16

Management

Embedded Web Server

There is no specialized software to install on your PC to configure, manage, or maintain

your Motorola Netopia® Gateway. Web pages embedded in the operating system provide

access to the following Gateway operations:

•

Setup

•

System and security logs

•

Diagnostics functions

Once you have removed your Motorola Netopia® Gateway from its packing container and

powered the unit up, use any LAN attached PC or workstation running a common web

browser application to configure and monitor the Gateway.

Diagnostics

In addition to the Gateway’s visual LED indicator lights, you can run an extensive set of

diagnostic tools from your Web browser.

Two of the facilities are:

•

Automated “Multi-Layer” Test

The

link initiates a sequence of tests. They examine the entire

functionality of the Gateway, from the physical connections to the data traffic.

•

Network Test Tools

Three test tools to determine network reachability are available:

Ping

- tests the “reachability” of a particular network destination by sending an ICMP

echo request and waiting for a reply.

NSLookup

- converts a domain name to its IP address and vice versa.

TraceRoute

- displays the path to a destination by showing the number of hops and the

Gateway addresses of these hops.

The system log also provides diagnostic information.

17

Management

☛

NOTE:

Your Service Provider may request information that you acquire from these var-

ious diagnostic tools. Individual tests may be performed at the command line.

(

See “Command Line Interface” on page 163.

).

18

Security

Remote Access Control

You can determine whether or not an administrator or other authorized person has access

to configuring your Gateway. This access (either time-restricted or unlimited until the router

is rebooted) can be turned on or off in the Web interface. Additionally, permanent remote

access can be configured in the CLI.

Password Protection

Access to your Motorola Netopia® device can be controlled through two access control

accounts,

Admin

or

User

.

•

The

Admin

, or administrative user, performs all configuration, management or mainte-

nance operations on the Gateway.

•

The

User

account provides monitor capability

only

.

A user may

NOT

change the configuration, perform upgrades or invoke maintenance

functions.

Network Address Translation (NAT)

The Motorola Netopia® Gateway Network Address Translation (NAT) security feature lets

you conceal the topology of a hard-wired Ethernet or wireless network connected to its LAN

interface from Gateways on networks connected to its WAN interface. In other words, the

end computer stations on your LAN are

invisible

from the Internet.

Only a

single WAN IP address

is required to provide this security support for your entire

LAN.

LAN sites that communicate through an Internet Service Provider typically enable NAT,

since they usually purchase only one IP address from the ISP.

•

When NAT is

ON

, the Motorola Netopia® Gateway “proxies” for the end computer sta-

tions on your network by pretending to be the originating host for network communica-

tions from non-originating networks. The WAN interface address is the only IP address

exposed.

19

Security

The Motorola Netopia® Gateway tracks which local hosts are communicating with which

remote hosts. It routes packets received from remote networks to the correct computer

on the LAN (Ethernet) interface.

•

When NAT is

OFF

, a Motorola Netopia® Gateway acts as a traditional TCP/IP router, all

LAN computers/devices are exposed to the Internet.

A diagram of a typical NAT-enabled LAN follows:

☛

NOTE:

1. The default setting for NAT is

ON

.

2. Motorola uses Port Address Translation (PAT) to implement the NAT facility.

3. NAT Pinhole traffic (discussed below) is always initiated from the WAN side.

WAN

Interface

LAN

Ethernet

Interface

Motorola Netopia® Gateway

NAT

Internet

Embedded Admin Services:

HTTP-Web Server and Telnet Server Port

NAT-protected

LAN stations

Ethernet

20

Motorola Netopia® Advanced Features for NAT

Using the NAT facility provides effective LAN security. However, there are user applications

that require methods to selectively by-pass this security function for certain types of Inter-

net traffic.

Motorola Netopia® Gateways provide special gaming and other service configuration tools

that enable you to establish NAT-protected LAN layouts that still provide flexible by-pass

capabilities.

Some of these rules require coordination with the unit’s embedded administration ser-

vices: the internal Web (HTTP) Port (TCP 80) and the internal Telnet Server Port (TCP 23).

Internal Servers

The internal servers are the embedded Web and Telnet servers of the Gateway. You would

change the internal server ports for Web and Telnet of the Gateway if you wanted to have

these services on the LAN using pinholes or the Default server. Pinhole configuration rules

provide an internal port forwarding facility that enables you to eliminate conflicts with

embedded administrative ports 80 and 23.

Default Server

This feature allows you to:

•

Direct your Gateway to forward all externally initiated IP traffic (TCP and UDP protocols

only) to a default host on the LAN.

•

Enable it for certain situations:

Where you cannot anticipate what port number or packet protocol an in-bound applica-

tion might use.

For example, some network games select arbitrary port numbers when a connection is

opened.

When you want all unsolicited traffic to go to a specific LAN host.

Combination NAT Bypass Configuration

Specific Games and services and Default Server settings, each directed to different LAN

devices, can be used together.