DHCP IP Address 155 254 1 13 Netmask 255 255 0 0 MAC Address 00 11 22 33 44 57 Figure 11 2 System Status Page RX3141 User s Manual Chapter 11 System Management 11 3 Setup Date and Time RX3141 keeps a record of the current date and time which it uses to calculate and report various data However there is no real time clock inside RX3141 RX3141 relies on external time servers to maintain correct time RX3141 allows you to configure up to three external time servers Make sure that the Enable check box is checked to activate the SNTP Simple Network Time Protocol service for time keeping 4 Changing the date and time on RX3141 does not affect the date Note and time on your PCs Status Router Setup Timezone k Router Setup Administration Connection Inbound ACL Date 2000 mmidd yyyy Security Outbound ACL Self Access ACL Time
52. d sys Smurf packet from 10 10 31 41 bk Advanced k Management Logout Reload 61 Chapter 9 Configuring Firewall NAT Settings RX3141 User s Manual Figure 9 11 Sample Firewall Log 9 7 1 Log Format Two types of log are supported by the RX3141 system security log and firewall access control log They are designated by the two keywords sys and fw respectively The log format is best explained by examples System Security Log Example Jan 1 00 01 22 2000 klogd sys TCP XMAS NULL packet from 192 168 1 100 Explanation Jan 1 00 01 22 2000 indicates the time of the attack klogd sys this attack is detected by the system security model TCP XMAS NULL the type of attack detected 192 168 1 100 source of the attack Firewall Access Control Log Example Jan 1 00 03 11 2000 klogd fw OUTBOUND rule 1 allow icmp from 192 168 1 100 to 211 1 1 1 type 8 code 0 id 512Explanation Jan 1 00 03 11 2000 indicates the time of the access klogd fw indicates the log is related to firewall access control OUTBOUND the direction of the traffic rule 1 the rule that matches the IP information of the traffic allow action taken by the firewall icmp protocol type of the traffic 192 168 1 100 source of the traffic 211 1 1 1 destination of the traffic tyoe 8 ICMP message type code 0 ICMP message code id 512 ICMP message ID 62 RX3141 User s Manual Chapter 11 System Management 1 0 Virtual Sever and Special Application Thi
53. e Password and System Wide Settings The System Information page displays every time you log into the Configuration Manager shown in Figure 4 3 on page 22 Chapter 4 Using the Configuration Manager RX3141 User s Manual 4 2 Functional Layout Typical Typical Configuration page consists of several elements banner menu menu navigation tips configuration and on line help You can click on any menu item to expand contract any menu groups or to access a specific configuration page The configuration pane is where you interact with the Configuration Manager to configure the settings for RX3141 Menu navigation tips show how the current configuration can be accessed via the menus Banner ASUS Rx3141 Status b Router Setup b Advanced Virtual Server DHCP Server Configuratio Special Application gt Stat c Route Enable DDNS Service Begin 192 168 1 100 Lease Time The duration that an B Managerent IP Address Pool M 192 163 1149 IP address can be used by a client Logout PC IP Address Pool E Begin Enter the starting IP address End Enter the ending IP address Lease Time 864000 Default Gateway Enter IP SS Dee address of the default gateway 192 168 1 1 NA 00 192 168 1 1 Usually it is the IP address of the LAN interface of this device Primary DNS Server IP 192 168 tont Address 192 169 1 1 Optional d DN P Primary Secondary DNS SCONCE Ones gehen 0 0
54. e is one of the basic building blocks for network security Firewall monitors each individual packet decodes the header information of inbound and outbound traffic and then either blocks the packet from passing or allows it to pass based on the contents of the source address destination address source port destination port and protocol defined in the ACL rules ACL is a very appropriate measure for providing isolation of one subnet from another It can be used as the first line of defense in the network to block inbound packets of specific types from ever reaching the protected network The RX3141 Firewall s ACL methodology supports K Filtering based on destination and source IP address port number and protocol gt Use of the wild card for composing filter rules K Filter Rule priorities 2 3 2 3 Defense against DoS Attacks The RX3141 Firewall has an Attack Defense Engine that protects internal networks from known types of Internet attacks It provides automatic protection from Denial of Service DoS attacks such as SYN flooding IP smurfing LAND Ping of Death and all re assembly attacks For example the RX3141 Firewall provides protection from WinNuke a widely used program to remotely crash unprotected Windows systems in the Internet The RX3141 Firewall also provides protection from a variety of common Internet attacks such as IP opoofing Ping of Death Land Attack and Reassembly attacks The type of attack protections detections
55. eck this box to enable or disable firewall NAT Check or uncheck this box to enable or disable NAT Log Port Probing Connection attempt to closed ports will be logged if this option is enabled Stealth Mode If enabled RX3141 will not respond to remote peer s attempt to connect to the closed TCP UDP ports To configure firewall basic settings follow the instructions below 1 Open the Router Security configuration page as shown in Figure 9 1 by double clicking on Router Setup gt Security menu 2 Check or uncheck individual check box for each security option 3 Click 5PPlY Jto save the settings 9 2 2 DoS Configuration The RX3141 has an Attack Defense Engine that protects internal networks from Denial of Service DoS attacks such as IP spoofing LAND Ping of Death smurf and all re assembly attacks It can drop ICMP redirects and IP loose strict source routing packets For example a security device with the RX3141 Firewall provides protection from WinNuke a widely used program to remotely crash unprotected Windows systems For a complete list of DoS protection provided by the RX3141 please see Tables 2 1 and 9 2 49 Chapter 9 Configuring Firewall NAT Settings RX3141 User s Manual 9 2 2 1 DoS Protection Configuration Parameters Table 9 2 provides explanation for each type of DoS attacks You may check or uncheck the check box to enable or disable the protection or detection for each type DoS attacks Table 9 2
56. eet the needs of your network Follow the instructions to change them if necessary If you are unfamiliar with these settings try using the device without modification or contact your ISP for assistance Before you modifying any settings review Chapter 4 for general information about accessing and using the Configuration Manager program We strongly recommend that you contact your ISP prior to changing the default configuration Table 3 2 Default Settings Summary Option Default Setting Explanation Instructions DHCP Dynamic DHCP server enabled with the The RX3141 maintains a pool of private IP Host following pool of addresses addresses for dynamic assignment to your Configuration LAN computers To use this service you Protocol cn i ie through must have set up your computers to KENE accept IP information dynamically as described in Part 2 of the Quick Start Guide See section 6 1 for an explanation of the DHCP service LAN Port IP otatic IP address 192 168 1 1 This is the IP address of the LAN port on Adaress the RX3141 The LAN port connects the subnet mask 255 255 255 0 device to your Ethernet network Typically you will not need to change this address See section 5 1 1 LAN IP Address for instructions 18 RX3141 User s Manual Chapter 4 Using the Configuration Manager 4 Using the Configuration Manager The RX3141 includes a preinstalled program called the Configuration Manager which provides an interface t
57. efer to section 9 5 Configuring Outbound ACL Rules for instructions on setting up ACL rules Figure 5 7 and Figure 5 8 show the settings for the two outbound ACL rules one specify the destination network using the network address and subnet mask and the other using the domain name Only one of the two ACL rules is needed However if you intend to use IP address and the domain name to access the myService network you ll need to configure both rules ID Action Log ID Action Allow Log Move to Route to ppp2 PPPoE 1 v Move to Route to ppp2 PPPoE 1 v Protocol Type Protocol Type Source IP Type Any wv Source IP Type Type Subnet v Type Domain v Destination IP Destination IP Address 211 0 0 0 Domain Name myserv net Mask 255 0 0 0 Source Port Type Source Port Type Destination Port Type Destination Port Type ICMP Type ICMP Type Add Modify Add Modify Figure 5 7 WAN First ACL Rule Settings using network address subnet mask for Forwarding Packets to PPPOE1 Session Figure 5 8 WAN Second ACL Rule Settings using domain name for Forwarding Packets to PPPOE 1 Session 4 Verify that you have all the rules properly configured as indicated in the Existing Outbound ACL table as shown in Figure 5 9 Note that the third rule is the default outbound ACL rule that allows all the outbound traffic to go through the
58. ept an address assigned by another device see section 3 2 Part 2 Configuring Your Computers The default configuration includes a NAT rule for all dynamically assigned addresses within a predefined pool Appendix RX3141 User s Manual Problem Troubleshooting Suggestion PCs cannot display X Verify that the DNS server specified on the PCs is correct for web pages on the your ISP as discussed in the item above You can use the ping Internet utility discussed in the following section to test connectivity with your ISP s DNS server Configuration Manager Program You forgot lost your If you have not changed the password from the default try using Configuration admin as the user ID and admin for the password Otherwise Manager user ID or you can reset the device to the default configuration by following password the instructions provided in section 11 4 Reset to Factory Default Settings WARNING Resetting the device removes any custom settings and returns all settings to their default values Cannot access the Use the ping utility discussed in the following section to check Configuration whether your PC can communicate with the RX3141 s LAN IP Manager program address by default 192 168 1 1 If it cannot check the Ethernet from your browser cabling Verify that you are using Internet Explorer 6 0 or newer Support for Javascript must be enabled in your browser Support for Java may also be required Verify t
59. er Select this option if you want this rule to apply to applications with this port range The following fields become available for entry when this option is selected Start Port Enter the starting port number of the range End Port Enter the ending port number of the range Destination Port This option allows you to set the destination port to which this rule should apply Use the drop down list to select one of the following options Any Select this option if you want this rule to apply to all applications with an arbitrary destination port number Single Range Select any of these and enter details as described in the Source Port section above ICMP available only when protocol type is set to ICMP This option allows you to select the ICMP message type for the ACL rule The supported ICMP message types are Any default 0 Echo reply Type 1 Type 2 Det unreach destination unreachable orc quench source quench Redirect Type 6 Type 7 Echo req Router advertisement Router solicitation Time exceed time exceeded Parameter problem Timestamp request Timestamp reply Info request information request Info reply information reply Addr mask req address mask request Addr mask reply address mask reply CON OOF WD 54 RX3141 User s Manual Chapter 9 Configuring Firewall NAT Settings 9 4 Configuring Inbound ACL Rules By creating ACL rules in Inbound ACL configuration pa
60. ess as illustrated in Figure 10 6 This example restricts the access to hosts in the IP address range from 192 168 1 110 to 192 168 1 115 Note that you must remove the default firewall outbound ACL rule for the access restriction to work because the default outbound ACL rule allows any one to use any applications setup in the Special Application configuration page To delete the default outbound ACL rule just click the 7 icon in front of the default ACL rule in the Outbound ACL Rule table located in the Outbound ACL Rule configuration page as shown in Figure 10 7 For details on configuring an outbound ACL rule please refer to the section 9 5 Configuring Outbound ACL Rules ID Add New X Action Log Move to Route to Protocol Type Type Source IP Address 192 168 1 100 192 168 1 115 Destination IP Type 5ource Port Type Destination Port Type ICMP Type Ee Modify Figure 10 6 Special Application Example Outbound ACL Rule Existing Outbound ACL ee ID Action Protocol Source Destination Service 1 Allow All 192 168 1 100 192 168 1 115 Any Any 2 All Default Outbound ACL Rule Figure 10 7 Outbound ACL Rule Table 69 Chapter 11 System Management RX3141 User s Manual 1 1 oystem Management This chapter describes the following administrative tasks that you can perform using the Configuration Manager Modify password and system wide settings View system information Modify system date and time
61. fields source destination IP source destination port protocol ICMP message type and log Please see Table 9 3 for explanation of these fields 6 Click on the Add button to create the new Self Access rule The new rule will then be displayed in the Existing Self Access ACL list table at the bottom half of the Self Access ACL configuration page Example Figure 9 9 shows a sample self access ACL configuration to allow TCP port 80 traffic i e HTTP traffic from any one to RX31441 ACL Configuration Action Allow ID Add New Log Move to 1 v Route to Protocol Type TCP Source IP Type Any Destination IP Type Self Source Port Type Any wi Type Destination Port Port Number ICMP Type ES Modify Figure 9 9 Self Access ACL Configuration Example 9 6 2 Modify a Self Access Rule To modify a Self Access rule follow the instructions below 1 Open the Self Access Rule configuration page as shown in Figure 9 8 by double clicking the Router Setup gt Self Access ACL menu 2 Click on the 4 icon of the Self Access rule to be modified in the Existing Self Access ACL table or select the Self Access ACL from the ID drop down list 60 RX3141 User s Manual Chapter 9 Configuring Firewall NAT Settings 3 Make desired changes to any settings 4 Click on the Modif button to save the changes The new settings for this Self Access rule will then be displayed in the Existing Self
62. for this rule The RX3141 Firewall acts on packets based on the priority of the rules Set a priority by specifying a number for its position in the list of rules 1 First This number marks the highest priority Other numbers Select other numbers to indicate the priority you wish to assign to the rule Allow Select this button to configure the rule as an allow rule This rule when bound to the Firewall will allow matching packets to pass through Deny Select this button to configure the rule as a deny rule This rule when bound to the Firewall will not allow matching packets to pass through Route to only for outbound ACL This field is used for policy routing needed for PPPoE unnumbered or PPPoE multi session Available options include AUTO ppp0 unnumbered ppp1 19 PPPoE session ppp2 2 PPPoE session These options are selectable from the drop down list If AUTO is selected the router will route the packets based on the information in the routing table Log Select or deselect the check box to enable or disable logging for this ACL rule Protocol This option allows you to select protocol type from a drop down list Available settings are All TCP UDP ICMP IGMP AH and ESP Source IP This option allows you to set the source network to which this rule should apply Use the drop down list to select one of the following options Any This option allows you to apply this rule to all the computers in the
63. ge as shown in Figure 9 2 you can control allow or deny incoming access to computers on your LAN Options in this configuration page allow you to 9 4 1 Add a rule and set parameters for it Modify an existing rule Delete an existing rule View configured inbound ACL rules JDU System Name ASUS RX3141 Status Router Setup Inbound ACL k Router Setup Administration Qutbou Connection ACL Configuration Traffic f S5ecurity ER Sg regarde Inbound ACL ER Action Log Outbound ACL ERE TS Route foc m Inboun elt Access ACL Traffic f 3Timezone regarde Log Protocal Type s Self Ac k Advanced Traffic c b Management 5ource IP Type From thi Logout Destination IP Type self acc 5ource Port Type Destination Port Type ICMP Type Modify Existing Inbound ACL ID Action Protocol Source Destination Service Figure 9 2 Inbound ACL Configuration Page Add Inbound ACL Rules To add an inbound ACL rule follow the instructions below 1 Open the Inbound ACL Rule configuration page as shown in Figure 9 2 by double clicking the Router Setup gt Inbound ACL menu select Add New from the ID drop down list Set desired action Allow or Deny from the Action drop down list Make changes to any or all of the following fields source destination IP source destination port protocol ICMP message type and log Please see Table 9 3 for explanation
64. gna pece S the IP address of the destination host or Destination Address o Un le He hoped Subnet Mask 255 zs5 zss Un s Subnet Mask Enter the subnet mask af the destination host or netwark z Ceca oo jo Jo We s Default Gateway Enter the IP TES AUTO m address of the gateway for the specified destination network or host Apply through which traffic is to be routed The gateway must be network reachable Figure 7 1 Routing Configuration Page 7 2 1 Static Route Configuration Parameters The following table defines the available configuration parameters for static routing configuration Table 7 1 Static Route Configuration Parameters Field Description Destination Address Specifies the IP address of the destination computer or an entire destination network It can also be specified as all zeros to indicate that this route should be used for all destinations for which no other route is defined this is the route that creates the default gateway Note that destination IP must be a network ID The default route uses a destination IP of 0 0 0 0 Refer to Appendix 12 for an explanation of network ID Subnet Mask Indicates which parts of the destination address refer to the network and which parts refer to a computer on the network Refer to Appendix 12 for an explanation of network masks The default route uses a 0 0 0 0 for subnet mask Gateway Gateway IP address Interface Available option include AUTO EthO LAN Ethi W
65. hat the PC s IP address is defined as being on the same subnet as the IP address assigned to the LAN port on the RX3144 Changes to Be sure to click on PPl Jputton to save any changes Configuration Manager are not being retained 13 1 Diagnosing Problem using IP Utilities 13 1 1 ping Ping is a command you can use to check whether your PC can recognize other computers on your network and the Internet A ping command sends a message to the computer you specify If the computer receives the message it sends messages in reply To use it you must know the IP address of the computer with which you are trying to communicate On Windows based computers you can execute a ping command from the Start menu Click the Start button and then click Run In the Open text box type a statement such as the following ping 192 168 1 1 Click L Jj You can substitute any private IP address on your LAN or a public IP address for an Internet site if known If the target computer receives the message a Command Prompt window displays like that shown in Figure 13 1 88 RX3141 User s Manual Appendix p Command Prompt G gt 5 Documents and Settings Alan Sping 192 168 1 1 Pinging 192 168 1 1 with 32 bytes of data Reply from 192 168 1 1 bytes 32 time 2ms Reply from 192 168 1 1 bhytes 32 time lt ims Reply from 192 168 1 1 bhytes 32 time lt ims Reply from 172 168 1 1 bhytes 32 time lt ims Ping statistics for 172 168 1 1 Packets
66. hecking for and or installing the IP protocol Once it is installed continue to follow the instructions for displaying each of the Internet Protocol TCP IP properties Instead of enabling dynamic assignment of the IP addresses for the computer DNS server and default gateway click the radio buttons that enable you to enter the information manually PTT Your PCs must have IP addresses that place them in the same subnet as the RX3141 s 4 LAN port If you manually assign IP information to all your LAN PCs you can follow the Note instructions in the section 5 1 1 to change the LAN port IP address accoraingly Chapter 3 Quick Start Guide RX3141 User s Manual 3 3 Part 3 Quick Configuration of the RX3141 In Part 3 you log into the Configuration Manager on the RX3141 and configure basic settings for your router Your ISP should provide you with the necessary information to complete this step Note the intent here is to quickly get the RX3141 up and running instructions are concise You may refer to corresponding chapters for more details 3 3 1 Setting Up the RX3141 Follow these instructions to setup the RX3141 1 Before accessing the Configuration Manager in RX3141 make sure that the HTTP proxy setting is disabled in your browser In IE click Tools gt Internet Options gt Connections tab gt LAN settings and then uncheck Use proxy server for your LAN 2 Onany PC connected to one of the four LAN ports on the
67. hen click Run In the Open text box type the following nslookup Click L x J A Command Prompt window displays with a bracket prompt gt At the prompt type the name of the Internet address you are interested in such as www absnews com The window will display the associate IP address if known as shown in Figure 13 2 89 Appendix RX3141 User s Manual pn Command Prompt nslookup Co Documents and Settings A lan ns lookup Default Server tp dc 65 corpnet asus Address 172 21 128 8 gt Www abcnews com Server tp dc H5 corpnet asus Address 172 21 128 8 Hon authoritatiue answer Name abcnews com Addres 199 181 132 250 Aliase uuu abcnews com gt Figure 13 2 Using the nslookup Utility There may be several addresses associated with an Internet name This is common for web sites that receive heavy traffic they use multiple redundant servers to carry the same information To exit from the nslookup utility tyoe exit and press lt Enter gt at the command prompt 90 HX3141 User s Manual 1 4 Index Computers configuring IP information 10 Configuration Manager overview 17 troubleshooting 106 Connectors rear panel 6 Date and time changing 88 Default configuration 16 Default gateway 43 DHCP defined 39 DHCP Address Table page 40 DHCP client defined 39 DHCP Lease Table page 42 DHCP server defined 39 pools 39 viewing assigned addresses 41 DHCP Server Configuratio
68. hh mm ss Time Zone GMT 8 00 Log l Advanced b Management SSES Enable SNTP Server 1 125 250 35 2 SNTP Server 2 131 107 1 10 SNTP Server 3 133 100 9 2 Apply jJ Figure 11 3 Date and Time Configuration Page The maintain accurate time for the router 1 2 9 4 o Open the Date and Time configuration page as shown in Figure 11 3 by double clicking the Router Setup gt Timezone menu Select your time zone from the drop down list Check the Enable check box to activate the SNTP Simple Network Time Protocol service Enter IP addresses for the SNTP servers that will be used to update the system time Click on PPlY Jbutton to save the settings You can manually enter the correct time however the time will be reset to the default time 1 1 2000 00 00 00 after system is rebooted or powered off 73 Chapter 11 System Management RX3141 User s Manual 11 3 1 View the System Date and Time To view the updated system date and time log into Configuration Manager click the Router Setup gt Timezone menu Note that the system will go back to the default time 1 1 2000 00 00 00 if SNTP service is not enabled or none of the configured SNTP servers are not accessible after system is rebooted or powered off 11 4 Reset to Factory Default Settings 11 4 1 Reset to Factory Default Settings using GUI At times you may want to revert to the factory default settings to eliminate problems
69. ilt in switch on the device Note that you should attach one end of the Ethernet cable to any of the port labeled 1 4 on the rear panel of the router and connect the other end to the Ethernet port of a computer If your LAN has more than 4 computers you can attach one end of an Ethernet cable to a hub or a switch probably an uplink port please refer to the hub or switch documentations for instructions and the other to the Ethernet switch port labeled 1 4 on the RX3141 Note that either the crossover or straight through Ethernet cable can be used to connect the built in switch and computers hubs or switches as the built in switch is smart enough to make connections with either type of cables Chapter 3 Quick Start Guide RX3141 User s Manual 3 1 3 Step 3 Attach the AC adapter Attach the AC adapter to the POWER input jack on the back of the device and plug in the adapter to a wall outlet or a power strip 3 1 4 Step 4 Power on RX3141 the ADSL or cable modem and power up your computers Plug the AC adapter to the power input jack of RX3141 Turn on your ADSL or cable modem Turn on and boot up your computer s and or any LAN devices such as wireless AP hubs or switches eooo Cable or ADSL Modem RX3141i Kr 1 i i Kea n rn r er Ethernet i E E d YW Wireless AP Figure 3 1 Overview of Hardware Connections You should verify that the LEDs are illuminated as indicated in Table 3 1
70. ing rule K Delete an existing rule K View configured outbound ACL rules MBS stem name nsus oras Status Router Setup Outbound ACL bk Router Setup Administration s Outbou Connection ACL Configuration Traffic fr Security A m Em regardei Inbound ACL ID Add New w Action Outbound ACL Move to Route to AUTO k j geiert Self Access ACL Traffic ft Timezone regarde Log Protocol Type s Self Ac Advanced Traffic d Management IP Type g Source IP Type Any Fama Logout Destination IP Type self acce Source Port Type Destination Port Type ICMP Type Existing Outbound ACL ID Action Protocol Source Destination Service Som 1 Allow All Any Any Any Figure 9 5 Outbound ACL Configuration Page 9 5 1 Add an Outbound ACL Rule To add an outbound ACL rule follow the instructions below 1 Open the Outbound ACL Rule configuration page as shown in Figure 9 5 by double clicking the Router Setup Outbound ACL menu Select Add New from the ID drop down list Set desired action Allow or Deny from the Action drop down list 57 Chapter 9 Configuring Firewall NAT Settings RX3141 User s Manual 4 Assign a priority for this rule by selecting a number from the Move to drop down list Note that the number indicates the priority of the rule with 1 being the highest Higher priority rules will be examined prior to the lower priority rules by the firewall 5 Selec
71. is transmitted or received via the connection OFF No link is established ON The LAN port is operating in full duplex mode OFF The LAN port is operating in half duplex mode and no collision is detected The rear panel contains the ports for the unit s data and power connections Label D 1 4 WAN RESET POWER 09 Figure 2 2 Rear Panel Connectors Table 2 3 Rear Panel Labels and LEDs Indication LAN Ports connects to your PC s Ethernet port or to the uplink port on your LAN s hub switch using the Ethernet cable WAN Port connects to your WAN device such as ADSL or cable modem Reset Button 1 Reboots the device 2 Resets the system configuration to the factory defaults if pressed for more than 5 seconds Power Input Jack connects to the supplied AC adapter Chapter 2 Getting to Know RX3141 User s Manual 2 1 3 Bottom View Kb D D a1 Wall Mount Slots You may use these slots to hang RX3141 on the wall to save space Depending on your particular requirement by taking into account the location of the power outlet power cord length Ethernet cable length and etc you can hang RX3141 in 4 different orientations front panel up rear panel up left side up or right side up 2 Magnets The magnets allow you to place RX3141 on any metal surface to save space RX3141 User s Manual Chapter 2 Getting to Know 2 5 Placement Options Depending on your environment you may choose one of
72. lication Some applications use multiple TCP UDP ports to transmit data Due to the NAT operation these applications cannot work with the router Special Application setting allows some of these applications to work properly A Only one PC can use one particular special application at any time Note 10 2 3 Special Application Configuration Parameters Table 10 1 describes the configuration parameters available for Special Application configuration Table 10 3 Special Application Configuration Parameters Setting Description Enable Select an application from the list of pre configured applications The corresponding protocol and the redirect port range will be automatically selected Select Manual Setting if you want to configure the settings yourself To activate the policy make sure the check box is checked 67 Chapter 11 System Management RX3141 User s Manual Setting Description Application Name The name identifying the application Outgoing Trigger The port range this application uses when it sends outbound packets The Port Range outgoing port numbers act as the trigger When the router detects the outgoing packets with these port numbers it will allow the corresponding inbound packets with the incoming port numbers specified in the Incoming Port Range field to pass through the router For a list of port numbers used by some popular applications please refer to Table 10 4 Incoming Port Range The port range that
73. ll service on the RX3141 9 1 3 Firewall and Access Control List ACL 9 1 3 1 Priority Order of ACL Rule All ACL rules have a rule ID assigned the smaller the rule ID the higher the priority Firewall monitors the traffic by extracting header information from the packet and then either drops or forwards the packet by looking for a match in the ACL rule table based on the header information Note that the ACL rule checking starts from the rule with the smallest rule ID until a match is found or all the ACL rules are examined If no match is found 47 Chapter 9 Configuring Firewall NAT Settings RX3141 User s Manual the packet is dropped otherwise the packet is either dropped or forwarded based on the action defined in the matched ACL rule 9 1 3 2 ACL Rule and Connection State Tracking The stateful packet inspection engine in the firewall keeps track of the state or progress of a network connection By storing information about each connection in a state table RX3141 is able to quickly determine if a packet passing through the firewall belongs to an already established connection If it does it is passed through the firewall without going through ACL rule evaluation For example an ACL rule allows outbound ICMP packet from 192 168 1 1 to 192 168 2 1 When 192 168 1 1 sends an ICMP echo request i e a ping packet to 192 168 2 1 192 168 2 1 will respond with an ICMP echo reply to 192 168 1 1 In the RX3141 you don t need to c
74. ly contains a pool of network ports to be used for translation Every packet is translated with the globally valid IP address the port number is translated with a free pool from the pool of network ports gt Reverse NAPT Also called inbound mapping port mapping or virtual server Any packet coming to the router can be relayed to an internal host based on the protocol port number and or IP Address specified in the rule This is useful when multiple services are hosted on different internal hosts Chapter 2 Getting to Know RX3141 User s Manual 2 3 2 Firewall Features The firewall as implemented in RX3141 provides the following features to protect your network from being attacked and to prevent your network from being used as the springboard for attacks gt Stateful Packet Inspection gt Packet Filtering ACL gt Defense against Denial of Service Attacks Log 2 3 2 1 Stateful Packet Inspection The RX3141 Firewall uses stateful packet inspection that extracts state related information required for the security decision from the packet and maintains this information for evaluating subsequent connection attempts It has awareness of application and creates dynamic sessions that allow dynamic connections so that no ports need to be opened other than the required ones This provides a solution which is highly secure and that offers scalability and extensibility 2 3 2 2 Packet Filtering ACL Access Control List ACL rul
75. n IP adaress and other characteristics of the packet data If the packet matches the criteria established in a rule the packet can either be accepted forwarded towards its destination or denied discarded depending on the action specified in the rule 9 1 Firewall Overview 9 1 1 Stateful Packet Inspection The stateful packet inspection engine in the RX3141 maintains a state table that is used to keep track of connection states of all the packets passing through the firewall The firewall will open a hole to allow the packet to pass through if the state of the packet that belongs to an already established connection matches the state maintained by the stateful packet inspection engine Otherwise the packet will be dropped This hole will be closed when the connection session terminates No configuration is required for stateful packet inspection it is enabled by default when the firewall is enabled Please refer to section 9 2 1 Basic Router Security Configuration Parameters to enable or disable firewall service on the RX3141 9 1 2 DoS Denial of Service Protection Both DoS protection and stateful packet inspection provide first line of defense for your network No configuration is required for both protections on your network as long as firewall is enabled for the RX3141 By default the firewall is enabled at the factory Please refer to section 9 2 1 Basic Router Security Configuration Parameters to enable or disable firewa
76. n IP address apornas 83 122 ANGIWONK ClASSES nave tosta Ee 84 dee EE 85 Troubleshooting 87 13 1 Diagnosing Problem using IP Utilities eee 88 jS UN SPN err T 88 1312 NSIGOK D EE 89 List of Figures Figure 2 eFON E angl EEDS uacua eI ut Cota qu etu iuPar a pou Dent nar E U Urs 6 Figure 2 2 hear ae il ere 7 Figure 3 1 Overview of Hardware Connections sss e eee eee eee eee eee e 12 Figure S ITER EE 16 Figure 353 9v5lem otdlus Pate suse whence saa c a Qn eese oes E E cus onse oa uox csc Mx d Sor ae M ae Pare 17 Figure 4 1 Configuration Manager Login Screen eese nennen enne nnns 19 Figure 4 2 Typical Configuration Manager Page 20 Figure 4 3 System Information Page sese sees eee eee eee 22 Figure 5 1 Router Connection Setup Configuration LAN Confouraton 24 Figure 5 2 Network Setup Configuration Page WAN Contourapnon ss see eee eee eee eee eee eee e 25 Figure o WAN PPPoOEOGCORIQUEFAUOF BEE 26 Figure 5 4 WAN PPPoE Multi session Example een 28 Flgure 5 5 WAN PPPOEO SOllllIQS usao ede autit en iu ducet nin etes dun desta lit peru idcm a Ea Moos dud pom ce dae 29 Figure 5 6 WAN PPPOE EE dee 29 Figure 5 7 WAN First ACL Rule Settings using network address subnet mask for Forwarding Packets to PPPOE eicit e I ee 29 Figure 5 8 WAN Second ACL Rule Settings using domain name for Forwarding Packets to PPPOE1 IIH TCI Hcc 29 Figure
77. n Parameters Table 5 2 describes the configuration parameters available for PPPoE connection mode Table 5 2 WAN PPPoE Configuration Parameters Setting Connection Mode Description Select PPPoE from the connection mode drop down list PPPoE Session Select the PPPoE session ID for this PPPoE session Note that only two Enable simultaneous PPPoE sessions are supported Check or uncheck this box to activate this PPPoE session Connection on Demand Check Enable or Disable radio button to enable disable this option Disconnect after Idle min Enter the inactivity timeout period at which you want to disconnect the Internet User Name and Password connection when there is no traffic A value of 0 means no activity time out Note that SNTP service may interfere with this function if there are activities from the service Enter the username and password you use to log into your ISP Note this is Service Name different from the information you used to log into Configuration Manager Enter the service name provided by your ISP Service name is optional but IP Address may be required by some ISP Enter a static IP address here only when your service provider requires a Primary Secondary DNS static IP for PPPoE connection This IP address must be provided by your service provider Most service providers do not require user to use a static IP for PPPoE connection IP address of the primary and or seco
78. n page 40 Diagnosing problems after installation 16 DNS 41 Dynamically assigned IP addresses 39 Eth 0 interface defined 16 Ethernet cable 9 Features 1 Firmware Upgrade page 92 93 94 Firmware upgrades 91 Front panel 5 Appendix Gatewas in DHCP pools 41 Gateway defined 43 Hardware connections 9 10 Host ID 101 HTTP DDNS 51 Inbound ACL Configuration page 61 Internet troubleshooting access to 105 IP address in device s routing table 47 IP addresses explained 101 IP configuration static 13 static IP addresses 13 Windows 2000 1 1 Windows Me 12 Windows NT 4 0 12 IP Configuration Windows XP 11 IP information configuring on LAN computers 10 44 45 46 IP Routes defined 43 LEDs 5 troubleshooting 105 Login to Configuration Manager 17 NAT 91 Appendix 14 Index defined 75 NAPT 75 Overload 75 PAT 75 Reverse NAPT 76 Virtual Server 76 Navigating 18 Netmask See Network mask Network classes 101 Network ID 101 Network interface card 1 Network mask 102 Notational conventions 1 nslookup 107 Outbound ACL Configuration page 65 Packet filtering 53 Pages DHCP Address Table 40 DHCP Lease Table 42 DHCP Server Configuration 40 Firmware Upgrade Upgrade 92 93 94 44 45 46 Routing Configuration 44 45 46 System Information 15 User Password Configuration 86 Pages Inbound ACL Configuration 61 Pages Outbound ACL Configuration 65 Parts checking for 3 Passw
79. ndary DNS are optional as PPPoE will Server Status automatically detect the DNS IP addresses configured at your ISP However if there are other DNS servers you would rather use enter the IP addresses in the spaces provided On PPPoE connection is active Manual Off PPPoE connection is inactive Connecting RX3141 is trying to connect to your ISP using PPPoE connection mode Click the Disconnect or Connect button to disconnect or connect to your Disconnect Connect service provider using the PPPoE connection mode 27 Chapter 5 Router Connection Setup RX3141 User s Manual 5 2 2 2 Configuring PPPoE for WAN Follow the instructions below to configure PPPoE settings 1 Open the Router Connection configuration page by double clicking the Router Setup gt Connection menu 2 Select PPPoE from the WAN Connection Mode drop down list as shown in Figure 5 3 3 Select PPPoE session ID from the PPPoE session ID drop down list Currently two sessions are supported Enter the user name and password provided by your ISP Optional Enter the service name if required by your ISP Enter appropriate connection settings for Disconnect after Idle min and Connect on Demand 7 Click PPlY Jto save the settings 5 2 2 3 Configuring PPPoE Multi session for WAN Follow the instructions below to configure PPPoE multi session settings for the PPPoE multi session example as shown in Figure 5 4 Greg PPPoE 1
80. nique IP address to each device residing on your LAN The LAN IP address that identifies the RX3141 as a node on your network must be in the same subnet as the PCs on your LAN The default LAN IP address for the RX3141 is 192 168 1 1 NI Definition A network node can be thought of as any interface where a device connects to the network such as the HX3141 s LAN port and the network interface cards on your PCs See Appendix 12 for an explanation of subnets You can change the default IP address to reflect the true IP address that you want to use with your network 5 1 2 LAN Configuration Parameters Table 5 1 describes the configuration parameters available for LAN IP configuration Table 5 1 LAN Configuration Parameters Setting Description Host Name For identification only IP Address The LAN IP address of the RX3141 This IP address is used by your computers to identify the RX3141 s LAN port Note that the public IP address assigned to you by your ISP is not your LAN IP address The public IP address identifies the WAN port on the RX3141 to the Internet Subnet Mask The LAN subnet mask identifies which parts of the LAN IP Address refer to your network as a whole and which parts refer specifically to nodes on the network Your device is preconfigured with a default subnet mask of 255 255 255 0 23 Chapter 5 Router Connection Setup RX3141 User s Manual 5 1 3 Configuring the LAN IP Address Follow these steps to change the
81. nnnnnnnnnennnnennnnsnnnnnnnne 47 9 1 3 2 ACL Rule and Connection State Tracking 48 9 1 4 RIT AOC RUES uev rore a o redes tuna el bdo pe Nau cns aA 48 9 2 Router SECUNIY Sells teorico an eters titer d e cide E E 49 9 2 1 Basic Router Security Configuration Parameters 49 9 2 2 DOS GOMMMGUN ANON EE EE R 49 9 2 2 1 DoS Protection Configuration Parameters 50 9 2 2 2 Configuring DoS eae 51 9 3 ACL Rule Configuration Parameters sse eee eee eee eee 52 9 3 1 ACL Rule Configuration Parametere 52 9 4 Configuring Inbound AGE RUS sss sese eee eee eee 55 9 4 1 Add Inbound ACL Rules A 55 10 11 9 4 2 Figure 9 4 Sample Inbound ACL List TableModify Inbound ACL Rules cM M MELDE EUM dI D b EL LE 56 9 4 3 Delete Inbound ACL Rules EE 56 9 4 4 Display Inbound ACL Hues EE 57 9 5 Configuring Outbound ACL Rules eee 57 9 5 1 Add an Outbound ACL Rule sss sese 57 9 5 2 Modify Outbound ACL RUNES T 58 9 5 3 Delete Outbound ACL Hues niiair en a Ri 59 9 5 4 Display Outbound ACL Hues sss sse eee eee 59 9 6 Configuring Self Access ACL Rules Router Setup gt Self Access ACL 59 9 6 1 Add a Self Access Rule eee 60 9 6 2 Modify a Self Access Rule iid it e ob Lo ei deeds este 60 9 6 3 Delete a Self Access RUlesunancccerein a 61 9 6 4 View Configured Self Access Hules see eee eee 61 9 7 Firewall Log Router Setup Log 61
82. o the software installed on the device It enables you to configure the device settings to meet the needs of your network You access it through your web browser from any PC connected to the RX3141 via the LAN or the WAN ports This chapter describes the general guides for using the Configuration Manager 4 1 Log into the Configuration Manager The Configuration Manager program is preinstalled on the RX3141 To access the program you need the following gt Acomputer connected to the LAN or WAN port on the RX3141 as described in the Quick Start Guide chapter K Aweb browser installed on the computer The program is designed to work best with Microsoft Internet Explorer 6 0 or later You may access the program from any computer connected to the RX3141 via the LAN or WAN ports However the instructions provided here are for computers connected via the LAN ports 1 From a LAN computer open your web browser type the following in the web address or location box and press Enter http 192 168 1 1 This is the predefined IP address for the LAN port on the RX3141 A login screen displays as shown in Figure 4 1 Login Figure 4 1 Configuration Manager Login Screen 2 Enter your username and password and then click Apply J The first time you log into the program use these defaults Default Username admin Default Password admin E b pi i a at You can change the password at any time see section 11 1 Login Not
83. of these fields Assign a priority for this rule by selecting a number from the Move to drop down list Note that the number indicates the priority of the rule with 1 being the highest Higher priority rules will be examined prior to the lower priority rules by the firewall Click on the Add button to create the new ACL rule The new ACL rule will then be displayed in the inbound access control list table at the bottom half of the Inbound ACL Configuration page 55 Chapter 9 Configuring Firewall NAT Settings RX3141 User s Manual Figure 9 3 illustrates how to create a rule to allow inbound HTTP i e web server service This rule allows inbound HTTP traffic to be directed to the host w IP address 192 168 1 28 Note that the newly added inbound ACL rule is displayed in the Existing Inbound ACL table shown in Figure 9 4 ID Add New Action Hove to Route to Protocol Type Type IP Address Destination IP IP Address 192 168 1 28 Source Port Type Port Number Type Destination Port A f Modify Figure 9 3 Inbound ACL Configuration Example Existing Inbound ACL lt ID Action Protocol Source Destination Service A Ww i Allow TCP Any 192 168 1 28 80 9 4 2 Figure 9 4 Sample Inbound ACL List TableModify Inbound ACL Rules To modify an inbound ACL rule follow the instructions below 1 Open the Inbound ACL Rule configuration page as shown in Figure 9 2 by double clicking the Router Setup gt In
84. ol Panel window and then double click the Network icon 8 In the Network dialog box click the Protocols tab 9 Inthe Protocols tab select TCP IP and then click Properties button 10 In the Microsoft TCP IP Properties dialog box click the radio button labeled Obtain an IP address from a DHCP server 11 Click OK button twice to confirm and save your changes and then close the Control Panel 3 2 6 Assigning static IP addresses to your PCs In some cases you may want to assign IP addresses to some or all of your PCs directly often called statically rather than allowing the RX3141 to assign them This option may be desirable but not required if K You have obtained one or more public IP addresses that you want to always associate with specific computers for example if you are using a computer as a public web server gt You maintain different subnets on your LAN However during the first time configuration of your RX3141 you must assign an IP address in the 192 168 1 0 network for your PC say 192 168 1 2 in order to establish connection between the RX3141 and your PC as the default LAN IP on RX31441 is pre configured as 192 168 1 1 Enter 255 255 255 0 for the subnet mask and 192 168 1 1 for the default gateway These settings may be changed later to reflect your true network environment On each PC to which you want to assign static information follow the instructions on pages 13 through 15 relating only to c
85. on Maximum of 30 domain name variables is supported gt Each domain name variable IP addresses association is updated only when the LAN client issues the DNS query to RX3141 For example when entering the address http www yahoo com on your browser RX3141 will update the IP address association w www yahoo com in the internal database referenced by the firewall Each domain name variable can be associated up to 256 IP addresses Wild card character is allowed in the domain name Its usage is illurstrated in the following examples www google match www google com and ww google net and does not match www google com tw www google match www google com tw and www google com sg and does not match www google com com tw match www google com tw www com tw and does not match com tw com match google com and abc com and does not match www google com com match any domain name a single dot match any domain name 1t 2 Source Port This option allows you to set the source port to which this rule should apply Use the drop down list to select one of the following options Any Select this option if you want this rule to apply to all applications with an 53 Chapter 9 Configuring Firewall NAT Settings RX3141 User s Manual arbitrary source port number oingle This option allows you to apply this rule to an application with a specific source port number Port Number Enter the source port numb
86. ord changing 85 default 14 17 recovering 106 PC configuration 10 92 HX3141 User s Manual PC Configuration static IP addresses 13 Ping 106 Power adapter 9 Primary DNS 36 Quick Configuration logging in 14 Rear Panel 6 Routing Configuration page 44 45 46 Secondary DNS 36 Static IP addresses 13 Static routes adding 45 46 Statically assigned IP addresses 39 Subnet masks 102 System Information page 15 oystem requirements for Configuration Manager 17 System requirements 1 Testing setup 16 Time and date changing 88 Troubleshooting 105 Typographical conventions 1 Upgrading firmware 91 User Password Configuration page 86 Username default 14 17 Web browser requirements 1 version requirements 17 Web browsers compatible versions 17 Windows NT configuring IP information 12
87. ort is detected t T 1r packets to the cor Manual Setting j 0 T Se SS incoming ports art Manual Setting i s f 10 II H el 10 kg 0 Bi your LAN CH Manual Setting wil Ho SE B a Note that you nee EEN St this for certain api O Manual Setting E e l O NetMeeting that re connections and a E Undo tet EE remote peer to Inl into vour LAN M lt gt Figure 10 5 Special Application Configuration Page 68 RX3141 User s Manual Chapter 11 System Management Following describes the procedure to setup a special application for Quick Time 1 Open the Special Application configuration page as shown in Figure 10 5 by double clicking the Advanced gt Special Application menu Select Quick Time from the Enable drop down list and the check the check box to activate this policy Note that the application name outgoing and incoming port range are automatically selected Click 2PPlY Jto save the settings The RX3141 has a default outbound ACL rule to forward all the outbound traffic to the external networks This default outbound ACL rule allows any one to use application defined in the Special Application configuration page If this is what you want skip this step However for security concerns or any other reasons you may want to restrict the use of these applications to a particular group of users Then configure an outbound ACL rule to control outbound acc
88. ou used to log into Configuration Manager Enter the service name provided by your ISP Service name is optional but may be required by some ISPs On PPPoE unnumbered connection is active Off No PPPoE unnumbered connection is inactive Connecting RX3141 is trying to connect to your ISP using PPPoE unnumbered connection mode Click the Disconnect or Connect button to disconnect or connect to your service provider using the PPPoE unnumbered connection mode RX3141 User s Manual Chapter 5 Router Connection Setup 5 2 3 2 Configuring PPPoE Unnumbered for WAN Follow the instructions below to configure PPPoE unnumbered settings 1 Open the Router Connection configuration page by double clicking the Router Setup gt Connection menu 2 Select PPPoE Unnumbered from the WAN Connection Mode drop down list as shown in Figure 5 11 3 Enter user name and password provided by your ISP 4 Optional Enter the service name if required by your ISP Enter appropriate connection settings for Disconnect after Idle min and Connect on Demand 6 Click PPlY Jtosavethe settings 5 2 4 Dynamic IP Dynamic IP is most often used by the cable modem service providers Hanual Disconnect list Apply Figure 5 12 WAN Dynamic IP DHCP client Configuration 5 2 4 1 Configuring Dynamic IP for WAN Follow the instructions below to configure dynamic IP settings 1 Open the Router Connection configuration page b
89. our computer Choose file Lookin ish dezrsp rx3141 2004101102 Sx 141 Production Test Program v4 zip rx3141 txt SS rx31415 v1 22 20041011 rom zip rx3141 upgrade part1 bin Ej rx31i4l upgrade part2 bin File name x3141 2004101102bin Files of type All Files d Cancel Figure 11 8 File Manager 3 Click on __ 82 __ button to update the firmware A dialog window such as the one below will pop up to ask for confirmation of the firmware upgrade Click the button to Cancel proceed otherwise click the button to cancel the action Microsoft Internet Explorer Ed LY Do you want to upgrade the system Figure 11 9 Firmware Upgrade Confirmation 4 Firmware upgrade status and progress will be shown as illustrated in Upgrade State Upgrade Progress 22 ke EHHH Figure 11 10 Firmware Upgrade Status 76 RX3141 User s Manual Chapter 11 System Management 5 Acount down timer will display as shown in Figure 11 11 after the firmware upgrade is completed You ll be reconnected back to RX3141 when the counter returns to zero You may need to manually connect back to the RX3141 if you are not connected back to RX3141 automatically Please wait System rebooting The page is to be reloaded in seconds Figure 11 11 Firmware Upgrade Count Down Timer 6 When you are reconnected to the RX3141 click Status menu to check if the new firmware is properly upgraded Note that you
90. ration Parameter 52 Table 10 1 Virtual Server Configuration Parameters nennen nennt 65 Table 10 2 Port Numbers for Popular Applications sss sees eee 65 Table 10 3 Virtual Server Configuration Parameters enne nnne nnn nn 67 Table 10 4 Port Numbers for Popular Applications sss sees eee 68 Table 12 1 IP Address Een e 83 RX3141 User s Manual Chapter 1 Introduction 1 Introduction Congratulations on becoming the owner of RX3141 Your LAN local area network will now be able to access the Internet using your high speed broadband connection such as those with ADSL or cable modem This User Manual will show you how to set up the RX3141 and how to customize its configuration to get the most out of this product 1 1 Y Y Y Y Y Y 1 2 Features LAN 4 port Gigabit switch jumbo frame supports up to 9Kbyte WAN 10 100Base T Ethernet provides Internet access for all computers on your LAN Firewall amp NAT Network Address Translation functions provide secure Internet access for your LAN Automatic network address assignment through DHCP Server Services including IP route DNS and DDNS configuration Configuration program accessible via a web browser such as Microsoft Internet Explorer 6 0 or newer system Requirements In order to use the RX3141 for Internet access you must have the following gt gt gt gt ADSL or cable modem and the corresponding service up and running with at least one public Internet add
91. reate another inbound ACL rule because stateful packet inspection engine tracks the connection state and allows the ICMP echo reply to pass through the firewall 9 1 4 Default ACL Rules The RX3141 supports three types of default access rules gt Inbound Access Rules for controlling incoming access to your LAN gt Outbound Access Rules for controlling outbound access to external networks for hosts on your LAN gt Self Access Rules for controlling access to the RX3141 itself Default Inbound Access Rules No default inbound access rule is configured That is all traffic from external hosts to the internal hosts is denied Default Outbound Access Rules The default outbound access rule allows all the traffic originated from your LAN to be forwarded to the external network using NAT Default Self Access Rules The default self access rules allow http ping DNS DHCP access to the RX3141 router from the LAN It is not necessary to remove the default ACL rule from the ACL rule table It is better to create higher priority ACL rules to override WARNING the default rule 48 RX3141 User s Manual Chapter 9 Configuring Firewall NAT Settings 9 2 Router Security Settings 9 2 1 Basic Router Security Configuration Parameters Table 9 1 describes the configuration parameters available for basic router security configuration Table 9 1 Basic Router Security Configuration Parameters Feld Description S O Firewall 00 Check or unch
92. red your PCs as DHCP clients that will accept IP addresses assigned from a DCHP server such as the RX3141 The DHCP server draws from a defined pool of IP addresses and leases them for a specified amount of time to your computers when they request an Internet session It monitors collects and redistributes the addresses as needed On a DHCP enabled network the IP information is assigned dynamically rather than statically A DHCP client can be assigned a different address from the pool each time it reconnects to the network 6 1 2 Why use DHCP DHCP allows you to manage and distribute IP addresses throughout your network from the RX3141 Without DHCP you would have to configure each computer separately with IP address and related information DHCP is commonly used with large networks and those that are frequently expanded or otherwise updated 6 1 3 Configuring DHCP Server The RX3141 is configured as a DHCP server on the LAN side m with a predefined IP address pool of 192 168 1 100 through 192 168 1 149 subnet mask 255 255 255 0 To change this Note range of adaresses follow the procedures described in this section First you must configure your PCs to accept DHCP information assigned by a DHCP server 1 Open the DHCP Server Configuration page shown in Figure 6 1 by double clicking Advanced gt DHCP Server menu 35 Chapter 6 Status k Advanced k Management Logout k Router Setup Virtual Se
93. ress assigned to your WAN One or more computers each containing an Ethernet 10Base T or 100Base T or 1000Base T network interface card NIC Optional An Ethernet hub switch if you want to connect the router to more than four computers on an Ethernet network For system configuration using the web based GUI web browser such as Microsoft IE 6 0 or newer Chapter 1 Introduction RX3141 User s Manual 1 3 1 3 1 gt gt gt gt 1 3 2 1 3 3 Using this Document Notational conventions Acronyms are defined the first time they appear in the text For brevity RX3141 is sometimes referred to as the router or the gateway The terms LAN and network are used interchangeably to refer to a group of Ethernet connected computers at one site Sequence of mouse actions is denoted by the gt character For instance Router Setup gt Connection means double click the Router Setup menu and then click the Connection submenu Typographical conventions Boldface type text is used for items you select from menus and drop down lists and text strings you type when prompted by the program Special messages This document uses the following icons to call your attention to specific instructions or explanations KKK CERS Provides clarification or non essential information on the current topic Explains terms or acronyms that may be unfamiliar to many readers These terms are also included in the Glossary
94. rver Special Application Static Route DHCP Server DDNS Service Begin 192 168 1 100 RX3141 User s Manual F GUS System Name ASUS RX3141 Advanced DHCP Server IF Address Pool End 192 168 1 149 Lease Time 364000 Default Gateway 152 158 1 1 Primary DNS perdis 192 168 1 1 KOptional Secondary DNS peva 0 0 0 0 Optional Primary WINS grand 192 168 1 1 Opti onal Secondary WINS icri 0 0 0 0 Optional Apply Current DHCP Lease Table Figure 6 1 DHCP Server Configuration Page 2 Enter the information for the P Address Pool Begin End Address Subnet Mask Lease Time and Default Gateway IP Address fields others such as Primary Secondary DNS Server IP Address and Primary Secondary WINS Server IP Address are optional However it is recommended that you enter the primary DNS server IP address in the space provided You may enter the LAN IP or your ISP s DNS IP in the primary DNS Server IP Address field Table 6 1 describes the DHCP configuration parameters in detail Field Enable IP Address Pool Begin End Lease Time Default Gateway IP Address Primary Secondary DNS Server IP Address 36 Table 6 1 DHCP Configuration Parameters Description Check or uncheck this box to enable or disable DHCP server service for your LAN Specify the lowest and highest addresses in the DHCP address pool The amount of time in seconds the assigned address will be used by a device
95. s OAP EE 13 3 2 3 WINDOWS 2000 POS cicsusoriauinsteushavanenactsautudeatcttuettesmaperesteeaieiaavataemiahe 13 3 2 4 Windows 95 98 and Me PCS 14 3 2 5 Windows NT 4 0 worketaions 15 3 2 6 Assigning static IP addresses to your be 15 3 3 Part 3 Quick Configuration of the RX3141 sse 16 3 3 1 Seting UP MNE e 14 WE 16 3 3 2 Testing Your He 17 3 3 3 Default Router Settings ccccccccssceccssseeeessseeseesseeeesssseeeeessseeesssseeeeseeas 18 Using the Configuration Manager 19 4 1 Log into the Configuration Manager 19 4 2 Functional WAV OU Tc 20 4 2 1 M nu Navigatio TT 20 4 2 2 Commonly Used Buttons and ICONS sss sss sse eee eee 21 4 3 Overview of System Configuration esses 22 Router Connection Setup 23 5 1 BAR alte fije EE 23 5 1 1 Bulle 23 5 1 2 LAN Configuration Harameiers eee eee eee eee 23 5 1 3 Configuring the LAN IP Address 24 5 2 WAN Confouraton nennen nennen nennen nennen nennt nnns 25 5 2 1 WAN Connection Mode nennen nnns 25 5 2 2 PPPOE T 26 5 2 2 1 WAN PPPoE Configuration Parameters 27 5 2 2 2 Configuring PPPoE for WAN 28 5 2 2 3 Configuring PPPoE Multi session for WAN 28 5 2 9 PE POE UMMUMDCECO EE 31 5 2 3 1 WAN PPPoE Unnumbered Configuration Parameters 32 5 2 3 2 Configuring PPPoE Unnumbered for WAN
96. s chapter describes the configuration procedures for K Virtual Server Special Application NAT is the technology used to support the above applications 10 1 NAT Overview Network Address Translation allows use of a single device such as the RX3141 to act as an agent between the Internet public network and a local private network This means that a NAT IP address can represent an entire group of computers to any entity outside a network Network Address Translation NAT is a mechanism for conserving registered IP addresses in large networks and simplifying IP addressing management tasks Because of the translation of IP addresses NAT also conceals true network address from privy eyes and provide a certain degree security to the local network 10 1 1 NAPT Network Address and Port Translation or PAT Port Address Translation Also called IP Masquerading this feature maps many internal hosts to one globally valid Internet address The mapping contains a pool of network ports to be used for translation Every packet is translated with the globally valid Internet address and the port number is translated with an un used port from the pool of network ports Figure 10 1 shows that all the hosts on the local network gain access to the Internet by mapping to only one globally valid IP address and different port numbers from a free pool of network ports gc A Internet aseds ssaJppy JUJU pI EA 63606 sselppy ayeaug l Figure 10
97. s on your computer s gt Part 3 shows you how to configure basic settings on the RX3141 to get your LAN connected to the Internet After setting up and configuring the device you can follow the instructions on page 17 to verify that it is working properly This Quick Start Guide assumes that you have already established ADSL or cable modem service with your Internet service provider ISP These instructions provide a basic configuration that should be compatible with your home or small office network setup Refer to the subsequent chapters for additional configuration instructions 3 1 Part 1 Connecting the Hardware In Part 1 you connect the device to an ADSL or a cable modem which in turn is connected to a phone jack or a cable outlet the power outlet and your computer or network Before you begin turn the power off for all devices These A include your computer s your LAN hub switch if applicable WARNING and the RX3141 Figure 3 1 illustrates the hardware connections Please follow the steps that follow for specific instructions 3 1 1 Step 1 Connect an ADSL or a cable modem For the RX3141 Connect one end of the Ethernet cable to the port labeled WAN on the rear panel of the device Connect the other end to the Ethernet port on the ADSL or cable modem 3 1 2 Step 2 Connect computers or a Network If your LAN has no more than 4 computers you can use an Ethernet cable to connect computers directly to the bu
98. st 16 49 Class C 192 60 201 11 network 192 60 201 host 11 83 Chapter 12 IP Addresses Network Masks and Subnets RX3141 User s Manual 12 2 Network classes The three commonly used network classes are A B and C There is also a class D but it has a special use beyond the scope of this discussion These classes have different uses and characteristics Class A networks are the Internet s largest networks each with room for over 16 million hosts Up to 126 of these huge networks can exist for a total of over 2 billion hosts Because of their huge size these networks are used for WANs and by organizations at the infrastructure level of the Internet such as your ISP Class B networks are smaller but still quite large each able to hold over 65 000 hosts There can be up to 16 384 class B networks in existence A class B network might be appropriate for a large organization such as a business or government agency Class C networks are the smallest only able to hold 254 hosts at most but the total possible number of class C networks exceeds 2 million 2 097 152 to be exact LANs connected to the Internet are usually class C networks Some important notes regarding IP addresses K The class can be determined easily from field1 field1 2 1 126 Class A field1 128 191 Class B field1 192 223 Class C field1 values not shown are reserved for special uses gt Ahost ID can have any value except all fields set to
99. stem Reboot Countdown Timer sss sese eee eee eee 78 Figure 11 15 System Configuration Backup Page 79 Figure 11 16 System Configuration Backup Page File Download Dialog 79 Figure 11 17 System Configuration Backup Page Save AS Dialog sese 80 Figure 11 18 System Configuration Backup Status esses nennen nennen nnns 80 Figure 11 19 System Configuration Restore Page sss sse eee eee eee 81 Figure 11 20 System Configuration Restore Page Choose File Dialog esse eee eee eee 81 Figure 11 21 System Configuration Restore Gates 82 Figure 19 1 Using Ine pirig EINE EE 89 Flaure 132 SING Rana fl BEE 90 viii List of Tables Ttable 2 Rere e t EIE 5 Table 2 2 Front Panel Label and LEDS EE 6 Table 2 3 Hear Panel Labels and H RE 7 Table 3 R SED leae eT THH 12 Table 3 2 Deraul Z laa S Sumi a A TA A 18 Table 4 1 Description of Commonly Used Buttons and ICONS sss ss sss eee eee 21 Table 5A LAN Gonfigurduonm Parameter Sis ee Eed 23 Table 5 2 WAN PPPoE Configuration Parameters sese ee eee eee eee 27 Table 5 3 WAN PPPoE Unnumbered Configuration Parameters sees eee eee ee eee 32 Table 5 4 WAN Static IP Configuration En EC 34 Table BRI Ie S Configuration TE 36 Table 7 1 Static Route Configuration Parameter 40 Table 8 1 DDNS Configuration Parameters sse eee eee eee ee 44 Table 9 1 Firewall Basic Configuration Parametere 49 ale EI Attack Dento c S 50 Table 9 3 ACL Rule Configu
100. system by sending these specially formatted XMAS NULL FI packets to see what services are available Sometimes this is done in preparation N Scan for a future attack or sometimes it is done to see if your system might have a service which is susceptible to attack XMAS scan A TCP packet has been seen with a sequence number of zero and the FIN URG and PUSH bits are all set NULL scan A TCP packet has been seen with a sequence number of zero and all control bits are set to zero FIN scan A hacker is scanning the target system using a stealth method The goal of the hacker is to find out if they can connect to the system without really connecting using the FIN scanning It attempts to close a non existent connection on the server Either way it is an error but systems sometimes respond with different error results depending upon whether the desired service is available or not Teardrop In the teardrop attack the attacker s IP puts a confusing offset value in the second or later fragment If the receiving operating system does not have a plan for this situation it can cause the system to crash WinNUKE Check or un check this option to enable or disable protection against Winnuke attacks Some older versions of the Microsoft Windows OS are vulnerable to this attack If the computers in the LAN are not updated with recent versions patches you are advised to enable this protection by checking this check box RX3141 User s Manual Ch
101. t an interface through which to send the packets Options available are AUTO opp unnumbered ppp1 PPPoE 0 and ppp2 PPPoE 1 Normally select AUTO for router to determine where to send the traffic for packets matched this ACL rule 6 Make changes to any or all of the following fields source destination IP source destination port protocol ICMP message type and log Please see Table 9 3 for explanation of these fields 7 Click on the Add button to create the new ACL rule The new ACL rule will then be displayed in the outbound access control list table at the bottom half of the Outbound ACL Configuration page Figure 9 6 illustrates how to create a rule to allow outbound HTTP traffic This rule allows outbound HTTP traffic destination port 80 to be forwarded to any host on the external network for a host in your LAN w IP address 192 168 1 15 Note that the newly added outbound ACL rule is displayed in the Existing Outbound ACL table shown in Figure 9 7 ID Add New Action Log Protocol Type IP Address Source IP IP Address 192 168 1 15 Destination IP Type Source Port Type Port Number Type Destination Port EU Modify Figure 9 6 Outbound ACL Configuration Example Existing Outbound ACL eye See Seas ID Action Protocol Source Destination Service f TW i Allow TCP 192 168 1 15 Any 80 S m a Allow All Any Any Any Figure 9 7 Sample Outbound ACL List Table 9 5 2 Modify
102. the corresponding inbound packet used For a list of port numbers used by some popular applications please refer to Table 10 4 Table 10 4 Port Numbers for Popular Applications Application Outgoing Port Number Incoming Port Range Battle net 6112 6112 DialPad 7175 51200 51201 51210 ICU Il 2019 2000 2038 2050 2051 2069 2085 3010 3030 MSN Gaming Zone 47624 2300 2400 28800 29000 PC to Phone 12053 12120 12122 24150 24220 Quick Time 4 554 6970 6999 wowcall 8000 4000 4020 10 2 4 Special Application Example v ASUS Rx3141 ADUS System Name ASUS RX3141 Status 5 Advanced Special Application b Router Setup geri ai Virtual Server Ooteain ET xem ure automatically forw Applicat utgoing Trigger Port Incoming Po Special Application Enable Application Name hance Zeie and UOP connect Static ute EE n ei EE EE A DHCP Server v Yahoo messenger Yahoo messenger 5050 Hansen sooo Ran HERD a DDNS Service 7 a CH x f y computers in your CU MICU II 2019 12019 2000 1413030 b Management el rcu H MEE ominis ehet eke ete access to the spec Logout kel MSN Gaming Zone MSN Gaming Zon 147624 147624 2300 L 2400 services This is d LL jr IL pL rigger ndi Quick Time F Quick Time 554 H554 6970 6999 COUET por and S x Ur E SR Trigger ports are i ManualSetting ei Si bk mo the application W E Manual Setting S vH fo p
103. the three supported placement options for RX3141 desktop placement magnet mount and wall mount 2 5 1 Desktop Placement You may place RX3141 on any flat surface The space saving design of RX3141 occupies only a small area on your desk 2 5 2 Magnet Mount Instructions Place RX3141 onto any metal surface that attracts magnet such as most desktop computer housings cabinets and etc 2 5 3 Wall Mount Instructions 1 Attach two screws on the wall separated by 115mm if you want the front or rear panel facing upward 76mm if you want left or right side facing upward Make sure that the two screws are leveled Note that there are four wall mount slots and you may choose any adjacent slots for wall mounting 115mm or 76mm fan RUN eS E 2 Line up the wall mount slots with the screws and maneuver RX3141 so that both screws are inserted into the wall mount slots as indicated in the following figures Screws _ Sec e Screws e L laa Wall kg mount slots Wall Maneuver the switch so that both screws ER are inserted into the wall mount slots slots Line up the wall mount slots w both screws RX3141 User s Manual Chapter 3 Quick Start Guide 3 Quick Start Guide This Quick Start Guide provides basic instructions for connecting the RX3141 to a computer or a network and to the Internet gt Part provides instructions to set up the hardware gt Part 2 describes how to configure Internet propertie
104. time of packet arrival description of action taken by Firewall and reason for action Chapter 2 Getting to Know RX3141 User s Manual 2 4 Finding Your Way Around 2 4 1 The front panel contains LED indicators that show the status of the unit Front Panel Figure 2 1 Front Panel LEDs Table 2 2 Front Panel Label and LEDs LED Label Color Status Indication ad POWER Green ON RX3141 is powered on OFF RX3141 is powered off 1 4 Identifies the LAN port LEDs Status of each LAN port is indicated by 3 LEDs STATUS SPEED and DUPLEX 8 STATUS Green ON Ethernet link is established and active Blinking Data is transmitted or received via the connection OFF No Ethernet link 4 SPEED Green ON Speed is 1000Mbps Amber ON Speed is 100Mbps OFF Speed is 10Mbps or no link is established 5 DUPLEX Amber ON The LAN port is operating in full duplex mode Blinking The LAN port is operating in half duplex mode and collision is occurring OFF The LAN port is operating in half duplex mode and no collision is detected WAN Identifies the WAN port LED 8 STATUS Green ON Ethernet link is established and active OFF No Ethernet link is established 4 SPEED Green ON Speed is 100Mbps Blinking Green Data is transmitted or received via the connection HX3141 User s Manual LED Label 6 DUPLEX 2 4 2 Rear Panel Color Amber Amber Chapter 2 Getting to Know Status Indication ON Speed is 10Mbps Blinking Data
105. tion Parameters Table 5 3 WAN PPPoE Unnumbered Configuration Parameters Setting Connection Mode Enable NAPT Connect on Demand Disconnect after Idle min IP Address Unnumbered network address Unnumbered netmask User Name and Password Service Name Status Manual Disconnect Connect Description Select PPPoE Unnumbered from the connection mode drop down list Traditionally each network interface must have a unique IP address However an unnumbered interface does not have to have a unique IP address This means that when this option is selected the WAN and the LAN use the same IP address Network resources are therefore conserved because fewer network IP addresses are used and routing table is smaller Check or uncheck this box to enable NAPT for this connection Check Enable or Disable radio button to enable disable this option Enter the inactivity timeout period at which you want to disconnect the Internet connection when there is no traffic A value of 0 means no activity time out Note that SNTP service may interfere with this function if there are activities from the service Enter a static IP address here for the PPPoE unnumbered connection This IP address must be provided by your service provider Enter the network address provided by your ISP Enter the subnet mask provided by your ISP Enter the username and password you use to log into your ISP Note this is different from the information y
106. vidual nodes computers or devices on the Internet Every IP address contains four numbers each from 0 to 255 and separated by dots periods e g 20 56 0 211 These numbers are called from left to right field1 field2 field3 and field4 This style of writing IP addresses as decimal numbers separated by dots is called dotted decimal notation The IP address 20 56 0 211 is read twenty dot fifty six dot zero dot two eleven 12 1 4 Structure of an IP address IP addresses have a hierarchical design similar to that of telephone numbers For example a 7 digit telephone number starts with a 3 digit prefix that identifies a group of thousands of telephone lines and ends with four digits that identify one specific line in that group oimilarly IP addresses contain two kinds of information gt Network ID Identifies a particular network within the Internet or Intranet gt Host ID Identifies a particular computer or device on the network The first part of every IP address contains the network ID and the rest of the address contains the host ID The length of the network ID depends on the network s class see following section Table 12 1 shows the structure of an IP address Table 12 1 IP Address Structure Class A Network ID Host ID Class B Network ID Host ID Class C Network ID Host ID Here are some examples of valid IP addresses Class A 10 30 6 125 network 10 host 30 6 125 Class B 129 88 16 49 network 129 88 ho
107. word in the New Password text field and again in the Confirm Password text field The password can be up to 16 characters long When logging in you must type the new password in the same upper and lower case characters that you enter here Clone the MAC address for WAN a If you had previously registered a specific MAC address with your ISP for Internet access enter the registered MAC address here otherwise keep the default setting the factory assigned MAC address for the WAN port Auto logout after idle min Click Enable radio button and enter in activity time out period to enable this option otherwise click on the Disable radio button or enter O in the text field to diable this option When this option is enabled you will be automatically disconnected from the router when the idle timer expires during system configuration via your browser You ll have to log into the RX3141 again if you want to continue system configuration Enable UPnP service check or uncheck the check box to enable or disable UpnP service Enable DNS Proxy Check or uncheck the check box to enable or disable DNS proxy service Allow Administration from Interface check or uncheck the check box to enable or disable remote management via WAN port Allow Ping Interface You may check the LAN and or WAN check box to allow ping to the RX3141 from the LAN or WAN interface It is recommended that you enable this option for the LAN only Click on APPI Jp
108. y double clicking the Router Setup gt menu 2 Select Dynamic from the Connection Mode drop down list as shown in Figure 5 12 Note that the IP addresses for the primary and or the secondary DNS servers are automatically assigned by the DHCP server of your ISP 3 Click 2PPlY Jto save the settings 33 Chapter 5 Router Connection Setup RX3141 User s Manual 5 2 5 Static IP Mode drop IP Address 10 10 31 40 down list Subnet Mask 255 255 255 0 Gateway Address 10 10 31 1 Primary DNS Server 10 10 31 2 Secondary DNS Server 0 0 0 0 Optional Apply Figure 5 13 WAN Static IP Configuration 5 2 5 1 WAN Static IP Configuration Parameters Table 5 4 describes the configuration parameters available for static IP connection mode Table 5 4 WAN Static IP Configuration Parameters Setting Description Connection Mode Select Static from the connection mode drop down list IP Address WAN IP address provided by your ISP Subnet Mask WAN subnet mask provided by your ISP Typically it is set as 255 255 255 0 Gateway Address Gateway IP address provided by your ISP It must be in the same subnet as the WAN on the RX3141 Primary Secondary You must at least enter the IP address of the primary DNS server Secondary DNS Server DNS server is optional 5 2 5 2 Configuring Static IP for WAN Follow the instructions below to configure static IP settings 1 Open the Router Connection configuration page by
109. ys the current page with updated statistics or settings na Selects the item for editing m Trash Deletes the selected item Eon Browse Unda Undo Folder Off Item C Folder On 21 Chapter 4 Using the Configuration Manager RX3141 User s Manual 4 3 Overview of System Configuration To view the overall system configuration log into the Configuration Manager and then click Status menu Figure 4 3 shows sample information available in the System Information page Status Router Setup k Advanced Logout System Name RX314i RX3141 1 22 Build Oct 6 2004 20 19 01 System Time Sat Jan 1 00 16 04 2000 Default Gateway 0 0 0 0 DNS Server Firmware Version IP Address 132 158 1 1 Netmask 255 255 255 0 MAC Address 00 11 22 33 44 56 Connection Mode DHCP IP Address 159 254 1 13 Netmask 255 255 0 0 MAC Address 00 11 22 35 44 57 Figure 4 3 System Information Page 22 RX3141 User s Manual Chapter 5 Router Connection Setup 5 Router Connection Setup This chapter describes how to configure the basic settings for your router so that the computers on your LAN can communicate with each other and have access to the Internet Network setup consists of LAN and WAN configurations 5 1 LAN Configuration 5 1 1 LAN IP Address If you are using RX3141 with multiple PCs on your LAN you must connect your LAN to the Ethernet ports on the built in Ethernet switch You must assign a u
Download Pdf Manuals
Related Search