Network Configuration - Advanced

On this page you can do some more advanced and rarely used things with your network setup.

The name of this unit, used in a variety of network services and applications. Hostname

Static additions to the unit's routing table. Use this, for example, to make a routed subnet reachable through the unit. For an 'interface route', enter '0.0.0.0' in the “Gateway” field (or leave empty) and select the interface (under “Type”). The default gateway (“Destination” = 0.0.0.0) should not be entered here, but on the main network page.

If you have additional global IP addresses available (apart from the one used as WAN IP address of this device), you can specify here how you want to use those other addresses.

Using an address for IP redirection will allow you, for example, to redirect all or parts of IP traffic to the specified address to a dedicated inside host on the local LAN (setup port or IP redirection on the security profile page). DNAT

With IP-Alias you can also redirect traffic, but the address can also be used for internal applications like SIP. IP aliases can be assigned to any interface.

Other options allow you to bridge through a WAN IP address to an inside interface, so you can have a unit with that global IP address on your LAN. Even though it is possible to mix units having such global IP addresses with units having local IP addresses on the same interface we recommend against doing so. For increased security you are recommended to have local and global IP address units separated (eg local units on ET1, units with global IP on ET4). It is possible to add firewall rules for the bridged addresses manually using the security profile pages, by default everything is passed through.

The global IP address used by the LAN unit could be acquired dynamically by DHCP - if so, use the DHCP Relay on the DHCP Server - Advanced page. The IP address that is to be written under Additional IP addresses may then be faked (like “1.2.3.4”), it will be updated later by the DHCP Relay.

The mode Bridge: Separate IP addresses for WAN and host on ET4 could be thought of as connecting the hosts on the ET4 subnet, the WAN-network (internet) and the router's WAN interface to one and same ethernet switch. Thus, both the WAN interface and the ET4 hosts can get public IP addresses by DHCP. By setting the WAN interface on a manual faked IP address the router can be made not to interfer - the router will become an ordinary bridged (not firewalled) modem and the ET1-ET3 are not really used. 802.1D bridge

The operating mode "WAN SIParator 2" makes use of this kind of bridge.

The mode Bridge: WAN and host on ET4 share the same IP address could be used in cases where the router should act upon some traffic (e.g. SIP in a "WAN SIParator 1") but the rest should be bridged right through. And where the router is not allowed to have a public IP address of its own. The IP address is owned by the host on ET4 (the router not answering to ARP requests). Nevertheless, the router “steals” any traffic coming from Internet that match a firewall rule or a “flow” created by the router.

Listen to DHCP traffic This may be used if the host on ET4 uses dynamic address by DHCP. It will overwrite the manual IP addresses set on the Network configuration page. If “No” is selected, or the host uses static addressing, the IP address, gateway etc. must be manually entered and set to the same values as used by the host. DHCP

Bridge MAC address In addition to a common IP address, the MAC address may need to be cloned by setting it to same as the host on ET4. If the IP address is collected automatically as above, so is also the MAC address and doesn't need to be entered here. MAC address

Very few users have reason to use other than “Auto”. This setting overrides the default ATM (RFC1483, RFC2684 ) protocol for the ADSL WAN connection. ATM

Very few users have reason to use other than “Auto”. This setting makes it possible to manually enter IP address and the default gateway on the Network page, instead of letting the PPP/IPCP protocol negotiate and set these values. PPP IPCP

RIP is a protocol for exchanging routing information (i.e. information about the network topology) between routers and other network components. RIP

This unit may be set up either to receive such information, setting up its routing table accordingly, or send information about 'our' routing table, or both. There are two versions of the protocol - v1 and v2. Use of the RIP protocol can only be set up in accordance with the other components in the network. Interface selects the part(s) of the network subjected to RIP packet exchanges.

Default route cost is a way to set a kind of priority for the default gateway path, if there are several units in parallel that works as gateways to the Internet. A low cost value indicates 'prefer this router' to another router with a high cost value. Furthermore, if the WAN connectivity is lost (e.g. due to a lost ADSL link), the 'cost' of this unit is automatically raised to max value (=16), indicating that this unit should currently be avoided in preference of other routers.

Authentication RIP Version 2 supports an authentication scheme. If used, enter a Password with max. 16 characters. The password is checked when receiving RIP packets, and enclosed when transmitting packets. RIP Version 2

Accept specific routes Check this if the router should accept RIP routes to individual hosts (for example routes that are set up manually by the user), and not just general IP (interface) subnet routes.

“Poisoned reverse” flag in RFC1058 See the “Split horizon” section (2.2.1) in RFC1058.

To perform NAT (Network Address Translation), source port numbers on outgoing packets are modified. These numbers are selected from a pool of non-well-known port numbers. This port number range can be configured by the fields Port start number and Pool size. The default values should not be changed other than possibly in the "WAN SIParator 1" (single address 802.1D bridge) mode, where there is a risk of conflicts with another router/firewall also doing NAT. NAT PAT

Extra WAN Interfaces