Manualshelf

User`s guide

ManualsBrandsDigi ManualsComputer equipmentTransPort WR41
31323334353637383940
34
IP address and Port
This mode behaves like NAT but in addition to changing the source IP of the packet from
the private host it can also change the source port number. This is required if more than
one private host attempts to connect using the same local port number to the same
Internet host on the same remote port number. If such a scenario were to occur with
NAT the router would be unable to determine which private host to route the returning
packets to and the connection would fail.
Enable IPsec on this interface
This parameter is used to enable or disable IPSec security features for this Ethernet
interface.
Use interface x,y for the source IP address of IPsec packets
By default, the source IP address for an IPsec Eroute will be the IP address of the
interface on which IPSec was enabled. By setting this parameter to either PPP or Ethernet
and the relevant interface number, the source address used by IPSec will match that of
the Ethernet or PPP interface specified.
Enable the firewall on this interface
This parameter is used to turn Firewall script processing “On” or “Off” for this interface.
Remote management access
The Remote access options parameter can be set to “No restrictions”, “Disable
management”, “Disable return RST”, “Disable management & return RST”. When set to “No
restrictions”, users on this interface can access the unit’s Telnet, FTP and web services for
the purpose of managing the unit.
When set to “Disable management”, users on this interface are prevented from managing
the unit via Telnet, FTP or the web interface.
Disable return RST - whenever a unit receives a TCP SYN packet for one of its own IP
addresses with the destination port set to an unexpected value, i.e. a port that the unit
would normally expect to receive TCP traffic on, it will reply with a TCP RST packet. This is
normal behaviour.
However, the nature of internet traffic is such that whenever an internet connection is
established, TCYP SYN packets are to be expected. As the router’s PPP inactivity timer is
restarted each time the unit transmits data (but not when it receives data), the standard
response of the unit to SYN packets i.e. transmitting an RST packet, will restart the
inactivity timer and prevent the unit from disconnecting the link even when there is no
“genuine” traffic. This effect can be prevented by using the appropriate commands and
options within the firewall script. However, on Digi 1000 series units, or where you are not
using a firewall, the same result can be achieved by selecting this option, i.e. when this
option is selected the normal behaviour of the unit in responding to SYN packets with RST
packets is disabled. The option will also prevent the unit from responding to unsolicited UDP
packets with the normal ICMP destination unreachable responses.
The “Disable management & return RST” option prevents users from managing the unit via
the Telnet, FTP and web interfaces and also disables the transmission of TCP RST packets as
above.