Dual Ethernet ProxyServer Model MTPSR1-120 User Guide
User Guide 88301500 Revision A Dual Ethernet ProxyServer (Model No MTPSR1-120) This publication may not be reproduced, in whole or in part, without prior expressed written permission from Multi-Tech Systems, Inc. All rights reserved. Copyright © 1998, by Multi-Tech Systems, Inc. Multi-Tech Systems, Inc. makes no representations or warranties with respect to the contents hereof and specifically disclaims any implied warranties of merchantability or fitness for any particular purpose.
Contents Chapter 1 - Introduction and Description Introduction ................................................................................................................................................ 6 Preview of this Guide ................................................................................................................................. 6 Front Panel Description ............................................................................................................................
Chapter 5 - Remote Configuration and Management Introduction .............................................................................................................................................. 42 Modem-Based Remote Configuration Procedure ..................................................................................... 42 LAN-Based Remote Configuration Procedure .........................................................................................
Chapter 1 - Introduction and Description
Dual Ethernet ProxyServer User Guide Introduction Welcome to Multi-Tech's new Dual Ethernet ProxyServer, model number MTPSR1-120, a high speed Internet access device that provides firewall protection to your corporate (secured) LAN and allows Internet access to the Internet Services Network (public LAN) that resides outside the firewall.
Chapter 1 - Introduction and Description Chapter 4 - ProxyServer Software Chapter 4 describes the ProxyServer software package designed for the Windows ® environment. This chapter describes the ProxyServer software from an applications standpoint, and in so doing, not every screen is shown, nor is each field within a screen defined. For explanations and parameters of each field within a dialog box please refer to the on-line help system provided within the software.
Dual Ethernet ProxyServer User Guide Front Panel Description The front panel, shown in Figure 1-2, contains four groups of LEDs that provide the status of the LAN connection, link activity, and general status of the ProxyServer. The Ethernet 1 and Ethernet 2 LEDs display the activity of the public and private LANs, in whether the ProxyServer is connected to the LAN, transmitting or receiving packets, and if a collision is in progress. The WAN Link LEDs display the status of the RS232/V.
Chapter 1 - Introduction and Description Back Panel Description The cable connections for the ProxyServer are made at the back panel. In addition to the Power connector, Three groups of connectors are used on the ProxyServer: the Command Port, Ethernet 1 & 2 (10BASET) and RS232/V.35. The cable connections are shown in Figure 1-3 and defined in the following groups. RS232/V.35 ETHERNET 2 1 COMMAND POWER ON OFF 10BASET 10BASET Figure 1-3. Back Panel RS232/V.35 Connector The RS232/V.
Dual Ethernet ProxyServer User Guide Specifications • Protocols - Point-To-Point Protocol (PPP), and Serial Line Internet Protocol (SLIP) Ethernet Ports • Two Ethernet Interface - 10Base-T (twisted pair) RJ-45 connectors. Command Port • Single 19.2K bps asynchronous Command Port using a short RJ-45 to DB-25 cable with a DB-25 female connector WAN Link • One RS232/V.35 port connector.
Chapter 2 - Installation
Dual Ethernet ProxyServer User Guide Safety Warnings 1. Never install telephone wiring during a lightning storm. 2. Never install telephone jacks in wet locations unless the jack is specifically designed for wet locations. 3. Never touch uninsulated telephone wires or terminals unless the telephone line has been disconnected at the network interface. 4. Use caution when installing or modifying telephone lines. 5. Avoid using a telephone (other than a cordless type) during an electrical storm.
Chapter 1 - Introduction and Description V.35 Shunt Procedure If you are using an external DCE device on the WAN RS232/V.35 port, and the connection will be a V.35 connection, the internal shunt must be moved from the RS232C (default) position prior to cabling and power-up. The following steps detail the procedures for switching the shunt. Step Procedure 1 Ensure that the external power supply is disconnected from the ProxyServer.
Dual Ethernet ProxyServer User Guide Cabling Your ProxyServer Cabling your ProxyServer involves making the proper Power, Command Port, and two Ethernet connections. An optional WAN connection is provided to connect to an external WAN device. Figure 2-4 shows the back panel connectors and the associated cable connections, and the table that follows details the procedures for connecting the cables to your ProxyServer. ETHERNET RS232/V.
Chapter 2 - Installation Table 2-1. (cont’d.) Step 5. Procedure If a cable modem, DSL modem, or your Internet LAN is being used, no cable connection will be made to the RS232/V.35 connector on the back of the ProxyServer. If the RS232/V.35 connector on the ProxyServer is going to be connected to a WAN device (i.e., connecting your secure (private) LAN to an ISP, connect one end of an RS232 or V.35 interface cable to the RS232/V.35 connector on the back of the ProxyServer.
Dual Ethernet ProxyServer User Guide 16
Chapter 3 - Software Loading and Configuration
Dual Ethernet ProxyServer User Guide Loading Your Software The following loading procedure does not provide every screen or option in the process of installing the Firewall software. The assumption is that the installation is being performed by a technical person with a thorough knowledge of Windows and the software loading process. Additional information on the Firewall software is provided in the Chapter 4, and in the on-line help provided with your Firewall software. 1.
Chapter 3 - Software Loading and Configuration 5. The following dialog box selects the COM port of your PC connected to the Command port of the ProxyServer. From the Select Port window, click on the down arrow and choose the COM port of your PC. Click OK to continue. 6. Click Finish to continue. 7. The “Do you want to download default setup?” dialog is displayed. Click Yes to download the default setup. Clicking No prevents the defaults from being down loaded to the ProxyServer.
Dual Ethernet ProxyServer User Guide IP Port Configuration This dialog allows for the configuration of IP parameters that are generally applicable to IP proxying on all ports. 8. The Secured LAN Port Parameters have to be changed to your private (secure) LAN parameters. Enter your Secured LAN Port IP Address in the IP Address field, followed by the Net Mask in its field, and finally the Default Route IP address. The Secured LAN Port IP Address can be an unregistered IP address.
Chapter 3 - Software Loading and Configuration Default WAN Link Configuration The default WAN Link(s) Setup dialog box is only used if a device is connected to the RS-232/ V.35 connector on the back panel of the ProxyServer. This connection allows your private (secured) LAN to be connected to a local ISP for Internet service. If a cable modem, DSL modem, or your public (Internet) LAN is connected to LAN 2, then the Default WAN Link has to be disabled. 13.
Dual Ethernet ProxyServer User Guide 19. The Writing Setup dialog box is displayed as the setup configuration is written to the ProxyServer. 20. Check to ensure that the FAIL LED on the ProxyServer is Off after the download is complete and the ProxyServer is rebooted. 21. Win3.1 users - you are returned to your Program Manager where the Firewall Program Group and Program Item (Windows icons) have been created. Win95 users - you are returned to the Firewall folder which will be visible on your desktop.
Chapter 4 - Firewall Software
Dual Ethernet ProxyServer User Guide Introduction This chapter describes the Firewall software used in the Dual Ethernet ProxyServer. It begins with the description of three typical applications for the ProxyServer. These configuration examples are followed by a description of the Firewall program group, and examples of how to add some of the advanced features provided with the software. Typical Applications This section describes three typical applications for the Dual Ethernet ProxyServer.
Chapter 4 - Firewall Software During the loading of the Firewall software, the Secured LAN Port Parameters group (in the IP Setup dialog box) was configured to include an unregistered IP Address of 192.168.0.101 and default Net Mask of 255.255.255.0 for the private LAN (LAN 1). The Internet LAN Port Parameters group was configured with the DHCP Client option active. This enables the Internet Services Provider (ISP) to dynamically provide the registered Internet IP addresses.
Dual Ethernet ProxyServer User Guide Configuration 2 - Existing Dual-LAN with Router Another typical configuration ties the private LAN (LAN 1) to an existing Internet Services Network, which already provides Internet services. This configuration provides firewall and gateway security for the LAN users, and supports Internet access restrictions based on IP address, client protocols, or a list of forbidden sites. Internet MTPSR1-120 Firewall IP Address 192.168.0.101 Mask 255.255.255.
Chapter 4 - Firewall Software Configuration 3 - New Dual-LAN with T1 DSU The final typical configuration adds Internet services to existing LAN users. With this configuration, the private LAN (LAN 1) is secured by the firewall while the Internet Services Network is outside the firewall allowing Internet users to access the public LAN (LAN 2) resources, such as the Web, FTP, etc. servers. The Internet connection is provided with a T1 DSU connected to the RS232 connection on the back of the unit.
Dual Ethernet ProxyServer User Guide The Internet LAN Port Parameters group is either configured with the DHCP Client option active, enabling the ISP to dynamically provide the registered Internet IP addresses, or with the DHCP Client option disabled if a static IP addressing scheme is provided by the ISP. If the DHCP Client field is deactivated the static IP Address of 204.26.12.10 is then entered and the WAN option is checked in the Internet Gateway Parameters group.
Chapter 4 - Firewall Software Firewall Program Group This section describes the advanced features of your Firewall software. The major configuration parameters are set when the software is loaded into your PC and the setup configuration is downloaded to the ProxyServer at the conclusion of the software installation. Our intent is not to cover every dialog box nor every field within a dialog box.
Dual Ethernet ProxyServer User Guide Download Firmware Update This application allows you to update the firmware of the ProxyServer. This may be necessary in the case of repair or upgrade. To download the firmware update, choose Download Firmware Update from the Firewall Program Group, and the Open dialog box is displayed (if the ProxyServer is running, you will be queried to reboot to update firmware; click OK to proceed and the Open dialog will be displayed).
Chapter 4 - Firewall Software Firewall Configuration To view or change your ProxyServer configuration in Windows 95, click on the Start | Programs | Firewall | Firewall Configuration. After loading, the Firewall Setup menu will appear.
Dual Ethernet ProxyServer User Guide Changing IP Parameters The IP Setup dialog box establishes the IP addressing for your private LAN, Public LAN, and, if the Proxy Server is directly connected to the Internet, the WAN port. To change the IP Setup parameters that were configured during the initial setup, click on the IP button in the Firewall Setup menu. The IP Setup dialog is displayed. The Secured LAN Port Parameters group is used to assign the Ethernet parameters of your private LAN (LAN 1) port.
Chapter 4 - Firewall Software The WAN Port Parameters group is used to configure the WAN port, if enabled. The WAN port parameters are established when the ProxyServer is directly connected to the Internet via the RS232/V.35 connector on the back of the unit. ISP Assigns Dynamic Address - Normally, the ISP assigns a dynamic address when the port comes up. If this is not the case, disable this option and assign a valid registered Internet address in the IP Address field.
Dual Ethernet ProxyServer User Guide Changing WAN Port Parameters In order to change the WAN port parameters of a DCE device connected to the RS232/V.35 connector on the ProxyServer, click on the WAN button in the Firewall Setup menu. The WAN Port Setup dialog box is displayed. From this dialog, you can configure the parameters of the WAN port. To enable the WAN port, click on the Port Enable check box.
Chapter 4 - Firewall Software Adding Proxy Applications Certain software on your LAN may require a TCP or UDP port usage that is not currently supported by the ProxyServer. If this is the case, you must refer to the software documentation to determine the proper port usage and number. Without this information, the Proxy will not allow packets through to the Internet from the unknown software. Once the necessary information has been determined, you can add the application(s) to the supported list.
Dual Ethernet ProxyServer User Guide Enabling the DHCP Server The DHCP Server feature of the ProxyServer manages all the IP address assignments on the private LAN. IP address management becomes completely transparent. To enable the DHCP Server ability in the ProxyServer, click on the DHCP Server button in the Firewall Setup menu. The DHCP Server Setup dialog box appears. The DHCP Server Setup menu allows you to customize each client PC configuration from one central point.
Chapter 5 - Remote Configuration and Management Enabling PPP/SLIP If you wish to use Point to Point Protocol (PPP) or Serial Line IP Protocol (SLIP) on the WAN port, you can enable in the PPP/SLIP menu. In order to configure these options, you must first enable the WAN port. To enable the WAN port, click on the WAN button in the Firewall Setup menu. The WAN Setup dialog box appears. Click on the Port Enable check box enable the WAN port. Click OK. You are returned to the Firewall Setup menu.
Dual Ethernet ProxyServer User Guide Enabling SLIP If you wish to configure the port for use with SLIP, click on the Enable check box in the SLIP group. The following message appears: Click OK. This value was assigned in the initial software installation and was downloaded to the ProxyServer at the end of the installation. If you wish to verify or change the WAN IP address, click on IP in the Firewall Setup menu.
Chapter 4 - Firewall Software Applications In addition to local configuration, the ProxyServer supports various applications which allow it to be configured remotely from anywhere on the connected Internet. To manage these applications, click Others in the Proxy Setup menu. The Applications Setup dialog box appears. Enter a valid Server Password and Server IP Address (the IP address of the ProxyServer) and then verify that the desired applications are enabled.
Dual Ethernet ProxyServer User Guide Filtering The IP Filtering Setup dialog provides tabs that let you configure the ProxyServer so that IP packets that are received by the server can be selectively filtered or forwarded based on their addresses or by the protocol ports to which they are destined. The three filtering methods are: • IP Protocol Port Based Filtering - In this method, IP packets can be filtered based on their specific purposes; e.g.
Chapter 5 - Remote Configuration and Management
Dual Ethernet ProxyServer User Guide Introduction This chapter provides procedures for changing the configuration of a remote unit. Remote configuration allows a PC at one site (local site) to dial a remote ProxyServer and change the configuration of that remote unit. Remote configuration can be accomplished either directly through the LAN or remotely using modems.
Chapter 5 - Remote Configuration and Management Verify that the Communication Type is set for COM Port and the Select Port field is set for the COM port of your local PC. In the Dial String field, enter the AT command for dialing (ATDT) plus the phone number of the remote ProxyServer.
Dual Ethernet ProxyServer User Guide LAN-Based Remote Configuration Procedure Windows Sockets Compliant TCP/IP Stack The configuration program requires a Windows Sockets compliant TCP/IP stack. TCP/IP protocol software must be installed and functional before the configuration program can be used. 1 You must assign an Internet (IP) address for the PC and for each node that will be managed by the configuration program.
Chapter 5 - Remote Configuration and Management 6 The Firewall Setup dialog box is displayed. This is the dialog box of the remote ProxyServer. Refer to the on-line help provided with your ProxyServer for the definition of each dialog box and field within a dialog box. 7 After you have changed the configuration of the remote ProxyServer, click Download Setup to update the configuration. The remote ProxyServer will be brought down, the new configuration written to the unit, and the unit will reboot.
Dual Ethernet ProxyServer User Guide Remote Management This section describes typical client applications that can be used to configure the ProxyServer remotely. It is important to note that although any subsequent changes to configuration can be made using these applications, the initial setup and configuration of the ProxyServer must be done on the local PC, using the ProxyServer software provided with your unit.
Chapter 5 - Remote Configuration and Management Firewall Management Menu The Firewall Management Menu provides two basic options: Firewall Configuration and WAN Device Configuration. A further option enables you to close the Telnet session from this menu by pressing the Esc key. Firewall Configuration Selecting Option 1 displays the Firewall Configuration menu with options that enable you to configure ProxyServer parameters and download settings.
Dual Ethernet ProxyServer User Guide WEB Management The ProxyServer can be accessed, via a standard web-browser, from anywhere on the connected Internet. In order to provide this support, the WEB Server option has to be enabled in the Applications Setup dialog box (see Chapter 4 - Firewall Software, Applications). Once enabled, users can access the ProxyServer by entering its IP address in the destination field of their web browser. The following screen appears.
Chapter 6 - Warranty, Service and Tech Support
Dual Ethernet ProxyServer User Guide Introduction This chapter starts out with statements about your Dual Ethernet ProxyServer 2-year warranty. The next section, Tech Support, should be read carefully if you have questions or problems with your ProxyServer. It includes the technical support telephone numbers, space for recording your product information, and an explanation of how to send in your ProxyServer should you require service.
Chapter 6 - Warranty, Service and Technical Support Tech Support Multi-Tech has an excellent staff of technical support personnel available to help you get the most out of your Multi-Tech product. If you have any questions about the operation of this unit, call 1800-972-2439. Please fill out the ProxyServer information (below), and have it available when you call. If your ProxyServer requires service, the tech support specialist will guide you on how to send in your ProxyServer (refer to the next section).
Dual Ethernet ProxyServer User Guide Service If your tech support specialist decides that service is required, your ProxyServer may be sent (freight prepaid) to our factory. Return shipping charges will be paid by Multi-Tech Systems. Include the following with your ProxyServer: • a description of the problem. • return billing and return shipping addresses. • contact name and phone number. • check or purchase order number for payment if the ProxyServer is out of warranty.
Chapter 6 - Warranty, Service and Technical Support The Multi-Tech BBS For customers who do not have Internet access, Multi-Tech maintains a bulletin board system (BBS). Information available from the BBS includes new product information, product upgrade files, and problem-solving tips. The phone number for the Multi-Tech BBS is (800) 392-2432 (USA and Canada) or (612) 785-3702 (international and local).
Dual Ethernet ProxyServer User Guide 5. Enter D. You will see a list of the files you have marked. Enter E if you would like to edit the list; otherwise enter D again to start the download process. 6. Select a file transfer protocol by typing the indicated letter, such as Z for Zmodem (the recommended protocol). 7. If you select Zmodem, the file will transfer automatically. If you select another protocol, you may have to initiate the transfer yourself.
Appendixes
Dual Ethernet ProxyServer User Guide Appendix A - TCP/IP (Transmission Control Protocol/ Internet Protocol) Description TCP/IP is a protocol suite and related applications developed for the U.S. Department of Defense in the 1970s and 1980s specifically to permit different types of computers to communicate and exchange information with one another. TCP/IP is currently mandated as an official U.S. Department of Defense protocol and is also widely used in the UNIX community.
Appendix A - TCP/IP Description UDP, described in RFC 768 (http://info.internet.isi.edu:80/in-notes/rfc/files/rfc768.txt) provides an end-to-end datagram (connectionless) service. Some applications, such as those that involve a simple query and response, are better suited to the datagram service of UDP because there is no time lost to virtual circuit establishment and termination. UDP’s primary function is to add a port number to the IP address to provide a socket for the application.
Dual Ethernet ProxyServer User Guide Internet Protocol (IP) IP is the Internet standard protocol that tracks Internetwork node addresses, routes outgoing messages and recognizes incoming messages, allowing a message to cross multiple networks on the way to its final destination. The IPv6 Control Protocol (IPV6CP) is responsible for configuring, enabling, and disabling the IPv6 protocol modules on both ends of the point-to-point link.
Index Index A About CompuServe ............................................ 54 About the Internet ............................................... 54 About the Multi-Tech Fax-Back Service .............. 54 Adding Proxy Applications .................................. 35 Applications ........................................................ 39 Archie ................................................................. 57 B Back Panel ........................................................... 9 Connectors ......
Dual Ethernet ProxyServer User Guide R V Remote Configuration ......................................... 42 LAN-Based Procedure .................................... 44 Modem-Based Procedure ............................... 42 Remote Management ......................................... 46 Telnet .............................................................. 46 WEB Management .......................................... 48 RS232/V.35 Connector ......................................... 9 V.35 Shunt ...........
