User manual AIRLIVE IGR-2500

[. . . ] IGR-2500 Five-WAN Internet Gateway User's Manual Declaration of Conformity We, Manufacturer/Importer OvisLink Corp. 5F. , NO. 6, Lane 130, Min-Chuan Rd. , Hsin-Tien City, Taipei County, Taiwan Declare that the product Five-WAN Internet Gateway IGR-2500 is in conformity with In accordance with 89/336 EEC-EMC Directive and 1999/5 EC-R & TTE Directive Clause EN Description Limits and methods of measurement of radio disturbance characteristics of information technology equipment Disturbances in supply systems caused by household appliances and similar electrical equipment "Harmonics" Disturbances in supply systems caused by household appliances and similar electrical equipment "Voltage fluctuations" Information Technology equipment-Immunity characteristics-Limits And methods of measurement 55022:1998/A1 :2000/A2:2003 61000-3-2:2000 EN EN 61000-3-3:1995/ A1:2001 55024:1998/A1 :2001/A2:2003 marking EN CE Manufacturer/Importer Signature Name Position/ Title : Albert Yeh Vice President (Stamp) Date 2007/8/23 AirLive IGR-2500 CE Declaration Statement Declaration OvisLink Corp. tímto prohlasuje, ze tento AirLive IGR-2500 je ve shod se základními pozadavky a dalsími píslusnými ustanoveními smrnice 1999/5/ES. erklærer herved, Dansk [Danish] at følgende udstyr AirLive IGR-2500 overholder de væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF. [. . . ] And the first thing you have to know is the port numbers and their usages. Local IP Filtering can be defined 10 items and item 1 has the highest priority. If IP settings are conflicted, the higher priority item will be the obeyed rules. You can reserve dedicate IP address to dedicated user from Configure LAN & DHCP address. You can allow or restrict specific IP(s) to access some port numbers. Reservations IP function, by using this function, user can have dedicated IP address match to their computer NIC MAC Example 1: If you restrict the PC of IP 192. 168. 1. 13-192. 168. 1. 15 to access HTTP, the settings are: Item 1: Enable Filter entry: Block Port Number: 80 IP address: 192. 168. 1. 13-192. 168. 1. 15 Example 2: If you allow the PC of IP 192. 168. 1. 16-192. 168. 1. 18 to access FTP only, the settings are: Item 2: Enable Filter entry: Allow Port Number: 21 IP address: 192. 168. 1. 16-192. 168. 1. 18 Example 3: If you allow the PC of IP 192. 168. 1. 40, 192. 168. 1. 56, 192. 168. 1. 100-192. 168. 1. 120 to access port 50, port 53, port 100-120 only, the settings are: Item 3: Enable Filter entry: Allow Port Number: 50, 53, 100-120 IP address: 192. 168. 1. 40, 192. 168. 1. 56, 192. 168. 1. 100-120 (Figure 3-19) 26 Figure 3-19 Local IP Filtering Example Setting Protocol Port Number List Protocol TCP TCP TCP TCP UDP UDP TCP TCP TCP TCP UDP TCP UDP TCP UDP TCP TCP Service FTP SSH TELNET SMTP DNS TFTP GOTHER FINGER HTTP POP3 NFS NNTP NTP IMAP SNMP BGP WAIS Port no. 21 22 23 25 53 69 70 79 80 110 111 119 123 143 161 179 210 27 Protocol TCP TCP UDP TCP UDP UDP UDP TCP TCP TCP TCP TCP UDP TCP TCP TCP TCP Service LADP HTTPS IKE RLOGIN SYSLOG TALK RIP AFPOWERTCP Net-Meeting L2TP PPTP AOL PC Anywhere XWINDOW IRC Real-Media Port no. 389 443 500 513 514 517, 518 520 548 1503, 1702 1701 1723 5190~5194 5631~5632 6000-6063 6660~6669 7070 6000-6063 3. 8. 2 Intrusion Security AirLive IGR-2500 features Intrusion Security, to allow user setting as "BLOCK" or "PASS" function following by the table content. (Figure 3-20) Figure 3-20 Intrusion Security Intrusion Security: select Enable to enable Intrusion Security function. Block or Pass User's IP&MAC not in follow list: user can define an IP list, and decide the operating rule for the list to block or pass the connection. (Figure 3-21) Figure 3-21 Intrusion Security IP list 28 3. 8. 3 DoS Defense AirLive IGR-2500 also provides DoS (Denial of Service Defense) function to protect your network servers, hosts, routers and other devices from the attacking of villain using mass data transmission. (Figure 3-22) The default value in the display is the optimize parameter for Router. (Figure 3-23) Figure 3-22 DoS Defense Figure 3-23 Default Setting of DoS Defense 29 Some virus are using "PING" command to attack network, AirLive IGR-2500 can be defined as accept or reject "PING" command from WAN or LAN. (Figure 3-24) Figure 3-24 Disable Ping respond Function Description Checking the IP fragments. When it finds someone from WAN side tries IP Fragments Checking to attack your network using overlap IP fragments in a bad attention, this function will check over these packets and drop them. Finding out whether the source address(s) and destination address(s) are legal IP's or not. If they are illegal IP's or multicast addresses, this function will cast these packets away. Dropping the packets of "ping" which exceed the size you set. The default value is 32 bytes. IP Address spoofing Oversized Ping Drop IP Packet with Source Route Option Casing a packet away when it contains source route option(s) in its IP. Port Scan When an IP from Internet tries to scan the IP of IGR-2500 up to 10000ports/sec (default value), this function will drop all the packets from this IP within 5 minutes (default value). When a destination address and destination port of IGR-2500 receives TCP SYN packet from WAN over 10000 times (default value) in one second, IGR-2500 will close this address and port for 5 minutes (default value) temporarily. When an IP in LAN of IGR-2500 tries to send TCP SYN packet over 10000 times (default value) in one second, IGR-2500 will close this source address for 5 minutes (default value) temporarily. When a destination address of IGR-2500 receives ICMP from WAN over 10000 times (default value) in one second, IGR-2500 will close this address for 5 minutes (default value) temporarily. When an IP in LAN of IGR-2500 tries to send ICMP over 10000 times (default value) in one second, IGR-2500 will close this source address for 5 minutes (default value) temporarily. [. . . ] Below is the actual display of godaddy for Name Servers: All registrars have the same basic name server facility. For www. example. com, we use godaddy. com, and the process is: Login Manage domain Set Name Servers. We enter WAN1 and WAN2 for Custom Name Servers. 68 A. 1 Simple Load Balance (2 WAN lines; Session 1:1) Let us assume that the upload speed of WAN1 and WAN2 are the same; so we will use inbound load-balancing setting: Session with a load-balancing ratio of 1:1. In the IN-BOUND ROUTER configuration Load Balance Inbound: Step 1: Click on Add new item 69 Step 2: Enter host1. example. com two times, once for WAN1 and once for WAN2 with Address Type. Repeat the previous configuration with the same name for WAN2 at this time. [. . . ]