Page 76 / 216 Scroll up to view Page 71 - 75
Administrator’s Handbook
76
DHCP address serving can automatically serve the WAN IP address to a LAN computer.
When
DHCP
is used for addressing the designated passthrough PC, the acquired or configured WAN address is
passed to DHCP, which will dynamically configure a single-servable-address subnet, and reserve the address for
the configured PC’s MAC address. This dynamic subnet configuration is based on the local and remote WAN
address and subnet mask.
The two
DHCP
modes assign the WAN IP information needed to the client automatically.
• You can select the MAC address of the PC you want to be the IP Passthrough client with
fixed
mode,
or,
• with “first-come-first-served” –
dynamic
– the first client to renew its address will be assigned the WAN IP.
Manual
mode is like statically configuring your PC. With Manual mode, you configure the
TCP/IP Properties
of the LAN client PC you want to be the IP Passthrough client. You then manually enter the WAN IP address,
Gateway Address, etc. that matches the WAN IP address information of your Motorola Gateway. This mode
works the same as the DHCP modes. Unsolicited WAN traffic will get passed to this client. The client is still
able to access the Motorola Gateway and other LAN clients on the 192.168.1.x network, etc.
The
Passthrough DHCP Lease
– By default, the passthrough host's DHCP leases will be shortened to two
minutes. This allows for timely updates of the host's IP address, which will be a private IP address before the
WAN connection is established. After the WAN connection is established and has an address, the passthrough
host can renew its DHCP address binding to acquire the WAN IP address. You may alter this setting.
Click
Save
. Changes take effect immediately.
A restriction
Since both the Gateway and the passthrough host will use the same IP address, new sessions that conflict with
existing sessions will be rejected by the Gateway. For example, suppose you are a teleworker using an IPSec tun-
nel from the Router and from the passthrough host. Both tunnels go to the same remote endpoint, such as the
VPN access concentrator at your employer’s office. In this case, the first one to start the IPSec traffic will be
allowed; the second one – since, from the WAN, it's indistinguishable – will fail.
Page 77 / 216
77
NAT Default Server
This feature allows you to:
Direct your Gateway to forward all externally initiated IP traffic (TCP and UDP protocols only) to a default host
on the LAN, specified by your entry in the
Internal Address
field.
Enable it for certain situations:
– Where you cannot anticipate what port number or packet protocol an in-bound application might use. For
example, some network games select arbitrary port numbers when a connection is opened.
– When you want all unsolicited traffic to go to a specific LAN host.
This feature allows you to direct unsolicited or non-specific traffic to a designated LAN station. With NAT “On” in
the Gateway, these packets normally would be discarded.
For instance, this could be application traffic where you don’t know (in advance) the port or protocol that will be
used. Some game applications fit this profile.
Click
Save
. Changes take effect immediately.
Page 78 / 216
Administrator’s Handbook
78
Link: Firewall Advanced
When you click the
Firewall Advanced
link the
Firewall Advanced
screen appears.
All computer operating systems are vulnerable to attack from outside sources, typically at the operating system or
Internet Protocol (IP) layers. Stateful Inspection firewalls intercept and analyze incoming data packets to deter-
mine whether they should be admitted to your private LAN, based on multiple criteria, or blocked. Stateful inspec-
tion improves security by tracking data packets over a period of time, examining incoming and outgoing packets.
Outgoing packets that request specific types of incoming packets are tracked; only those incoming packets consti-
tuting a proper response are allowed through the firewall.
Stateful inspection is a security feature that prevents unsolicited inbound access when NAT is disabled. You can
configure UDP and TCP “no-activity” periods that will also apply to NAT time-outs if stateful inspection is enabled
on the interface. Stateful Inspection parameters are active on a WAN interface only if enabled on your Gateway.
Stateful inspection can be enabled on a WAN interface whether NAT is enabled or not.
DoS Protection – D
enial-
0
f-
S
ervice attacks are common on the Internet, and can render an individual PC or a
whole network practically unusable by consuming all its resources. Your Gateway includes default settings to
block the most common types of DoS attacks. For special requirements or circumstances, a variety of additional
blocking characteristics is offered. See the following table.
Menu item
Function
Drop packets with invalid source or
destination IP address
Whether packets with
invalid source or destination IP address
(es)
are to be dropped
Protect against port scan
Whether to detect and drop port scans.
Drop packets with unknown ether
types
Whether packets with
unknown ether types
are to be dropped
Drop packets with invalid TCP flags
Whether packets with invalid TCP flag settings (NULL, FIN, Xmas,
etc.) should be dropped
Drop incoming ICMP Echo
requests
Whether all ICMP echo requests are to be dropped;
On
or
Off
.
Page 79 / 216
79
If you make any changes here, click the
Save
button.
Flood Limit
Whether packet flooding should be detected and offending packets
be dropped;
On
or
Off
.
Flood rate limit
Specifies the number limit of packets per second before dropping the
remainder.
Flood burst limit
Specifies the number limit of packets in a single burst before dropping
the remainder.
Flood limit ICMP enable
Whether ICMP traffic packet flooding should be detected and offend-
ing packets be dropped;
On
or
Off
.
Flood limit UDP enable
Whether UDP traffic packet flooding should be detected and offend-
ing packets be dropped;
On
or
Off
.
Flood limit UDP Pass multicast
Allows exclusion of UDP multicast traffic.
On
by default.
Flood limit TCP enable
Allows exclusion of TCP traffic.
Off
by default.
Flood limit TCP SYN-cookie
Allows TCP SYN cookies flooding to be excluded.
(Additional)
Neighbor Discovery Attack protec-
tion
Prevents downstream traffic from an upstream device that sends
excessive traffic but receives no replies;
On
or
Off
.
Reflexive ACL
When IPv6 is enabled, Reflexive Access Control Lists can deny
inbound IPv6 traffic unless this traffic results from returning outgoing
packets (except as configured through firewall rules).
Menu item
Function
Page 80 / 216
Administrator’s Handbook
80
Diagnostics
When you click the
Diagnostics
tab, the
Troubleshoot
page appears.
This automated multi-layer test examines the functionality of the Router from the physical connections to the data
traffic being sent by users through the Router.
You can run all the tests in order by clicking the
Run Full Diagnostics
button.
The device will automatically test a number of components to determine any problems. You can see detailed
results of the tests by clicking the
Details
buttons for each item.

Rate

4 / 5 based on 3 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top