Home » Lantronix Manuals » Electronics Accessories » Lantronix X300 Series » Manual Viewer

Lantronix X300 Series X300 Series User Guide Rev B - Page 162

General Settings / Inter-Zone Forwarding, Firewall Zones Configuration LAN

View all Lantronix X300 Series manuals

Add to My Manuals
Save this manual to your list of manuals

Page 162 highlights

11: Network Table 11-25 Firewall Zones Configuration (LAN) Parameters General Settings Description Name Input Enter the name of the zone. Select to accept, reject or drop the inbound traffic to all the configured zones. Output Select to accept, reject or drop the outbound traffic from all the configured zones. Forward Select to accept, reject or drop the forwarded traffic from all the configured zones. Masquerading Check to allow IP Masquerading (NAT). MSS clamping Covered networks Check to allow MSS clamping. Select the network interfaces that must be included in the zone configuration. General Settings / Inter-Zone Forwarding Allow forward to destination zones Select to allow or deny forwarding traffic to the configured destination zone. Allowed forward from source zones Select to allow or deny forwarding traffic from the configured source zone. Advanced Settings Covered devices List of raw network device names attached to this zone Covered subnets List of IP subnets attached to this zone. Restrict to address family Select IP Address family for configuring firewall for LAN zone from available options. Available Options  IPv4  IPv6  IPv4 and IPv6 Restrict Masquerading to given source subnets Enter the source subnet to which the masquerading must be restricted. Restricts Masquerading to given Enter the destination subnet to which the masquerading must be destination subnets restricted. Enable logging on this zone Check to enable logging of all the activities on the Zone. Conntrack Settings Allow "invalid" traffic Select to allow invalid traffic. More specifically, when selected, no rules can be installed that reject forwarded traffic with conntrack state equal to invalid. Disabled by default. Automatic helper assignment Automatically assign conntrack helpers for the zone. Conntrack Settings Extra source arguments Extra arguments passed directly to iptables for source classification rules. Extra destination arguments Extra arguments passed directly to iptables for destination classification rules X300 Series IoT Cellular Gateway User Guide 162

Section	Page
X300 Series IoT Cellular Gateway User Guide	1
Contents	4
List of Figures	10
List of Tables	11
1: About this Guide	15
Purpose	15
Summary of Chapters	15
Additional Documentation	17
2: Introduction	18
Key Features	18
InfiniShield™ Security	18
Software Features	18
Lantronix Software Services	19
Applications	19
SKU Information	19
Hardware Components	21
General Specification	21
Front Panel	22
Back Panel	24
LEDs	25
Cellular	26
SIM Slot	27
Antenna Connections	27
Certified Antennas	27
Antenna Selection	27
Ethernet Port (LAN)	28
Serial Port	29
Power Input	30
Power Consumption	30
Reset Button	30
Product Label	31
3: Installation	32
Package Contents	32
User Supplied Items	32
Accessories	33
Preparing to Install	34
Enabling DHCP Client on Your Computer	34
SIM Card Management	34
SIM Card Activation	34
SIM Management Portal	35
Second SIM Card	35
Lantronix Connectivity Services Links	35
Physical Installation	35
Insert SIM Card	35
Connect the Antennas	37
Connect the AC Power	37
Connect the Gateway to a Computer	38
Connect using Wi-Fi	38
Connect using Ethernet	38
Default Configuration	40
Web Admin Page	40
Wireless Access Point SSID	40
Default Interface Configuration	40
4: Web Administration Interface	41
Logging In	42
Change Passwords After Initial Login	43
Logging Out	44
5: Using Lantronix Provisioning Manager	45
Installing Lantronix Provisioning Manager	45
Accessing the Gateway Using Lantronix Provisioning Manager	45
6: Quick Setup	46
Quick Setup	46
7: Status	48
Overview (Page)	48
System Status	48
ConsoleFlow Status	49
Memory Status	50
MWAN Interfaces Status	50
Firewall Status	50
Network Status	51
Cellular Status	52
Network Status	53
Active DHCP and DHCPv6 Leases Status	53
Wireless Status	54
Dynamic DNS Status	54
Routes	55
System Log	56
Kernel Log	56
Processes	56
Realtime Graphs	57
Load	57
Traffic	58
Wireless	58
Connection	59
Load Balancing	61
Interface	61
Detail	61
Diagnostics	61
Troubleshooting	61
8: System	62
System	62
General Settings	62
Logging	63
Time Synchronization	64
Language and Style	65
Administration	65
Router Password	65
SSH Access	65
SSH-Keys	66
Software	66
Configure OPKG	67
Startup	68
Initscripts	68
Local Startup	69
Scheduled Tasks	69
LED Configuration	70
Backup / Flash Firmware	72
Actions	72
Configuration	73
Custom Commands	73
Write Custom Shell Command	73
Run Custom Shell Command	74
Reboot	74
Schedule a Reboot	74
9: VPN	76
IPsec (Internet Protocol Security)	76
OpenVPN	80
OpenVPN Instances	80
Template-based Configuration	82
Predefined templates	82
Edit the template-based configuration	82
OpenVPN Configuration File	82
Edit the OVPN Configuration File	82
10: Services	83
Agents	83
DOTA	84
Lantronix Server	84
Custom Server	84
Dynamic DNS	86
External Filesystems	89
GPS	90
Description of NMEA Messages	91
GPGGA Format	92
GPRMC Format	93
GPGSV Format	94
GPGSA Format	95
GPVTG Format	96
Keepalived	98
Keepalived Configuration	98
Logs Information	101
Page Selector	101
Reporting Agent	102
Sending Data	103
Data Format	104
Service Actions	104
SMS	105
SMS Configuration	105
SMS AT Commands	105
Ethernet SMS	108
Live Message	109
SNMPD	110
SNMP Architecture	110
SNMP Versions	110
SNMP Configuration	111
Agent Behavior	111
View-based Access Control Model (VACM)	111
SNMPv3 with User-based Security Model (USM)	112
System Information and Monitoring	112
Active Monitoring	112
Configure SNMPv1 or SNMPv2	113
Configure SNMPv3 with USM	113
SNMPTRAPD	120
SNMP-TRAP Configuration	120
uHTTPd	123
Web Server Configuration	123
Self-Signed SSL Certificate Parameters	125
11: Network	126
Interfaces	126
Interfaces Overview	126
Interface Status	128
Interface Protocols	129
Protocol Descriptions	130
Static Address	130
DHCP Client	132
DHCPv6 Client	134
PPPoE	135
QMI Cellular	138
CELLULAR Interface	140
LAN Interface	141
DHCP Server	141
WWAN and WWAN6 Interface	143
Add Virtual Interface	144
Relay Bridge	147
Wireless	148
Wireless Network Configuration	149
DHCP and DNS	152
General Settings	152
Resolv and Host Files	153
TFTP Settings	153
Advanced Settings	154
Static Leases	155
Hostnames	156
Static Routes	156
Static IPv4 Routes	156
Static IPv6 Routes	157
Diagnostics	159
Firewall	160
General Settings	160
Firewall Global Settings	160
Firewall Zones	161
Port Forwards	163
Add Port Forwarding Rule	163
Traffic Rules	164
Add Traffic Rule	165
Custom Rules	166
QoS	167
Load Balancing	169
How it works	169
Globals	169
Interfaces	170
Members	172
Policies	173
Rules	175
Notification	176
12: Bluetooth	177
Bluetooth Settings	177
Configure Bluetooth settings	177
Scan for and Pair a Device	177
Bluetooth SPP	178
Configure Bluetooth SPP Connection	179
Configure Tunnel SPP Slave	179
Configure Tunnel SPP Master	179
13: ConsoleFlow	181
Client	181
ConsoleFlow Line	182
14: Discovery	184
Query Port	184
15: Serial	185
Serial Line Statistics	185
Serial Line Configuration	185
16: SSL	187
Credentials	187
Trusted Authorities	188
17: Tunnel	190
Tunnel Statistics	190
Tunnel Modbus RTU to Modbus TCP	190
Tunnel Accept	191
Tunnel Connect	194
Hosts	195
Connecting Multiple Hosts	196
Tunnel Disconnect	197
A: Compliance Information	198
FCC Statement	199
Federal Communication Commission Interference Statement	199
ISED Statement	200
EU Declaration of Conformity	201
EU Statements	204
RF Output Power of X303F202S	210
RF Output Power of X304G002S	211
B: Power Cable Schematic	212
Power Cable Schematic	212
C: List of Acronyms and Protocols	213

Match case Limit results 1 per page

11: Network

X300 Series IoT Cellular Gateway User Guide

162

Table 11-25

Firewall Zones Configuration (LAN)

Parameters

Description

General Settings

Name

Enter the name of the zone.

Input

Select to accept, reject or drop the inbound traffic to all the configured

zones.

Output

Select to accept, reject or drop the outbound traffic from all the

configured zones.

Forward

Select to accept, reject or drop the forwarded traffic from all the

configured zones.

Masquerading

Check to allow IP Masquerading (NAT).

MSS clamping

Check to allow MSS clamping.

Covered networks

Select the network interfaces that must be included in the zone

configuration.

General Settings / Inter-Zone Forwarding

Allow forward to destination

zones

Select to allow or deny forwarding traffic to the configured destination

zone.

Allowed forward from source

zones

Select to allow or deny forwarding traffic from the configured source

zone.

Advanced Settings

Covered devices

List of raw network device names attached to this zone

Covered subnets

List of IP subnets attached to this zone.

Restrict to address family

Select IP Address family for configuring firewall for LAN zone from

available options.

Available Options



IPv4



IPv6



IPv4 and IPv6

Restrict Masquerading to given

source subnets

Enter the source subnet to which the masquerading must be restricted.

Restricts Masquerading to given

destination subnets

Enter the destination subnet to which the masquerading must be

restricted.

Enable logging on this zone

Check to enable logging of all the activities on the Zone.

Conntrack Settings

Allow "invalid" traffic

Select to allow invalid traffic. More specifically, when selected, no rules

can be installed that reject forwarded traffic with conntrack state equal

to invalid.

Disabled by default.

Automatic helper assignment

Automatically assign conntrack helpers for the zone.

Conntrack Settings

Extra source arguments

Extra arguments passed directly to iptables for source classification

rules.

Extra destination arguments

Extra arguments passed directly to iptables for destination

classification rules