Tripp Lite B098048 Owners Manual for B093- B097- and B098-Series Console Serve - Page 95

Firewall and Forwarding

Page 95 highlights

5. Firewall, Failover and OOB Access 5.8 Firewall and Forwarding Tripp Lite console servers with version 3.3 firmware (and later) have basic routing, NAT (Network Address Translation), packet filtering and port forwarding support on all network interfaces. This enables the console server to function as an Internet or external network gateway, via cellular connections or other Ethernet networks on two Ethernet port models: • Network Forwarding allows the network packets on one network interface (i.e. LAN1 / eth0) to be forwarded to another network interface (i.e. LAN2/eth1 or dial-out/cellular). Locally networked devices can IP connect through the console server to devices on remote networks. • IP Masquerading is used to allow all devices on your local private network to hide behind and share one public IP address when connecting to a public network. This type of translation is only used for connections originating within the private network destined for the outside public network. Each outbound connection is maintained using a different source IP port number. When using IP masquerading, devices on the external network cannot initiate connections to devices on the internal network. Port Forwards allow external users to connect to a specific port on the external interface of the console server and be redirected to a specified internal address for a device on the internal network. • With Firewall Rules, packet filtering inspects each packet passing through the firewall and accepts or rejects it based on user-defined rules. • Then Service Access Rules can be set for connecting to the console server/router itself. 5.8.1 Configuring Network Forwarding and IP Masquerading To use a console server as an Internet or external network gateway requires establishing an external network connection, then enabling forwarding and masquerading functions. Note: Network forwarding allows the network packets on one network interface (i.e. LAN1 / eth0) to be forwarded to another network interface (i.e. LAN2/eth1 or dial-out/cellular) so locally networked devices can IP connect through the console server to devices on a remote network. IP masquerading is used to allow all the devices on your local private network to hide behind and share one public IP address when connecting to a public network. This type of translation is only used for connections originating within the private network destined for the outside public network, and each outbound connection is maintained by using a different source IP port number. By default, all console server models are configured so they will not route traffic between networks. To use the console server as an Internet or external network gateway, forwarding must be enabled so traffic can be routed from the internal network to the Internet/external network. 95

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288

95
5. Firewall, Failover and OOB Access
5.8 Firewall and Forwarding
Tripp Lite console servers with version 3.3 firmware (and later) have basic routing, NAT (Network Address Translation), packet
filtering and port forwarding support on all network interfaces. This enables the console server to function as an Internet or
external network gateway, via cellular connections or other Ethernet networks on two Ethernet port models:
Network Forwarding
allows the network packets on one network interface (i.e. LAN1 / eth0) to be forwarded to another
network interface (i.e. LAN2/eth1 or dial-out/cellular). Locally networked devices can IP connect through the console server
to devices on remote networks.
IP Masquerading
is used to allow all devices on your local private network to hide behind and share one public IP address
when connecting to a public network. This type of translation is only used for connections originating within the private
network destined for the outside public network. Each outbound connection is maintained using a different source IP port
number.
When using IP masquerading, devices on the external network cannot initiate connections to devices on the internal
network.
Port Forwards
allow external users to connect to a specific port on the external interface of the console server and
be redirected to a specified internal address for a device on the internal network.
• With
Firewall Rules
, packet filtering inspects each packet passing through the firewall and accepts or rejects it based on
user-defined rules.
• Then
Service Access Rules
can be set for connecting to the console server/router itself.
5.8.1 Configuring Network Forwarding and IP Masquerading
To use a console server as an Internet or external network gateway requires establishing an external network connection, then
enabling forwarding and masquerading functions.
Note:
Network forwarding allows the network packets on one network interface (i.e. LAN1 / eth0) to be forwarded to another network
interface (i.e. LAN2/eth1 or dial-out/cellular) so locally networked devices can IP connect through the console server to devices on a remote
network. IP masquerading is used to allow all the devices on your local private network to hide behind and share one public IP address when
connecting to a public network. This type of translation is only used for connections originating within the private network destined for the
outside public network, and each outbound connection is maintained by using a different source IP port number.
By default, all console server models are configured so they will not route traffic between networks. To use the console server
as an Internet or external network gateway, forwarding must be enabled so traffic can be routed from the internal network to
the Internet/external network.