IP Transparency is supported on Sixnet Routers in the IndustrialPro and EnterprisePro series. To configure IP Transparency, select the option from the Advanced menu.
The “IP Transparency” menu item allows you to configure the transparent bridging capability of the SIXNET router.
IP Transparency is a special use capability. IP Transparency will take all inbound traffic to the SIXNET router and pass it transparently through to the interface specified.
This is useful when it is desired to pass traffic to a legacy firewall, or VPN concentrator located behind the SIXNET router and not to use the firewall or VPN capabilities of the SIXNET router itself.
- Click on the “IP Transparency” menu item and the following window will appear:
- Click on the pull-down at the “Enable IP Transparency?” field
The expanded display will appear, revealing the IP Transparency configuration field:
Select Internal Interface: Select the interface to be designated the "internal" interface by making the appropriate choice from the provided list. The wireless IP will be issued out of this interface.
DHCP Subnet Type: A calculated subnet will be based on the actual IP address received from the wireless network. This option is more compatible with a wide variety of routers, but will mask out nearby IP addresses. This may make other IP’s within the host network unreachable. Point-to-Point will use a /32 subnet, but is not compatible with some routers.
DHCP Lease Time: Choose the time for DHCP Leases when issuing the Transparent IP.
Allow TELNET access to this device? Select “Yes” to allow Telnet access to this device. Incoming connections on the specified port will be directed internally to port 23, instead of to the device behind the specified Internal Interface.
Selecting “Yes”: Will expand the display to include the port field for this parameter.
Enter TELNET Port: Enter the IP Port number to be used for Telnet access when Telnet access has been enabled. The port chosen will be redirected locally. Connections on this port number will not reach the device behind the specified Internal Interface.
NOTE: The default value is 2023, a value other than 23, that will still allow incoming connections on port 23 to reach the router behind the specified Internal Interface
Allow SSH access to this device? Select “Yes” to allow SSH access to this device. Incoming connections on the specified port will be directed internally to port 22, instead of to the device behind the specified Internal Interface.
Selecting “Yes”: Will expand the display to include the port field for this parameter.
Enter SSH Port: Enter the IP Port number to be used for SSH access when SSH access has been enabled. The port chosen will be redirected locally. Connections on this port number will not reach the device behind the specified Internal Interface.
NOTE: The default value is 2022, a value other than 22, but will still allow incoming connections on port 22 to reach the router behind the specified Internal Interface
Allow access to Gateway Administration Utility? Select “Yes” to allow access (for incoming TCP Port 10000 connections) to the GAU on this device. Selecting “No” will allow the connection through to the router behind the selected interface.
Allow access by Gateway Management Utility? Select “Yes” to allow access (for incoming TCP Port 7785 connections) to trigger the SIXNET router for remote check-in by the Gateway Management Utility (GMU) server. Selecting “No” will allow the connection through to the device behind the selected interface.
Enable Out-Of-Band port re-direct? Select “Yes” to allow an Out-of-Band port to be redirected locally to this router. When enabled, a new field will be enabled for entry of the (required) Port number.
Selecting “Yes”: Will expand the display to include the port field for this parameter.
Enter Port #: Enter the IP Port number to be used for Out-of-Band port redirection when the Out-of-Band local Port Re-direct mode has been enabled.
NOTE: This port must match the configured port in Out-of-Band Mgt setup.
Enable port re-directing? Select “Yes” to allow redirecting of ports to a router beyond the Gateway device (the one being configured).
Example: A device beyond the Gateway device is running a WEB server on Port 80, but an upstream router is blocking Port 80. Redirecting traffic to another port, say 8080, will allow communication with the server. This would be setup as our External port 8080 redirected to an Internal Port 80, Protocol TCP.
When this feature is enabled, a new field will appear containing a table into which multiple entries can be entered. Each entry will include the External and Internal Port numbers and a traffic type (TCP or UDP).
- Click on the “Add” button to add a port re-direction and the following pop-up window will appear:
External Port #: Enter the IP Port number to be used as the External Port for redirection. This is the port that incoming connections are destined to, on the wireless interface.
Internal Port #: Enter the IP Port number to be used as the Internal Port for redirection. This is the port that incoming connections are transformed to, in order to reach a listening process (on this same port) on the device behind the specified Internal Interface.
Protocol: Select either TCP or UDP as the protocol for which to apply the redirection from the drop down list provided.
- Click on the “Finish” button to populate the Port Re-directs screen
Enable traffic restrictions? Select “Yes” to restrict traffic to a device beyond the Gateway device (the one being configured).
When this feature is enabled, new fields will appear to allow selection of the restriction mode and a table into which multiple entries can be entered. Each entry will specify the network IP address range to which the restrictions will be applied.
Select method of traffic restriction: This field is enabled when Traffic Restrictions have been enabled. Select the restriction mode from the list provided.
- None - No filtering is performed.
- In - Allow new incoming connections from the associated subnet list only, but allow any originating outbound connections from the host behind the SIXNET router. (Inbound Restriction)
- Only - Allow connections to/from the associated subnet list only. (Inbound and Outbound Restrictions)
- Click – Click on the “Add” button to add a subnet restriction and the following pop-up window will appear:
Enter Subnet: Enter subnet range for which to restrict traffic in the CIDR form nnn.nnn.nnn.nnn/xx, where nnn is the IP Address and xx is the subnet in Network Bits format.
- Click on the “Finish” button to populate the Traffic Restrictions screen
- Click on the “Save” button and the following pop-up window will appear:
- Click on the “OK” button to acknowledge the content
- Click on the “Apply” button and the following pop-up window will appear:
- Click on the “OK” button to acknowledge the content
Disclaimer
It is the customer's responsibility to review the advice provided herein and its applicability to the system. Red Lion makes no representation about specific knowledge of the customer's system or the specific performance of the system. Red Lion is not responsible for any damage to equipment or connected systems. The use of this document is at your own risk. Red Lion standard product warranty applies.
Red Lion Technical Support
If you have any questions or trouble contact Red Lion Technical Support by clicking here or calling 1-877-432-9908.
For more information: http://www.redlion.net/support/policies-statements/warranty-statement