RX3041H User’s Manual Revision 1.3 Aug.
ii
Table of Contents 1 2 Introduction ..............................................1 1.1 Features................................................................................................................1 1.2 System Requirements..........................................................................................1 1.3 Using this Document ............................................................................................1 1.3.1 Notational conventions.................................
3.3 4 Windows® XP PCs: .................................................................................11 3.2.3 Windows® 2000 PCs:..............................................................................11 3.2.4 Windows® 95, 98, and Me PCs ..............................................................12 3.2.5 Windows® NT 4.0 workstations:..............................................................12 3.2.6 Assigning static IP addresses to your PCs ...........................................
.2.3.4 5.3 5.4 6 DNS.....................................................................................................................29 5.3.1 About DNS................................................................................................29 5.3.2 Assigning DNS Addresses.......................................................................30 5.3.3 Configuring DNS Relay............................................................................30 Viewing LAN Statistics.................
9 8.3 Configuring HTTP DDNS Client.........................................................................48 8.4 Configuring Local Host Table.............................................................................48 8.4.1.1 Add a Host Table Entry ...............................................................49 8.4.1.2 Modify a Host Table Entry ...........................................................49 8.4.1.3 Delete a Host Table Entry ......................................................
9.7 9.6.4 Delete an URL Filter Rule ........................................................................62 9.6.5 View Existing URL Filter Rules ................................................................62 Configuring Advanced Firewall Features – (Firewall Î Advanced).................62 9.7.1 9.7.1.1 Self Access Configuration Parameters .......................................63 9.7.1.2 Add a Self Access Rule ...............................................................63 9.7.1.
9.8.3.4 Delete a NAT Pool .......................................................................80 9.8.3.5 NAT Pool Example ......................................................................80 9.8.4 Time Range Configuration Parameters ......................................81 9.8.4.2 Add a Time Range.......................................................................82 9.8.4.3 Modify a Time Range ..................................................................82 9.8.4.
11.2.2.3 Modify a Management Station Group .....................................................96 11.2.2.4 Delete a Management Station Group......................................................96 11.3 Configure System Identity ..................................................................................96 11.4 Setup Date and Time .........................................................................................96 11.4.1 Date/Time Configuration Parameters...................................
D.1 E F Diagnosing Problem using IP Utilities..............................................................118 D.1.1 Ping.........................................................................................................118 D.1.2 Nslookup.................................................................................................119 Glossary ...............................................121 Index ....................................................127 List of Figures Figure 2.1.
Figure 6.6. WAN Static IP Configuration .............................................................................................................. 38 Figure 6.7. WAN Statistics Page........................................................................................................................... 39 Figure 7.1. RIP Configuration............................................................................................................................... 42 Figure 7.2. Static Route Configuration..
Figure 9.26 IP Pool Configuration......................................................................................................................... 76 Figure 9.27. Network Diagram for IP Pool Configuration..................................................................................... 77 Figure 9.28. IP Pool Example – Add Two IP Pools – MISgroup1 and MISgroup2............................................. 77 Figure 9.29. IP Pool Example – Deny QUAKE-II Connection for MISgroup1....................
Figure 11.17. Counter Down Counter for Router Reset .................................................................................... 102 Figure 11.18. Logout Page.................................................................................................................................. 103 Figure 11.19. Confirmation for Closing Browser (IE) ......................................................................................... 103 Figure D.1. Using the ping Utility...............................
Table 11.3. Fixed DHCP Lease Configuration Parameters................................................................................. 98 Table A.1. Supported ALG .................................................................................................................................. 105 Table B.1. Hardware Specification...................................................................................................................... 109 Table B.2. System Default Settings .......................
RX3041H User’s Manual 1 Chapter 1. Introduction Introduction Congratulations on becoming the owner of the high-speed router, RX3041H. Your LAN (local area network) will now be able to access the Internet using your broadband connection such as those with ADSL or cable modem. This User Manual will show you how to set up your router, and how to customize its configuration to get the most out of this product. 1.
Chapter 1. Introduction 1.3.3 RX3041H User’s Manual Special messages This document uses the following icons to call your attention to specific instructions or explanations. Note Definition Provides clarification or non-essential information on the current topic. Explains terms or acronyms that may be unfamiliar to many readers. These terms are also included in the Glossary. Provides messages of high importance, including messages relating to personal safety or system integrity.
RX3041H User’s Manual 2 2.1 Chapter 2. Getting to Know the RX3041H Getting to Know the RX3041H Parts List In addition to this document, your router should come with the following: RX3041H High Speed Router AC adapter Ethernet cable (“straight-through” type) 2.2 Front Panel The front panel contains LED indicators that show the status of the unit. Figure 2.1. Front Panel LEDs Table 2.1.
Chapter 2. Getting to Know the RX3041H 2.3 RX3041H User’s Manual Rear Panel The rear panel contains the ports for the unit's data and power connections. Figure 2.2. Rear Panel Connections Table 2.2. Rear Panel Labels and LEDs 2.4 2.4.1 Label Function POWER Power Input Jack Connects to the supplied AC adapter Reset Reset Button 1. Reboots the device 2. Used for resetting the system configuration to the factory settings. Please refer to the section 11.6.1.
RX3041H User’s Manual Chapter 2 Getting to Know the RX3041H Keyword based URL Filtering 2.4.1.1 Address Sharing and Management The RX3041H Firewall provides NAT to share a single high-speed Internet connection and to save the cost of multiple connections required for the hosts on the LAN segments connected to the RX3041H. This feature conceals network address and prevents them from becoming public. It maps unregistered IP addresses of hosts connected to the LAN with valid ones for Internet access.
Chapter 2. Getting to Know the RX3041H RX3041H User’s Manual that no ports need to be opened other than the required ones. This provides a solution which is highly secure and that offers scalability and extensibility. 2.4.1.4 Defense against DoS Attacks The RX3041H Firewall has an Attack Defense Engine that protects internal networks from known types of Internet attacks.
RX3041H User’s Manual 2.4.1.6 Chapter 2 Getting to Know the RX3041H Application Level Gateway (ALG) Applications such as FTP, games etc., open connections dynamically based on the respective application parameter. To go through the firewall on the RX3041H, packets pertaining to an application, require a corresponding allow rule. In the absence of such rules, the packets will be dropped by the RX3041H Firewall.
RX3041H User’s Manual 3 Chapter 3. Quick Start Guide Quick Start Guide This Quick Start Guide provides basic instructions for connecting your router to a computer or a LAN and to the Internet. Part 1 provides instructions to set up the hardware. Part 2 describes how to configure Internet properties on your computer(s). Part 3 shows you how to configure basic settings on the RX3041H to get your LAN connected to the Internet.
Chapter 3. Quick Start Guide 3.1.4 RX3041H User’s Manual Step 4 – Power up devices. Turn on the RX3041H, the ADSL or cable modem and power up your computers. Press the Power switch on the rear panel of the RX3041H to the ON position. Turn on your ADSL or cable modem. Turn on and boot up your computer(s) and any LAN devices such as hubs or switches. Figure 3.1. Overview of Hardware Connections You should verify that the LEDs are illuminated as indicated in Table 3.1.
RX3041H User’s Manual 3.2 Chapter 3. Quick Start Guide Part 2 — Configuring Your Computers Part 2 of the Quick Start Guide provides instructions for configuring the Internet settings on your computers to work with the RX3041H. 3.2.1 Before you begin By default, the RX3041H automatically assigns all required Internet settings to your PCs. You need only to configure the PCs to accept the information when it is assigned.
Chapter 3. Quick Start Guide RX3041H User’s Manual 7. If prompted, click button to restart your computer with the new settings. Next, configure the PCs to accept IP addresses assigned by the RX3041H: 8. In the Control Panel, double-click the Network and Dial-up Connections icon. 9. In Network and Dial-up Connections window, right-click the Local Area Connection icon, and then select Properties. 10.
RX3041H User’s Manual Chapter 3. Quick Start Guide 2. In the Control Panel window, double click the Network icon. 3. In the Network dialog box, click the Protocols tab. The Protocols tab displays a list of currently installed network protocols. If the list includes TCP/IP Protocol, then the protocol has already been enabled. Skip to step 9. 4. If TCP/IP does not display as an installed component, click button. 5. In the Select Network Protocol dialog box, select TCP/IP, and then click button.
Chapter 3. Quick Start Guide RX3041H User’s Manual here is to quickly get the router up and running, instructions are concise. You may refer to corresponding chapters for more details. 3.3.1 Buttons Used in Setup Wizard The RX3041H provides a preinstalled software program called Configuration Manager that enables you to configure the RX3041H via your Web browser.
RX3041H User’s Manual Chapter 3. Quick Start Guide Default Password: Note admin You can change the password at any time (see section 11.2 Change the Login Password on page 93). The Setup Wizard home page displays each time you log into the Configuration Manager (shown in Figure 3.3 on page 15). Figure 3.3. Setup Wizard Home Page Figure 3.4. Setup Wizard – Password Configuration Page button to enter the password configuration page as shown in Figure 3.4. 4.
Chapter 3. Quick Start Guide RX3041H User’s Manual When changing passwords, make sure you enter the existing login password in the Login Password field, make any changes for the passwords and click the button to save the changes. 5. Now we are at the System Information setup page; enter the requested information in the spaces provided and click the button to save the changes. Otherwise, proceed to the next configuration page by clicking on the button. Figure 3.5.
RX3041H User’s Manual Chapter 3. Quick Start Guide Figure 3.7. Setup Wizard – LAN IP Configuration Page Figure 3.8. Setup Wizard – LAN DHCP Server Configuration Page 8. It is recommended that you keep the default settings for the DHCP server until after you have completed the rest of the configurations and confirm that your Internet connection is working properly. Click on the button to proceed to the next configuration page. 9.
Chapter 3. Quick Start Guide RX3041H User’s Manual Connection Mode dropdown list Figure 3.9. Setup Wizard – WAN PPPoE Configuration Page Connection Mode dropdown list Figure 3.10.
RX3041H User’s Manual Chapter 3. Quick Start Guide a) PPPoE Connection Mode (see Figure 3.9) • You don’t need to enter primary/secondary DNS IP addresses as PPPoE is able to automatically obtain this information for you from your ISP. However, if you prefer to use your favorite DNS servers, you may enter them in the space provided. • Host name is optional. You may leave it empty if your ISP did not provide such information. • Enter the user name and password provided by your ISP.
Chapter 3. Quick Start Guide RX3041H User’s Manual • Enter Subnet Mask for the WAN. This information should be provided by your ISP. Typically, it is 255.255.255.0. • Enter gateway address provided by your ISP in the space provided. • Enter at lease the primary DNS IP address provided by your ISP. Secondary DNS IP address is optional. Enter it in the space provided if you have such information from your ISP.
RX3041H User’s Manual 4 Chapter 4. Getting Started with the Configuration Manager Getting Started with the Configuration Manager[CT9] Your router includes a preinstalled program called the Configuration Manager, which allows you to customize the device settings to meet the needs of your network. You access the Configuration Manager through a web browser from any PC that has access to the router via network connections. This chapter describes the general guidelines for using the Configuration Manager.
Chapter 4. Getting Started with the Configuration Manager Note RX3041H User’s Manual You can change the password at any time (see section 11.2.1 Change the Login Password on page 93). The Setup Wizard page, as shown in Figure 3.3, displays each time you log into the Configuration Manager. 4.2 Functional Layout Typical Configuration Manager page consists of two separate frames. The left frame, as shown in Figure 4.2, contains all the menus available for device configuration.
RX3041H User’s Manual Chapter 4. Getting Started with the Configuration Manager Table 4.1. Description of Commonly Used Buttons and Icons Button/Icon Function Stores any changes you have made on the current page. Adds the existing configuration to the system, e.g. a static route or a firewall ACL rule and etc. Modifies the existing configuration in the system, e.g. a static route or a firewall ACL rule and etc. Deletes the selected item, e.g. a static route or a firewall ACL rule and etc.
RX3041H User’s Manual 5 Chapter 5. Configuring LAN Settings Configuring LAN Settings This chapter describes how to configure LAN properties for the LAN interface on the RX3041H that communicates with your LAN computers. You’ll learn to configure IP address, DHCP and DNS server for your LAN in this chapter. 5.1 LAN IP Address If you are using the RX3041H with multiple PCs on your LAN, you must connect the LAN via the Ethernet ports on the built-in Ethernet switch.
Chapter 5. Configuring LAN Settings RX3041H User’s Manual Figure 5.1. LAN IP Address Configuration button to save the LAN IP address. 3. Click. If you change the LAN IP address, the connection will be terminated. 4. Reconfigure your PCs, if necessary, so that their IP addresses place them in the same subnet as the new IP address of the LAN port. See the Quick Start Guide chapter, “Part 2 — Configuring Your Computers,” for instructions. 5.
RX3041H User’s Manual 5.2.2 5.2.2.1 Chapter 5. Configuring LAN Settings DHCP Server Configuration DHCP Configuration Parameters Table 5.2 describes the configuration parameters available for DHCP service. Table 5.2. DHCP Server Configuration Parameters Field Description IP Address Pool Begin/End Specify the lowest and highest addresses in the DHCP address pool. Subnet Mask Enter the subnet mask to be used for the DHCP address pool.
Chapter 5. Configuring LAN Settings RX3041H User’s Manual Figure 5.2. DHCP Configuration 3. Click 5.2.2.3 to save the DHCP server configurations. Viewing Existing IP Address Lease When the RX3041H functions as a DHCP server for your LAN, it keeps a record of all the addresses it has leased to your computers. To view the existing lease table, just open the DHCP Server configuration page by clicking the LAN Î DHCP menu. A lease table similar to that shown in Figure 5.
RX3041H User’s Manual Chapter 5. Configuring LAN Settings Table 5.4. Fixed DHCP Lease Configuration Parameters Field Fixed DHCP Lease MAC Description A hardware ID of the device that needs a fixed IP address from the DHCP server. Fixed DHCP Lease IP The IP address leased from the DHCP server. Note that it is recommended that this IP address be outside of the DHCP IP pool. 5.2.3.2 Add a Fixed DHCP Lease To add a fixed DHCP lease, follow the instructions below: 1.
Chapter 5. Configuring LAN Settings 5.3.2 RX3041H User’s Manual Assigning DNS Addresses Multiple DNS addresses are useful to provide alternatives when one of the servers is down or is encountering heavy traffic. ISPs typically provide primary and secondary DNS addresses, and may provide additional addresses.
RX3041H User’s Manual 5.4 Chapter 5. Configuring LAN Settings Viewing LAN Statistics You will not typically need to view the statistics data for your LAN, but you may find it helpful when working with your ISP to diagnose network and Internet data transmission problems. To view LAN IP statistics, open the LAN Statistics page by clicking the LAN Î Statistics menu. Figure 5.5 shows a sample LAN Statistics. To see the updated statistics, click on the button. Figure 5.5.
RX3041H User’s Manual 6 Chapter 6. Configuring WAN Settings Configuring WAN Settings This chapter describes how to configure WAN settings for the WAN interface on the RX3041H that communicates with your ISP. You’ll learn to configure IP address, DHCP and DNS server for your WAN in this chapter. 6.1 WAN Connection Mode Three modes of WAN connection are supported by the RX3041H – PPPoE, dynamic IP and static IP.
Chapter 6. Configuring WAN Settings RX3041H User’s Manual Setting Description Primary/ Secondary DNS IP address of the primary and/or secondary DNS are optional as PPPoE will automatically detect the DNS IP addresses configured at your ISP. However, if there are other DNS servers you would rather use, enter the IP addresses in the spaces provided. MSS Clamping Click on the “Disable” or “Enable” radio button to disable or enable this option.
RX3041H User’s Manual Chapter 6. Configuring WAN Settings Figure 6.1. WAN PPPoE Configuration Page 6.2.2 Configuring PPPoE for WAN Follow the instructions below to configure PPPoE settings: 1. Open the WAN configuration page by clicking on the WAN menu. 2. Select PPPoE from the Connection Mode drop-down list as shown in Figure 6.1. 3. Select PPPoE channel ID from the drop-down list. Currently, two channels are supported. 4. Select default gateway interface – PPPoE:0 or PPPoE:1. 5.
Chapter 6. Configuring WAN Settings RX3041H User’s Manual 11. Choose a connection option and enter appropriate setting if desired. The default setting is “Disable”. 12. Click to save the PPPoE settings when you are done with the configuration. You’ll see a summary of the WAN PPPoE configuration at the bottom half of the configuration page. Note that if the default gateway address is not shown immediately, click on the WAN menu to open the WAN configuration page again. 6.3 6.3.
RX3041H User’s Manual Chapter 6. Configuring WAN Settings 6. Click to save the Dynamic IP settings when you are done with the configuration. You’ll see a summary of the WAN configuration at the bottom half of the configuration page. Note that if the default gateway address is not shown immediately, click on the WAN menu to open the WAN configuration page again. Figure 6.4. WAN Dynamic IP (DHCP client) Configuration Summary 6.4 6.4.1 Static IP WAN Static IP Configuration Parameters Table 6.
Chapter 6. Configuring WAN Settings RX3041H User’s Manual Connection Mode dropdown list Figure 6.5. WAN Static IP Configuration 5. Enter gateway address provided by your ISP in the space provided. 6. Enter the IP address of the primary DNS server. This information should be provided by your ISP. Secondary DNS server is optional. 7. Click to save the static IP settings when you are done with the configuration. You’ll see a summary of the WAN configuration at the bottom half of the configuration page.
RX3041H User’s Manual Chapter 6. Configuring WAN Settings Figure 6.7. WAN Statistics Page To see the updated statistics, click on the button.
RX3041H User’s Manual 7 Chapter 7. Configuring Routes Configuring Routes You can use Configuration Manager to define specific routes for your Internet and network data communication. This chapter describes basic routing concepts and provides instructions for creating routes. Note that most users do not need to define routes. 7.
Chapter 7. Configuring Routes RX3041H User’s Manual Field Description Passive Mode Enable this mode if RIP configured for this interface will only receive routing information from other routers and not send routing information to other routers. Disable this mode if you want this interface to send and receive routing information to/from other routers. The default setting is “Enable”. RIP Version (Send) Select the RIP version for sending the routing information. Three options are available: Version 1.
RX3041H User’s Manual Chapter 7. Configuring Routes 8. Repeat steps 3 to 7 if you want to configure another interface to support routing information exchange. 9. Click 7.3 7.3.1 to save the RIP configuration. Static Routing Static Route Configuration Parameters The following table defines the available configuration parameters for static routing configuration. Table 7.2.
Chapter 7. Configuring Routes RX3041H User’s Manual 1. In the Static Routes configuration page (as shown in Figure 7.2), select the route from the service icon of the route to be deleted in the Routing Table. drop-down list or click on the 2. Click to delete the selected route. WARNING 7.3.4 Do not remove the route for default gateway unless you know what you are doing. Removing the default route will render the Internet unreachable.
RX3041H User’s Manual 8 Chapter 8. Configuring DDNS Configuring DDNS Dynamic DNS is a service that allows computers to use the same domain name, even when the IP address changes from time to time (during reboot or when the ISP's DHCP server resets IP leases). RX3041H connects to a Dynamic DNS service whenever the WAN IP address changes. It supports setting up the web services such as Web server, FTP server using a domain name instead of the IP address.
Chapter 8. Configuring DDNS RX3041H User’s Manual Internet HTTP DDNS Server (DynDNS, TokyoDNS) DynDNS isr.homeunix.com ISR TokyoDNS isr.dns-tokyo.jp Figure 8.2. Network Diagram for HTTP DDNS Whenever IP address of the configured DDNS interface changes, DDNS update is sent to the specified DDNS service provider. RX3041H should be configured with the DDNS username and password that are obtained from the DDNS service provider. 8.1 DDNS Configuration Parameters Table 8.
RX3041H User’s Manual Chapter 8. Configuring DDNS Field Description HTTP DDNS Specific Settings DDNS Service [For HTTP DDNS only] dyndns Please visit http://www.dyndns.org for more details. zoneedit Please visit http://www.zoneedit.com for more details. dyn-tokyo Please visit http://www.dns-tokyo.jp for more details. DDNS Username [For HTTP DDNS only] Enter the username provided by your DDNS service provider in this field.
Chapter 8. Configuring DDNS 8.3 RX3041H User’s Manual Configuring HTTP DDNS Client Follow these instructions to configure the HTTP DDNS: 1. First, you should have already registered a domain name to the DDNS service provider. If you have not done so, please visit www.dns-tokyo.jp or www.dyndns.org for more details. 2. Make sure that you have a host name configured for the RX3041H; otherwise, open the System Identity configuration page to configure one. Please refer to the section 11.
RX3041H User’s Manual Chapter 8. Configuring DDNS servers to allow the LAN hosts to access the server using the host name, e.g. telnet myServer.myCompany.com. 8.4.1.1 Add a Host Table Entry To add a host table entry, follow the instructions below: 1. Open the DDNS configuration page by clicking on the DDNS menu. 2. Select “Add New” from the Host Table drop-down list. 3. Enter the host name and the corresponding IP address in the respective fields. Figure 8.
RX3041H User’s Manual 9 Chapter 9. Configuring Firewall/NAT Settings Configuring Firewall/NAT Settings The RX3041H provides built-in firewall/NAT functions, enabling you to protect the system against denial of service (DoS) attacks and other types of malicious accesses to your LAN while providing Internet access sharing at the same time. You can also specify how to monitor attempted attacks, and who should be automatically notified.
Chapter 9. Configuring Firewall/NAT Settings 9.1.3.2 RX3041H User’s Manual Tracking Connection State The stateful inspection engine in the firewall keeps track of the state, or progress, of a network connection. By storing information about each connection in a state table, RX3041H is able to quickly determine if a packet passing through the firewall belongs to an already established connection. If it does, it is passed through the firewall without going through ACL rule evaluation.
RX3041H User’s Manual Chapter 9. Configuring Firewall/NAT Settings Figure 9.1 Static NAT – Mapping Four Private IP Addresses to Four Globally Valid IP Addresses 9.2.2 Dynamic NAT Dynamic NAT maps an internal host dynamically to a globally valid Internet address (m-to-n). The mapping usually contains a pool of internal IP addresses (m) and a pool of globally valid Internet IP addresses (n) with m usually greater than n.
Chapter 9. Configuring Firewall/NAT Settings 9.2.3 RX3041H User’s Manual NAPT (Network Address and Port Translation) or PAT (Port Address Translation) Also called IP Masquerading, this feature maps many internal hosts to one globally valid Internet address. The mapping contains a pool of network ports to be used for translation. Every packet is translated with the globally valid Internet address and the port number is translated with an un-used port from the pool of network ports. Figure 9.
RX3041H User’s Manual 9.2.4 Chapter 9. Configuring Firewall/NAT Settings Reverse Static NAT Reverse static NAT maps a globally valid IP address to an internal host address for the inbound traffic. All packets coming to that globally valid IP address are relayed to the Internal address. This is useful when hosting services in an internal machine. Figure 9.
Chapter 9. Configuring Firewall/NAT Settings Field RX3041H User’s Manual Description IP Address Subnet Specify the appropriate network address This option allows you to include all the computers that are connected in an IP subnet. When this option is selected, the following fields become available for entry: Address Mask Range Enter the appropriate IP address. Enter the corresponding subnet mask. This option allows you to include a range of IP addresses for applying this rule.
RX3041H User’s Manual Field Chapter 9. Configuring Firewall/NAT Settings Description Service This option allows you to select any of the pre-configured services (selectable from the drop-down list) instead of the destination port.
Chapter 9. Configuring Firewall/NAT Settings 9.4.1 RX3041H User’s Manual Add an Inbound ACL Rule To add an inbound ACL rule, follow the instructions below: 1. Open the Inbound ACL Rule Configuration Page by clicking on the Firewall Î Inbound ACL menu. 2. Select “Add New” from the “ID” drop-down list. 3. Set desired action (Allow or Deny) from the “Action” drop-down list. 4.
RX3041H User’s Manual Chapter 9. Configuring Firewall/NAT Settings 2. Click on the icon of the rule to be modified in the inbound ACL table or select the rule number from the “ID” drop-down list. 3. Make desired changes to any or all of the following fields: action, source/destination IP, source/destination port, protocol, port mapping, time ranges, application filtering, and log. Please see Table 9.1 for explanation of these fields. 4. Click on the button to modify this ACL rule.
Chapter 9. Configuring Firewall/NAT Settings RX3041H User’s Manual Figure 9.9. Outbound ACL Configuration Example 5. Assign a priority for this rule by selecting a number from the “Move to” drop-down list. Note that the number indicates the priority of the rule with 1 being the highest. Higher priority rules will be examined prior to the lower priority rules by the firewall. 6. Click on the button to create the new ACL rule.
RX3041H User’s Manual Chapter 9. Configuring Firewall/NAT Settings 1. Open the Outbound ACL Rule Configuration Page by clicking on the Firewall Î Outbound ACL menu. icon of the rule to be deleted in the outbound ACL table or select the rule number 2. Click on the from the “ID” drop-down list. 3. Click on the button to delete this ACL rule. Note that the ACL rule deleted will be removed from the ACL rule table located at the bottom half of the same configuration page. 9.5.
Chapter 9. Configuring Firewall/NAT Settings RX3041H User’s Manual to take effect. Please refer to section 11.1 Configure System Services on details of enabling and disabling firewall services. Figure 9.11. URL Filter Configuration Example button to create the URL Filter rule. The new rule will then be displayed in the 4. Click on the URL Filter Configuration Summary table. Figure 9.12. URL Filter List 9.6.
RX3041H User’s Manual 9.7.1 Chapter 9. Configuring Firewall/NAT Settings Configuring Self Access Rules Self access rules are used to control access to the router itself. 9.7.1.1 Self Access Configuration Parameters Table 9.3 describes the configuration parameters available in the Self Access configuration page. Table 9.3. Self Access Configuration Parameters Field Description Protocol Select protocol from drop down list - TCP/ UDP/ICMP Port Enter the Port Number.
Chapter 9. Configuring Firewall/NAT Settings RX3041H User’s Manual Figure 9.13 displays the screen with entries to: Add a new Self Access rule to: • 9.7.1.3 Allow TCP port 80 traffic (i.e. HTTP traffic) from the LAN and deny the HTTP traffic from the WAN port (i.e. from the external network) to the RX3041H. Modify a Self Access Rule To modify a Self Access rule, follow the instructions below: 1. Open the Self Access Rule configuration page by clicking on the Firewall Î Advanced Î Self Access menu.
RX3041H User’s Manual 9.7.2.2 Chapter 9. Configuring Firewall/NAT Settings Add a Service To add a service, follow the instructions below: 1. Open the Service List configuration page by clicking the Firewall Î Advanced Î Service. 2. Select “Add New” from the service drop-down list. 3. Enter a desired name, preferably a meaningful name that signifies the nature of the service, in the “Service Name” field. Note that only alphanumeric characters are allowed in a name. 4.
Chapter 9. Configuring Firewall/NAT Settings RX3041H User’s Manual 4. Click on the button to modify this service. The new settings for this service will then be displayed in the service list table at the bottom half of the Service configuration page. 9.7.2.4 Delete a Service To delete a service, follow the instructions below: 1. Open the Service List configuration page by clicking the Firewall Î Advanced Î Service. 2.
RX3041H User’s Manual Field Chapter 9. Configuring Firewall/NAT Settings Description PORT command in the FTP protocol. An attacker can establish a connection between the FTP server machine and an arbitrary port on another system. This connection may be used to bypass access controls that would otherwise apply. IP Unaligned Time Stamp Check or un-check this option to enable or disable protection against unaligned IP time stamp attack.
Chapter 9. Configuring Firewall/NAT Settings RX3041H User’s Manual Figure 9.16. DoS Attack Protection List To configure DoS settings, follow the instructions below: 1. Open the DoS configuration page by clicking on the Firewall Î Advanced Î DoS menu. 2. Check or uncheck individual option to enable or disable additional protection against specific type of attack. Note that SYN flooding and ICMP verbose attack protection are enabled by default.
RX3041H User’s Manual 9.8.1 Chapter 9. Configuring Firewall/NAT Settings Configuring Application Filter Application filter allows network administrator to block, monitor, and report on network users’ access to nonbusiness and objectionable content. This high-performance content access control results in increased productivity, lower bandwidth usage and reduced legal liability. The RX3041H has the ability to handle active content filtering on certain application protocols such as HTTP, FTP, SMTP and RPC.
Chapter 9. Configuring Firewall/NAT Settings Field RX3041H User’s Manual Description PASV Allow initiation of a passive data connection. PORT Allow or deny Port Number to participate in an active data connection. RETR Allow or deny getting a file from the FTP server. RMD Allow Removing a directory. RNFR Allow Rename from. RNTO Allow Rename to. DELE Allow Deletion of a file. SITE STOR SMTP Commands MAIL Allow Site parameters (Specific services provided by the FTP server).
RX3041H User’s Manual Chapter 9. Configuring Firewall/NAT Settings 9.8.1.2.1 FTP Example: Add a FTP Filter Rule to Block FTP DELETE Command 10.64.2.0 FTP Server 10.64.2.254 Outside FW ISR Inside FW Private Network 192.168.1.0/24 Figure 9.18 Network Diagram for FTP Filter Example – Blocking FTP Delete Command 1. Open the Application Filer configuration page by clicking the Firewall Î Policy List Î Application Filter menu. 2. Select FTP from the Filter Type drop-down list. 3.
Chapter 9. Configuring Firewall/NAT Settings RX3041H User’s Manual FTP Command drop-down list Figure 9.20 FTP Filter Example – Firewall Configuration Assistant 8. Select the desired FTP command from the FTP Command drop-down list and then click on the button. The selected FTP command will be added into the selected Deny FTP Commands field. Figure 9.21 FTP Filter Example – Add an FTP Filter to Deny FTP Delete Command 9. Repeat step 8 if more commands are to be added; otherwise, proceed to the next step.
RX3041H User’s Manual Chapter 9. Configuring Firewall/NAT Settings 9.8.1.2.2 HTTP Example: Add a HTTP Filter Rule to Block JAVA Applets and Java Archives 1. Open the Application Filer configuration page by clicking the Firewall Î Policy List Î Application Filter menu. 2. Select HTTP from the Filter Type drop-down list. 3. Select “Add New Filter” from the Filter Rule drop-down list. 4. Enter a name for this rule – in this example, HTTPrule1. 5. Change the port number if necessary.
Chapter 9. Configuring Firewall/NAT Settings RX3041H User’s Manual HTTP filter drop-down list Figure 9.24. HTTP Filter Example – Associate HTTP Filter Rule to an ACL Rule 9.8.1.3 Modify an Application Filter To modify an IP Pool, follow the instructions below: 1. Open the Application Filer configuration page by clicking the Firewall Î Policy List Î Application Filter menu. icon of the 2. Select the application filter to modify.
RX3041H User’s Manual Chapter 9. Configuring Firewall/NAT Settings 4. Click on the button to save the new settings. The new settings for this application filter will then be displayed in the Application Filter List table. 9.8.1.4 Delete an Application Filter To delete an Application Filter, click on the icon of the filter to be deleted or follow the instruction below: 1. Open the Application Filer configuration page by clicking the Firewall Î Policy List Î Application Filter menu.
Chapter 9. Configuring Firewall/NAT Settings RX3041H User’s Manual IP Pool drop-down list IP Pool Type drop-down list Figure 9.26 IP Pool Configuration button to create the new IP Pool. The new IP Pool will then be displayed in 6. Click on the the IP Pool list table. 9.8.2.3 Modify an IP Pool To modify an IP Pool, follow the instructions below: 1. Open the IP Pool configuration page by clicking the Firewall Î Policy List Î IP Pool menu.
RX3041H User’s Manual 9.8.2.5 Chapter 9. Configuring Firewall/NAT Settings IP Pool Example Internet Outside FW ISR Inside FW 192.168.1.10 192.168.1.11 MISgroup1 192.168.1.12 MISgroup2 Figure 9.27. Network Diagram for IP Pool Configuration 1. Open the IP Pool configuration page to create two IP groups – see Figure 9.28. Figure 9.28. IP Pool Example – Add Two IP Pools – MISgroup1 and MISgroup2 2.
Chapter 9. Configuring Firewall/NAT Settings RX3041H User’s Manual Source IP Type drop-down list IP Pool drop-down list Figure 9.29. IP Pool Example – Deny QUAKE-II Connection for MISgroup1 9.8.3 Configuring NAT Pool 9.8.3.1 NAT Pool Configuration Parameters Table 9.8 describes the configuration parameters available for a NAT pool. Table 9.8. NAT Pool Configuration Parameters Field Description NAT Pool Name Enter a name for the NAT Pool.
RX3041H User’s Manual Field Chapter 9. Configuring Firewall/NAT Settings Description Interface Select this type of NAT to specify the Dynamic Interface whose IP address should be used for subjecting traffic to NAT. 9.8.3.2 Add a NAT Pool To add a NAT Pool, follow the instructions below: 1. Open the NAT Pool configuration page by clicking the Firewall Î Policy List Î NAT Pool menu. 2. Select “Add New Pool” from the NAT Pool drop-down list. 3. Enter a pool name into the Name field. 4.
Chapter 9. Configuring Firewall/NAT Settings RX3041H User’s Manual 4. Click on the button to save the new settings. The new settings for this pool will then be displayed in the NAT Pool List table. 9.8.3.4 Delete a NAT Pool To delete a NAT Pool, click on the icon of the NAT pool to be deleted or follow the instruction below: 1. Open the NAT Pool configuration page by clicking the Firewall Î Policy List Î NAT Pool menu. icon of the NAT pool to be deleted in the NAT Pool List table or select the NAT 2.
RX3041H User’s Manual Chapter 9. Configuring Firewall/NAT Settings 2. Associate the NAT pool to an outbound ACL rule by selecting “NAT Pool” from the NAT type drop-down list and then choose an existing NAT pool from the NAT pool drop-down list. NAT type drop-down list NAT pool drop-down list Figure 9.33. NAT Pool Example – Associate a NAT Pool to an ACL Rule 9.8.4 Configuring Time Range With this option you can configure access time range records for eventual association with ACL rules.
Chapter 9. Configuring Firewall/NAT Settings 9.8.4.2 RX3041H User’s Manual Add a Time Range To add a Time Range, follow the instructions below: 1. Open the Time Range configuration page by clicking the Firewall Î Policy List Î Time Range menu. 2. Select “Add New Time Range” from the Time Range drop-down list. 3. Enter a name into the Time Range Name field. 4. Select “Add New Schedule” from the Schedule drop-down list. 5. Select Days of Week. For example, from Sunday to Saturday. 6.
RX3041H User’s Manual Chapter 9. Configuring Firewall/NAT Settings 3. Select the Schedule from the drop-down list. 4. Click on the 9.8.4.6 button to delete this schedule. Time Range Example 1. Create a time range – see Figure 9.32. Figure 9.35. Time Range Example – Create a Time Range 2. Associate the time range to an outbound ACL rule by selecting an existing time range from the Time Range drop-down list. Figure 9.36 shows that MISgroup1 is denied FTP access during office hours.
Chapter 9. Configuring Firewall/NAT Settings RX3041H User’s Manual Figure 9.37.
RX3041H User’s Manual 10 Chapter 10. Configuring Remote Access Configuring Remote Access 10.1 Remote Access The RX3041H firewall allows telecommuters to securely access their corporate network using the Remote Access mechanism based on the notions of groups, users and access policies. Each group is associated with a set of access policies that are activated when a user belonging to that group logs in. The RX3041H maintains details about the access policies defined for the remote access groups.
Chapter 10. Configuring Remote Access Field RX3041H User’s Manual Description User State Click on the Enable or Disable radio button to enable or disable the user. Disabling the user will force the user to be disconnected. Further login from that specific user will be disabled. Enabling the user will allow the specific user to log in. Password Enter the User’s password. Confirm Password Enter the User’s password again for confirmation.
RX3041H User’s Manual Chapter 10. Configuring Remote Access 1. Open the User Group configuration page by clicking the Remote Access Î User Group menu. 2. Select an existing group from the user group drop-down list. 3. Select “Add New User” from the user drop-down list. 4. Enter a unique user name in the User Name field. 5. Click on the “Enable” or “Disable” radio button in the User State field to enable or disable this user. 6. Enter the password in the Password field for this user. 7.
Chapter 10. Configuring Remote Access RX3041H User’s Manual 10.2.5 User Group and Users Configuration Example Figure 10.2. User Group and Users Configuration Example Example Figure 10.2 displays the screen with entries to: Add a new user group and a new user • Group “Sales” • User “Alan” 10.3 Configure Group ACL Rules Group ACL is used to control access privileges for remote or local user groups.
RX3041H User’s Manual Chapter 10. Configuring Remote Access 2. Select “Add New” from the “ID” drop-down list. 3. Set desired action (Allow or Deny) from the “Action” drop-down list. 4. Select Outbound or Inbound from the rule Type drop-down list. 5. Select a group from the Group drop-down list. 6. Make changes to any or all of the following fields: source/destination IP, source/destination port, protocol, NAT, time ranges, application filtering, and log. Please see Table 9.
Chapter 10. Configuring Remote Access RX3041H User’s Manual 10.3.4 Delete a Group ACL Rule To delete an group ACL rule, just click on the below: in front of the rule to be deleted or follow the instructions 1. Open the Time Range configuration page by clicking the Firewall Î Remote Access Î Group ACL menu. icon of the rule to be deleted in the group ACL list table or select the rule number 2. Click on the from the “ID” drop-down list. 3. Click on the button to delete this ACL rule.
RX3041H User’s Manual Chapter 10. Configuring Remote Access User Name: Richard Group Name: RoadWarrior User Name: Gloria Group Name: RoadWarrior Internet WAN Port 61.222.32.38 ISR LAN Port 192.168.1.1 FTP Server: 192.168.1.200 Private Network 192.168.1.0/24 Figure 10.7. Network Diagram for Inbound Remote Access 10.5 Configure Firewall for Remote Access Remote Access is usually used to support mobile users of a company to access their corporate network without compromising on security.
Chapter 10. Configuring Remote Access RX3041H User’s Manual Figure 10.8. User and User Group Configuration Example Figure 10.9. Group ACL Configuration Example 2. Create an inbound group ACL rule (see Figure 10.9) to allow remote access users, Richard and Gloria, to access FTP server in the corporate network. 3. Remote users, Richard and Gloria, can then login into the RX3041H to access the FTP server by entering the following URL in the browser: http://61.222.32.
RX3041H User’s Manual 11 Chapter 11. System Management System Management This chapter describes the following administrative tasks that you can perform using the Configuration Manager: Configure system services Modify password and add management hosts Modify system specific information Modify system date and time Reset, backup and restore system configuration Update firmware Log out of the Configuration Manager You can access these tasks from the System Management menu. 11.
Chapter 11. System Management RX3041H User’s Manual Administrator has the privilege to modify the system settings while guest can only view the system settings. Passwords of both the admin and guest accounts can be changed by the administrator. Note This username and password is only used for logging into the Configuration Manager; it is not the same login password that you use to connect to your ISP. Follow the instructions below to change password: 1.
RX3041H User’s Manual Chapter 11. System Management Table 11.1. Management Station Configuration Parameters Field Description ID Add New Number Click on this option to add a new management group. Select a management group from the drop-down list to modify its configuration. Address Type This option allows you to select how you want to specify the IP addresses for the management station group. Three options are available: IP address, range and subnet.
Chapter 11. System Management RX3041H User’s Manual Figure 11.4. Management Station Summary 11.2.2.3 Modify a Management Station Group To modify a management station group, follow the instructions below: 1. Open the Password configuration page by clicking the System Management Î Password menu. 2. Select a management group from the ID drop-down list. 3. Make desired changes to the “Address Type” and the corresponding IP address information. 4. Click on the 11.2.2.4 button to modify the settings.
RX3041H User’s Manual Note Chapter 11. System Management Changing the date and time on the router does not affect the date and time on your PCs. There is no real time clock inside the router; however, the correct date and time can be obtained from external time servers. You may configure up to 5 time servers. Note that SNTP service must be enabled in the System Services configuration page for the router to access external time servers. 11.4.
Chapter 11. System Management RX3041H User’s Manual Figure 11.6. Date and Time Configuration Page button to save the settings. 5. Click on 11.4.3 View the System Date and Time To view the system date and time, open the Date/Time configuration page by clicking the System Management Î Date/Time menu. 11.5 SNMP Setup SNMP (Simple Network Management Protocol) as its name suggests is used for network management. You may use the SNMP configuration page to enable or disable the SNMP support. 11.5.
RX3041H User’s Manual Chapter 11. System Management 11.5.2 Configuring SNMP 1. Open the SNMP configuration page by clicking the System Management Î SNMP menu. 2. Click on the “Enable” or “Disable” radio button to enable or disable the SNMP support. 3. Enter the RO (Read Only) and RW (Read and Write) community names. 4. Enter the IP address of the SNMP management station that receives trap messages from the RX3041H. Figure 11.7. SNMP Configuration button to save the configuration.
Chapter 11. System Management RX3041H User’s Manual Figure 11.10. Counter Timer for Default Setting Configuration 4. When the count down timer elapses, a dialog window, as shown below, will pop up. Click on the button to reconnect to the router. 11.6.1.2 Reset to Factory Settings Using Reset Button Sometimes, you may find that you have no way to access your router, e.g. you forget your password or you forget the LAN IP address of your router.
RX3041H User’s Manual Chapter 11. System Management 2. Enter the path and name of the system configuration file that you want to restore in the “Configuration File” text field. Figure 11.12. Restore System Configuration button to search for the system configuration file Alternatively, you may click on the on your hard drive. A window similar to the one shown in Figure 11.13 will pop up for you to select the configuration file to restore. Figure 11.13.
Chapter 11. System Management RX3041H User’s Manual Figure 11.14. Firmware Upgrade Page button to update the firmware; a count down counter will display as illustrated in 3. Click on Figure 11.15. You can reconnect to the RX3041H when the count down timer elapses. If you don’t see this counter, the new firmware is not transferred properly to the RX3041H. You’ll have to manually reset the RX3041H by pressing the reset button to start all over again.
RX3041H User’s Manual Chapter 11. System Management To logout of Configuration Manager, open the Logout page by clicking the Logout menu and then click on the button in the Logout page. If you are using IE, a window similar to the one shown in Figure 11.19 will pop up for logout confirmation before closing your browser window. Figure 11.18. Logout Page Figure 11.19. Confirmation for Closing Browser (IE) .
RX3041H User’s Manual A Appendix A. ALG Configuration ALG Configuration Table A.1 lists all the supported ALGs (Application Layer Gateway). Table A.1. Supported ALG ALG/Application Name Protocol and Port Predefined Service Name Tested Software Version PC Anywhere UDP/22 PC-ANYWHERE pcAnywhere 9.0.
Appendix A.
RX3041H User’s Manual ALG/Application Name Diablo II (BATTLENET-TCP, BATTLENET-UDP) Appendix A.
RX3041H User’s Manual B B.1 Appendix B. System Specifications System Specifications Hardware Specification Table B.1. Hardware Specification AC Adapter Memory Input Varied w/ regions. Note your AC adapter only works w/ your region.
Appendix B.
RX3041H User’s Manual Appendix B.
RX3041H User’s Manual C C.1 Appendix C. IP Addresses, Network Masks, and Subnets IP Addresses, Network Masks, and Subnets IP Addresses This section pertains only to IP addresses for IPv4 (version 4 of the Internet Protocol). IPv6 addresses are not covered. Note This section assumes basic knowledge of binary numbers, bits, and bytes. For details on this subject, see Appendix A.
Appendix C. IP Addresses, Network Masks, and Subnets RX3041H User’s Manual Class A networks are the Internet's largest networks, each with room for over 16 million hosts. Up to 126 of these huge networks can exist, for a total of over 2 billion hosts. Because of their huge size, these networks are used for WANs and by organizations at the infrastructure level of the Internet, such as your ISP. Class B networks are smaller but still quite large, each able to hold over 65,000 hosts.
RX3041H User’s Manual Appendix C. IP Addresses, Network Masks, and Subnets Class C: 255.255.255.0 These are called default because they are used when a network is initially configured, at which time it has no subnets.
RX3041H User’s Manual D Appendix D. Troubleshooting Troubleshooting This appendix suggests solutions for problems you may encounter in installing or using the RX3041H, and provides instructions for using several IP utilities to diagnose problems. Contact Customer Support if these suggestions do not resolve the problem. Problem Troubleshooting Suggestion LEDs Power LED does not illuminate after product is turned on.
Appendix D. Troubleshooting Problem RX3041H User’s Manual Troubleshooting Suggestion public IP address (usually this public IP address is the WAN IP address). Your PC’s IP address must be within the IP range specified in the NAT rules. The default firewall outbound ACL rule includes a NAT rule for all hosts on the LAN. Configuration Manager Program Forget your Configuration Manager user ID or password.
RX3041H User’s Manual Appendix D. Troubleshooting Figure D.1. Using the ping Utility If the target computer cannot be located, you will receive the message “Request timed out.” Using the ping command, you can test whether the path to the RX3041H is working (using the preconfigured default LAN IP address 192.168.1.1) or another address you assigned. You can also test whether access to the Internet is working by typing an external address, such as that for www.yahoo.com (216.115.108.243).
Appendix D. Troubleshooting RX3041H User’s Manual Figure D.2. Using the nslookup Utility There may be several addresses associated with an Internet name. This is common for web sites that receive heavy traffic; they use multiple, redundant servers to carry the same information. To exit from the nslookup utility, type exit and press at the command prompt.
RX3041H User’s Manual E Appendix E. Glossary Glossary 10BASE-T A designation for the type of wiring used by Ethernet networks with a data rate of 10 Mbps. Also known as Category 3 (CAT 3) wiring. See also data rate, Ethernet. 100BASE-T A designation for the type of wiring used by Ethernet networks with a data rate of 100 Mbps. Also known as Category 5 (CAT 5) wiring. See also data rate, Ethernet. ADSL Asymmetric Digital Subscriber Line The most commonly deployed "flavor" of DSL for home users.
Appendix E. Glossary RX3041H User’s Manual element of URLs, which identify a specific file at a web site, e.g., http://www.asus.com. See also DNS. download To transfer data in the downstream direction, i.e., from the Internet to the user. DSL Digital Subscriber Line A technology that allows both digital data and analog voice signals to travel over existing copper telephone lines. Ethernet The most commonly installed computer network technology, usually using twisted pair wiring.
RX3041H User’s Manual Appendix E. Glossary from 0 to 255, separated by periods, e.g., 209.191.4.240. An IP address consists of a network ID that identifies the particular network the host belongs to, and a host ID uniquely identifying the host itself on that network. A network mask is used to define the network ID and the host ID. Because IP addresses are difficult to remember, they usually have an associated domain name that can be specified instead. See also domain name, network mask.
Appendix E. Glossary RX3041H User’s Manual between your ISP and your computer. The WAN interface on the RX3041H uses two forms of PPP called PPPoA and PPPoE. See also PPPoA, PPPoE. PPPoE Point-to-Point Protocol over Ethernet One of the two types of PPP interfaces you can define for a Virtual Circuit (VC), the other type being PPPoA. You can define one or more PPPoE interfaces per VC. protocol A set of rules governing the transmission of data.
RX3041H User’s Manual Appendix E. Glossary twisted pair The ordinary copper telephone wiring long used by telephone companies. It contains one or more wire pairs twisted together to reduce inductance and noise. Each telephone line uses one pair. In homes, it is most often installed with two pairs. For Ethernet LANs, a higher grade called Category 3 (CAT 3) is used for 10BASE-T networks, and an even higher grade called Category 5 (CAT 5) is used for 100BASE-T networks.
RX3041H User’s Manual F Appendix F. Index Index 100BASE-T, 121 defined, 29 10BASE-T, 121 relay, 30 ADSL, 121 Domain name, 121 authenticate, 121 Domain Name System.
Appendix F. Index Internet, 122 troubleshooting access to, 117 RX3041H User’s Manual in Fixed DHCP Lease Table, 29 MAC addresses, 123 Intranet, 122 Management Station Configuration, 95 IP address Mask. See Network mask in device's routing table, 44 IP addresses, 122 explained, 113 IP configuration Mbps, 123 NAT defined, 52, 123 Dynamic, 53 static, 13 NAPT, 54 static IP addresses, 13 Overload, 54 Windows 2000, 11 PAT, 54 Windows Me, 12 Reverse NAPT, 55 Windows NT 4.
RX3041H User’s Manual Management Station Configuration, 95 Routing Configuration, 42, 43, 44 Appendix F. Index Static routes adding, 43 Setup Wizard, 15, 23 Statically assigned IP addresses, 26 User Password Configuration, 94 Subnet, 124 WAN Statistics, 39 Subnet mask.
