====== Network Configuration - Advanced ======

On this page you can do some more advanced and rarely used things with your network setup.

==== Hostname ====
The name of this unit, used in a variety of network services and applications. [[wp>Hostname]]

==== Add routes ====
{{ :web_gui:advanced_network_configuration.png?300|Advanced Network Configuration in rel 5.30}}

Static additions to the unit's [[wp>Routing_table|routing table]].
Use this, for example, to make a routed subnet reachable through the unit. For an 'interface route', enter '0.0.0.0' in the "Gateway" field (or leave empty) and select the interface (under "Type"). The default gateway ("Destination" = 0.0.0.0) should not be entered here, but on the [[Network page|main network page]].

==== Additional IP addresses ====
If you have additional global IP addresses available (apart from the one used as WAN IP address of this device), you can specify here how you want to use those other addresses.

Using an address for //IP redirection// will allow you, for example, to redirect all or parts of IP traffic to the specified address to a dedicated inside host on the local LAN (setup port or IP redirection on the security profile page). [[wp>NAT|DNAT]]

With //IP-Alias// you can also redirect traffic, but the address can also be used for internal applications like SIP. IP aliases can be assigned to any interface.

Other options allow you to //bridge// through a WAN IP address to an inside interface, so you can have a unit with that global IP address on your LAN. Even though it is possible to mix units having such global IP addresses with units having local IP addresses on the same interface we recommend against doing so. For increased security you are recommended to have local and global IP address units separated (eg local units on ET1, units with global IP on ET4). It is possible to add firewall rules for the bridged addresses manually using the security profile pages, by default everything is passed through.

The global IP address used by the LAN unit could be acquired dynamically by DHCP - if so, use the **DHCP Relay** on the [[DHCP Server|DHCP Server - Advanced]] page. The IP address that is to be written under **Additional IP addresses** may then be faked (like "1.2.3.4"), it will be updated later by the DHCP Relay. 

==== Bridge (802.1D) WAN to ET4 ====
The mode ** Bridge: Separate IP addresses for WAN and host on ET4 ** could be thought of as connecting the hosts on the ET4 subnet, the WAN-network (internet) and the router's WAN interface to one and same ethernet switch. 
Thus, both the WAN interface and the ET4 hosts can get public IP addresses by DHCP. 
By setting the WAN interface on a manual faked IP address the router can be made not to interfer - the router will become an ordinary bridged (not firewalled) modem and the ET1-ET3 are not really used. [[wp>IEEE_802.1D|802.1D bridge]]

{{:web_gui:bridge_8021.jpg|}}

The operating mode [[network:operational_modes#WAN SIParator 2|"WAN SIParator 2"]] makes use of this kind of bridge.

The mode ** Bridge: WAN and host on ET4 share the same IP address ** could be used in cases where the router should act upon some traffic (e.g. SIP in a [[network:operational_modes#WAN SIParator 1|"WAN SIParator 1"]]) but the rest should be bridged right through. 
And where the router is not allowed to have a public IP address of its own. 
The IP address is owned by the host on ET4 (the router not answering to ARP requests). 
Nevertheless, the router "steals" any traffic coming from Internet that match a firewall rule or a "flow" created by the router.

** Listen to DHCP traffic ** This may be used if the host on ET4 uses dynamic address by DHCP. 
It will overwrite the manual IP addresses set on the Network configuration page. 
If "No" is selected, or the host uses static addressing, the IP address, gateway etc. must be manually entered and set to the same values as used by the host. [[wp>DHCP|DHCP]]

** Bridge MAC address ** In addition to a common IP address, the MAC address may need to be cloned by setting it to same as the host on ET4. 
If the IP address is collected automatically as above, so is also the MAC address and doesn't need to be entered here. [[wp>MAC_address|MAC address]]

==== ATM Encapsulation ====
Very few users have reason to use other than "Auto". This setting overrides the default ATM (RFC1483, [[http://tools.ietf.org/html/rfc2684|RFC2684]] ) protocol for the ADSL WAN connection. [[wp>Asynchronous_Transfer_Mode|ATM]]

==== PPP IP address handling ====
Very few users have reason to use other than "Auto". This setting makes it possible to manually enter IP address and the default gateway on the Network page, instead of letting the PPP/IPCP protocol negotiate and set these values. [[wp>Point-to-Point_Protocol|PPP]] [[wp>IPCP]]

==== RIP (Routing Information Protocol) ====
RIP is a protocol for exchanging routing information (i.e. information about the network topology) between routers and other network components. [[wp>Routing_Information_Protocol|RIP]]

This unit may be set up either to //receive// such information, setting up its routing table accordingly, or //send// information about 'our' routing table, or both. There are two versions of the protocol - v1 and v2. Use of the RIP protocol can only be set up in accordance with the other components in the network. **Interface** selects the part(s) of the network subjected to RIP packet exchanges.

** Default route cost ** is a way to set a kind of priority for the default gateway path, if there are several units in parallel that works as gateways to the Internet. A low cost value indicates 'prefer this router' to another router with a high cost value. Furthermore, if the WAN connectivity is lost (e.g. due to a lost ADSL link), the 'cost' of this unit is automatically raised to max value (=16), indicating that this unit should currently be avoided in preference of other routers.

** Authentication ** RIP Version 2 supports an authentication scheme. If used, enter a **Password** with max. 16 characters. The password is checked when receiving RIP packets, and enclosed when transmitting packets. [[http://tools.ietf.org/html/rfc2453|RIP Version 2]]

** Accept specific routes ** Check this if the router should accept RIP routes to individual hosts (for example routes that are set up manually by the user), and not just general IP (interface) subnet routes.

** "Poisoned reverse" flag in RFC1058 ** See the "Split horizon" section (2.2.1) in [[http://tools.ietf.org/html/rfc1058|RFC1058]].

==== NAT ports usage ====

To perform NAT (Network Address Translation), source port numbers on outgoing packets are modified. 
These numbers are selected from a pool of non-well-known port numbers. 
This port number range can be configured by the fields **Port start number** and **Pool size**. 
The default values should not be changed other than possibly in the [[network:operational_modes#WAN SIParator 1|"WAN SIParator 1"]] (single address [[advanced_network_configuration#Bridge (802.1D) WAN to ET4|802.1D bridge]]) mode, where there is a risk of conflicts with another router/firewall also doing NAT. [[wp>Network_address_translation|NAT]] [[wp>Port_address_translation|PAT]]


===== Extra WAN Interfaces =====
[[Extra WAN Interfaces]]