Previous Next Title Page Contents

Chapter 6
Internet Features

This Chapter explains when and how to use the LevelOne Broadband VPN Gateway's "Internet" Features.

Overview

The following advanced features are covered in this Chapter:

WAN Port Configuration Screen

The WAN Port Configuration screen provides an alternative to using the Wizard. It can be accessed from the Internet menu. An example screen is shown below.

Figure 28: WAN Port Screen

Data - WAN Port Screen

Identification

Hostname
Normally, there is no need to change the default name, but if your ISP requests that you use a particular "Hostname", enter it here.
Domain name
If your ISP provided a domain name, enter it here. Otherwise, this may be left blank.

IP Address

IP Address
is assigned automatically
Also called Dynamic IP Address. This is the default, and the most common.
Leave this selected if your ISP allocates an IP Address to the Wireless Router upon connection.
Specified
IP Address
Also called Static IP Address. Select this if your ISP has allocated you a fixed IP Address. If this option is selected, the following data must be entered.
  • IP Address.
    The IP Address allocated by the ISP.
  • Network Mask (Not required for PPPoE)
    This is also supplied by your ISP. It must be compatible with the IP Address above.
  • Gateway IP Address (Not required for PPPoE)
    The address of the router or gateway, as supplied by your ISP.
  • DNS IP Address
    The DNS (Domain Name Server) IP Address provided by your ISP. If required, additional DNS entries can be made on the Internet Options screen.

Login

Login Method
If your ISP does not use a login method (username, password) for Internet access, leave this at the default value "None (Direct connection)"
Otherwise, check the documentation from your ISP, select the login method used, and enter the required data.
  • PPPoE - this is the most common login method, widely used with DSL modems. Normally, your ISP will have provided some software to connect and login. This software is no longer required, and should not be used.
  • PPTP - this is mainly used in Europe. You need to know the PPTP Server address as well as your name and password.
  • Big Pond Cable - for Australia only.
  • SingTel RAS - for Singapore only.
Login User Name
The User Name (or account name) provided by your ISP.
Login Password
Enter the password for the login name above.
RAS Plan
For SingTel customers only, select the RAS plan you are on.
Server IP Address
If using PPTP or Big Pond Cable, enter the IP address of your ISP's server.
Connect automatically
If Enabled (default), a connection will automatically be made as required. If disabled, you need to establish the connection manually, using the Connect button on the Connection Details screen (accessed from the Status screen).
Disconnect
after Idle
Enable this if you wish an idle connection to be terminated.
If enabled, enter the idle time-out period (in minutes) in the field provided. After the connection to your ISP has been idle for this time period, the connection will be terminated.
If not enabled, the connection will remain open until terminated manually, or by the remote server. (Many ISPs will terminate an idle connection.)

MAC Address

MAC Address
Also called Network Adapter Address or Physical Address. This is a low-level identifier, as seen from the WAN port.
Normally there is no need to change this, but some ISPs require a particular value, often that of the PC initially used for Internet access.
You can use the Copy from PC button to copy your PC's address into this field, the Default button to insert the default value, or enter a value directly.

 

Advanced Internet Screen

Figure 29: Internet Screen

This screen allows configuration of all advanced features relating to Internet access.

Communication Applications

Most applications are supported transparently by the LevelOne Broadband VPN Gateway. But sometimes it is not clear which PC should receive an incoming connection. This problem could arise with the Communication Applications listed on this screen.

If this problem arises, you can use this screen to set which PC should receive an incoming connection, as described below.

Communication Applications

Select an Application
This lists applications which may generate incoming connections, where the destination PC (on your local LAN) is unknown.
Send incoming calls to
This lists the PCs on your LAN.
  • If necessary, you can add PCs manually, using the "PC Database" option on the advanced menu.
  • For each application listed above, you can choose a destination PC.
  • There is no need to "Save" after each change; you can set the destination PC for each application, then click "Save".

 

Special Applications

If you use Internet applications which use non-standard connections or port numbers, you may find that they do not function correctly because they are blocked by the LevelOne Broadband VPN Gateway 's firewall. In this case, you can define the application as a "Special Application".

Special Applications Screen

This screen can be reached by clicking the Special Applications button on the Advanced Internet screen.

You can then define your Special Applications. You will need detailed information about the application; this is normally available from the supplier of the application.

Also, note that the terms "Incoming" and "Outgoing" on this screen refer to traffic from the client (PC) viewpoint

Figure 30: Special Applications Screen

Data - Special Applications Screen

Checkbox
Use this to Enable or Disable this Special Application as required.
Name
Enter a descriptive name to identify this Special Application.
Incoming
Ports
  • Type - Select the protocol (TCP or UDP) used when you receive data from the special application or service. (Note: Some applications use different protocols for outgoing and incoming data).
  • Start - Enter the beginning of the range of port numbers used by the application server, for data you receive. If the application uses a single port number, enter it in both the "Start" and "Finish" fields.
  • Finish - Enter the end of the range of port numbers used by the application server, for data you receive.
Outgoing
Ports
  • Type - Select the protocol (TCP or UDP) used when you send data to the remote system or service.
  • Start - Enter the beginning of the range of port numbers used by the application server, for data you send to it. If the application uses a single port number, enter it in both the "Start" and "Finish" fields.
  • Finish - Enter the end of the range of port numbers used by the application server, for data you send to it. If the application uses a single port number, enter it in both the "Start" and "Finish" fields.

 

Using a Special Application

 

If an application still cannot function correctly, try using the "DMZ" feature.

 

DMZ

This feature, if enabled, allows one (1) computer on your LAN to be exposed to all users on the Internet, allowing unrestricted 2-way communication between the "DMZ PC" and other Internet users or Servers.

 

The "DMZ PC" is effectively outside the Firewall, making it more vulnerable to attacks. For this reason, you should only enable the DMZ feature when required.

 

URL Filter

The URL Filter allows you to block access to undesirable Web site

URL Filter Screen

Click the "Configure URL Filter" button on the Advanced Internet screen to access the URL Filter screen. An example screen is shown below.

Figure 31: URL Filter Screen

Data - URL Filter Screen

Filter Strings

Current Entries
This lists any existing entries. If you have not entered any values, this list will be empty.
Add Filter String
To add an entry to the list, enter it here, and click the "Add" button.
An entry may be a Domain name (e.g. www.trash.com) or simply a string. (e.g. ads/ )
Any URL which contains ANY entry ANYWHERE in the URL will be blocked.

Buttons

Delete/Delete All
Use these buttons to delete the selected entry or all entries, as required. Multiple entries can be selected by holding down the CTRL key while selecting. (On the Macintosh, hold the SHIFT key while selecting.)
Add
Use this to add the current Filter String to the site list.

 

Dynamic DNS (Domain Name Server)

This free service is very useful when combined with the Virtual Server feature. It allows Internet users to connect to your Virtual Servers using a URL, rather than an IP Address.

This also solves the problem of having a dynamic IP address. With a dynamic IP address, your IP address may change whenever you connect, which makes it difficult to connect to you.

The Service works as follows:

  1. You must register for the service at http://www.dyndns.org (Registration is free). Your password will be E-mailed to you.
  2. After registration, use the "Create New Host" option (at www.dyndns.org) to request your desired Domain name.
  3. Enter your data from www.dyndns.org in the LevelOne Broadband VPN Gateway 's DDNS screen.
  4. The LevelOne Broadband VPN Gateway will then automatically ensure that your current IP Address is recorded at http://www.dyndns.org
  5. From the Internet, users will be able to connect to your Virtual Servers (or DMZ PC) using your Domain name, as shown on this screen.

 

Dynamic DNS Screen

Select Internet on the main menu, then Dynamic DNS, to see a screen like the following:

Figure 32: DDNS Screen

Data - Dynamic DNS Screen

DDNS Service

DDNS Service
  • You must sign up first to create a new account before using the service. The service is free.
  • Click this link to connect to the www.dyndns.org Web site.
  • Your initial password will be E-mailed to you; you can change this later if you wish.
  • After registration, use the "Create New Host" link (on the www.dyndns.org Web site) to request a domain name.

DDNS Data

User Name
Enter the "User name" specified at the www.dyndns.org Web site when you registered.
Password
Enter your current password for www.dyndns.org
Domain Name
  • Enter your domain name, as allocated at www.dyndns.org.
  • The name should consist only of letters and the hyphen (dash). Using any other characters may cause problems..
DDNS Status
This message is returned by the DDNS Server at www.dyndns.org
  • Normally, this message should be "Update successful" (current IP address was updated on the www.dyndns.org server).
  • If the message is "No host", this indicates the host name entered was not allocated to you. You need to connect to www.dyndns.org and correct this problem.

 

Virtual Servers

This feature allows you to make Servers on your LAN accessible to Internet users. Normally, Internet users would not be able to access a server on your LAN because:

The "Virtual Server" feature solves these problems and allows Internet users to connect to your servers, as illustrated below.

Figure 33: Virtual Servers

IP Address seen by Internet Users

Note that, in this illustration, both Internet users are connecting to the same IP Address, but using different protocols.

To Internet users, all virtual Servers on your LAN have the same IP Address. This IP Address is allocated by your ISP.

This address should be static, rather than dynamic, to make it easier for Internet users to connect to your Servers.

However, you can use the DDNS (Dynamic DNS) feature to allow users to connect to your Virtual Servers using a URL, instead of an IP Address.

 

Virtual Servers Screen

The Virtual Servers screen is reached by the Virtual Servers link on the Internet menu. An example screen is shown below.

Figure 34: Virtual Servers Screen

This screen lists a number of pre-defined Servers,. providing a quick and convenient method to set up the common server types.

Data - Virtual Servers Screen

Servers

Servers
This lists a number of pre-defined Servers, plus any Servers you have defined. Details of the selected Server are shown in the "Properties" area.

Properties

Enable
Use this to Enable or Disable support for this Server, as required.
  • If Enabled, any incoming connections will be forwarded to the selected PC.
  • If Disabled, any incoming connection attempts will be blocked.
PC (Server)
Select the PC for this Server. The PC must be running the appropriate Server software.

 

Defining your own Virtual Servers

If the type of Server you wish to use is not listed on the Virtual Servers screen, you can use the Firewall Rules to allow particular incoming traffic and forward it to a specified PC (Server).

Connecting to the Virtual Servers

Once configured, anyone on the Internet can connect to your Virtual Servers. They must use the Internet IP Address (the IP Address allocated to you by your ISP).
e.g.

        http://203.70.212.52
ftp://203.70.212.52

It is more convenient if you are using a Fixed IP Address from your ISP, rather than Dynamic. However, you can use the Dynamic DNS feature, described in the following section, to allow users to connect to your Virtual Servers using a URL, rather than an IP Address.

Internet Options

This screen allows advanced users to enter or change a number of settings. For normal operation, there is no need to use this screen or change any settings.

Figure 35: Options Screen

Data - Options Screen

Backup DNS

IP Address
Enter the IP Address of the DNS (Domain Name Servers) here. These DNS will be used only if the primary DNS is unavailable.

MTU

MTU size
MTU (Maximum Transmission Unit) value should only be changed if advised to do so by Technical Support.
  • Enter a value between 1 and 1500.
  • This device will still auto-negotiate with the remote server, to set the MTU size. The smaller of the 2 values (auto-negotiated, or entered here) will be used.
  • For direct connections (not PPPoE or PPTP), the MTU used is always 1500.

 


Previous Next Title Page Contents