RC44 User Manual: Difference between revisions
No edit summary |
No edit summary |
||
Line 1,825: | Line 1,825: | ||
Once the user selects the type of tunnel then click in the save button. | Once the user selects the type of tunnel then click in the save button. | ||
'''GRE Tunnel:''' | |||
A GRE (Generic Routing Encapsulation) tunnel configuration involves setting up a virtual point-to-point connection between two endpoints over an IP network. | |||
Here the user can add/edit/delete the details of the tunnel. | |||
[[File:GRE Tunnel 1.png|thumb|633x633px]] | |||
Once the required update is done then click on update to save the changes. | |||
'''EDIT:''' | |||
[[File:GRE Tunnel.png|frameless|624x624px]] | [[File:GRE Tunnel.png|frameless|624x624px]] |
Revision as of 05:09, 3 September 2024
This page contains the user manual for RC44.
Connecting with the device to the System (Laptop/Desktop).
To log in to SILBO_RC44 by connecting the router to your laptop or desktop via LAN or using Wi-Fi, please follow the steps below.
Connecting via LAN:
Connect your laptop's LAN port to one of the router's LAN interfaces. Ensure that you select any LAN interface (there are two available) while making sure the WAN interface is not used.
How to connect with the SILBO_RC44 application
Once the LAN connection is established between the device and the laptop or the desktop
Please open the command prompt and ping go get the ip config of that device.
Type the command Ipconfig
It will provide the Ip address/url of that device through which the application can be accessed.
Log In
Open the web browser and type the IP address in the URL.
It will show the log in page of the application.
Give the valid credentials for the username and password to login to the application page.
Once the user credentials are provided it will direct to the landing page of the application.
The “Status” landing page shows all the detailed specification of the device like system, memory storage and connection tracking etc.
The application is divided in to 6 Modules.
- Info
- Settings
- Maintenance
- Status
- Features
- Logout
1.Info
The “Info” module provides the information about the devices to the user.
It provides all the specification related to the hardware, firmware, Networks and the Connection uptimes.
It has 3 submodules.
- Overview
- System Log
- Kernel Log
1.1 Overview
In overview module it displays all the specification categorically of a device like System, Memory, storage, Connection tracking, DHCP Lease.
System
In this section it displays the hardware configured specification of the device.
The specifications details are as follows,
SN | Field name | Sample value | Description |
---|---|---|---|
1 | Hostname | 22B09230239 | This field displays the router serial number of the device |
2 | Model | Silbo_RC44- EC200A | This field displays the model number of the device |
3 | Firmware Version and IPK Version | 1.16_1.13_RC3 | This field displays the firmware version and IPK version |
4 | Kernel Version | 4.14.180 | This field displays the kernel version of the device |
5 | Local Time | Monday, July 1, 2024, at 05:43:58 PM | This field displays the local time |
6 | Uptime | 0h 7m 29s | This field displays the uptime of the device |
7 | Load Average | 1.73 1.87 1.04 | This field displays the average load |
Memory
In this section it displays the memory configured specification of the device.
The specifications details are as follows.
SN | Field name | Sample value | Description |
1 | Total Available | 68676 kB / 124208 kB (55%) | This field displays the total availability of memory space in the device |
2 | Free | 59344 kB / 124208 kB (47%) | This field displays the Free memory space in the device |
3 | Cached | 312 kB / 124208 kB (0%) | This field displays the Cached memory space in the device |
4 | Buffered | 9332 kB / 124208 kB (7%) | This field displays the Buffered memory space in the device |
Storage
In this section it displays the status of storage as root and temporary usage specification of the device.
The specifications details are as follows.
SN | Field name | Sample value | Description |
1 | Root Usage |
796 kB / 15488 kB (5%) |
This field displays the total root usage of the device |
2 | Temporary Usage |
312 kB / 62104 kB (0%) |
This field displays the total temporary usage of the device |
Connection Tracking
In this section it displays the status of connection tracking for the device.
The specifications details are as follows.
SN | Field name | Sample value | Description |
1 | Active Connection | 48 / 16384 (0%) | This field displays the active connection of the device. |
DHCP Leases
In this section, it displays the DHCP lease of the temporary assignment of an IP address to a device on the network.
The specifications details are as follows.
SN | Field name | Sample value | Description |
1 | Host Name | KermaniK-LT | This field displays the configured Host Name/User Name for that device. |
2 | IPv4-Address | 192.168.10.147 | This field displays the IP address of the device. |
3 | MAC-Address | 34:73:5a:bb: ab:7a | This field displays the MAC-Address of the device. |
4 | Lease time remaining | 11h 53m 49s | This field displays the lease time remaining for the device. |
1.2 System Log
This page provides on screen System logging information.
In this page the user gets to view the system logs
1.3 Kernel Log
This page provides on-screen Kernel logging information.
In this page, the user gets to view the Kernel logs
2. Setting
In this “Setting” module the user can Configure/update all the required parameters related to Network, SIM Switch, Internet, VPN, Firewall, Loopback Rule, Remote monitoring, Tunnel as per requirement.
IT consist of 8 submodules.
- Network
- Sim Switch
- Internet
- VPN
- Firewall
- Loopback Rule
- Remote Monitoring
- Tunnel
2.1 Network
In this section the user does all the setting related configuration with reference to network like Ethernet Setting, Cellular Setting, Band lock and Operator Lock, Wi-Fi, Guest Wi-Fi, Wireless Schedule, SMS Setting, Loopback IP.
Ethernet Setting
In this page it will display all the configured port that is attached with the device.
For this device 3 ports are configured. Ethernet mode can be configured as WAN and as LAN as well. Ethernet LAN Connection settings can be configured as DHCP server or Static.
For port 3 setting
Kindly select the option LAN4 for Port 3 mode LAN/WAN. Based on the option selected the filed will also changes the user needs to configure all the required field and click on the save to save the required fields.
SN | Field name | Sample value | Description |
1 | Port 3 mode LAN/WAN | LAN | This field displays the port mode selection |
2 | Port 3 Ethernet Protocol [LAN Eth0.1] | DHCP Server | This field displays the Ethernet mode selection |
3 | Port 3 DHCP Server IP | 192.168.10.1 | This field displays DHCP server IP configured. |
4 | Port 3 DHCP Netmask | 255.255.255.0 | This field displays DHCP server Netmask address configured |
5 | Port 3 DHCP Start Address | 100 | This field displays DHCP server start address configured |
6 | Port 3 DHCP Limit | 50 | This field displays DHCP server limit |
Kindly select the option EWAN for Port 3 mode LAN/WAN. Based on the option selected the filed will also changes the user needs to configure all the required field and click on the save to save the required fields.
SN | Field name | Sample value | Description |
1 | Port 3 mode LAN/WAN | EWAN | This field displays the port mode selection |
2 | Ethernet Protocol Port 3 WAN | DHCP client | This field displays the client |
3 | Gateway | 192.168.1.1 | This field displays gateway address configured |
Click on the save once all the configuration is done and click on the update button to update all the information.
SW_LAN settings
In this part the user can configure the setting for SW_LAN
SN | Field name | Sample value | Description |
1 | SW_LAN Ethernet Protocol | DHCP Server | This field displays the Ethernet mode selection |
2 | SW_LAN DHCP Server IP | 192.168.10.1 | This field displays DHCP server IP configured. |
3 | SW_LAN DHCP Netmask | 255.255.255.0 | This field displays DHCP server Netmask address configured |
4 | SW_LAN DHCP Start Address | 100 | This field displays DHCP server start address configured |
5 | SW_LAN DHCP Limit | 50 | This field displays DHCP server limit |
6 | DNS Server | 1 | This filed display number of DSN server availability |
7 | DNS Server Address | 8.8.8.8 | This filed display the DSN server address. |
After configuring all the required information, the user should click on the save and then click on the update to update the all the required information.
Static option for SW_LAN Ethernet Protocol
Select the option of static from the drop-down menu for SW_LAN Ethernet Protocol.
SN | Field name | Sample value | Description |
1 | SW_LAN Ethernet Protocol | Static | This field displays the Ethernet mode selection |
2 | SW_LAN static IP | 192.168.5.1 | This field displays static server IP configured. |
3 | SW_LAN Netmask | 255.255.255.0 | This field displays static server Netmask address configured |
4 | DNS Server | 1 | This filed display number of DSN server availability |
5 | DSN Server Address | 8.8.8.8 | This filed display the DSN server address. |
After configuring all the required information, the user should click on the save and then click on the update to update the all the required information.
Cellular Setting
In this page, the user needs to configure the various details with respect to the SIM.
select single cellular single sim where the user must configure the APN details of the sim used for the router device. The Configurations can be done based on the SIM usage, with respect to IPV4 or IPV.
SN | Field name | Sample value | Description |
1 | Cellular Operation Mode | Single Cellular with Dual Sim | This field displays the cellular operation mode. |
2 | Cellular Modem 1 | QuectelEC200A | This field displays the modem name. |
3 | Network Mode | Automatic | This field displays the Network mode selection |
4 | SIM 1 Access Point Name | airtelgprs.com | This field displays the name of the Sim 1 access point configured. |
5 | SIM 1 PDP Type | IPV4 | This field displays the type of SIM 1 |
6 | SIM 1 Username | This field is optional, and the user can configure the name of the SIM 1 | |
7 | SIM 1 Password | This field is optional, and the user can configure the password for the SIM 1 | |
8 | SIM 1 Authentication Protocol | None | This field displays the type of protocol is being used for SIM 1 |
9 | SIM 2 Access Point Name | airtelgprs.com | This field displays the name of the Sim 2 access point configured. |
10 | SIM 2 PDP Type | IPV4 | This field displays the type of SIM 2 |
11 | SIM 2 Username | This field is optional, and the user can configure the name of the SIM 2 | |
12 | SIM 2 Password | This field is optional, and the user can configure the password for the SIM 2 | |
13 | SIM 2 Authentication Protocol | None | This field displays the type of protocol is being used for SIM 2 |
14 | Primary SIM Switchback Time (In Minutes) | 10 | This field displays the time given for sim to swich in between. |
After configuring all the required information, the user should click on the save and then click on the update to update the all the required information.
Band lock and Operator Lock
In this page, the user needs to configure the lock band and operator based on the service provider.
Bands available in the drop-down list.
2G/3G option
2G/3G: - 3G allows additional features such as mobile internet access, video calls and mobile TV. While the main function of 2G technology is the transmission of information through voice calls.
The user should select the band check box available for 2g/3g from the given list.
Bands available for selection under LTE for the bands available that zone.
Operator Selection Mode
The user needs to click on the check box of the “operator select enable” to select the operator.
Once the check box is clicked there will be a dropdown list of the operator modes from which the user needs to select the mode. The user needs to select the operator mode from the given dropdown list.
If the user selects the mode “Manual” or “Manual-Automatic” then one more text box will appear where the user must provide the operator code.
After configuring all the required information, the user should click on the save and then click on the update to update the all the required information.
Wi-Fi Setting
Wi-Fi is a family of wireless network protocols based on the IEEE 802.11 family of standards, which are commonly used for local area network of devices and internet access, allowing nearby digital devices to exchanges data by radio waves. These are the most widely used computer network, used globally in home and small office networks to link devices and to provided internet access with wireless router and wireless access point in public places. In this router has the general setting and change country code, channel, radio mode, radio passphrase as per the requirement after clicking on enable Radio button.
The user needs to select the respective radio mode based on its need. Basically, it has 3 radio mode.
Access Point mode: In Access Point mode, router connects to a wireless router through an Ethernet cable to extend the coverage of wireless signal to other network client.
Client point: In client mode, the access point connects your wired devices to a wireless network. This mode is suitable when you have a wired device with an Ethernet port and no wireless capability, for example, a smart TV, Media Player, or Game console and you want to connect it to the internet wirelessly, select the Client Mode and give the Radio SSID & client passphrase
Access point and client point: select this option for both type connection, give both SSID and passphrase.
After configuring all the required information, the user should click on the save and then click on the update to update the all the required information.
SN | Field name | Sample value | Description |
1 | Radio 0 Protocol | IEEE 802.11 b/g/n | In this dropdown the user should select which protocol is being used |
2 | Country Code | INDIA | In this dropdown the user should select which county it belongs to. |
3 | Channel | Auto | In this dropdown the user should select the proper channel to be used. |
4 | TX Power | 100 | In this text box the user should specify the power. |
5 | Channel Width | 20 MHz | In this dropdown the user should select the channel width |
6 | Radio Mode | Access point | In this drop down the user should select the mode. |
7 | Radio SSID | APClient_22B09230239 | In this text box the user should specify the SSID number |
8 | Radio Authentication | WPA2 Personal (PSK) | In this dropdown the user should select the type of authentication. |
9 | Radio Encryption | AES | In this dropdown the user should select the type of encryption required. |
10 | Radio Passphrase | In this text box the user should specify the password. | |
11 | Radio DHCP server IP | 192.168.100.1 | In this text box the user should specify the IP address of DHCP server. |
12 | Radio DHCP start address | 100 | In this text box the user should specify the start address of the DHCP. |
13 | Radio DHCP limit | 50 | In this text box the user should specify the limit for the DHCP. |
Wireless Schedule
Wi-Fi can be automatically withdrawn based on the configuration done in this section.
The user can schedule the Wi-Fi’s accessibility time during a particular period.
After configuring all the required information, the user should click on the save and then click on the update to update the all the required information.
The user can select more than one “day of the week” for scheduling the wifi working hours.
Loop back IP settings
The loopback IP address, often referred to as “localhost”. it’s used to establish network connections within the same device for testing and troubleshooting purpose.
After configuring all the required information, the user should click on the save and then click on the update to update the all the required information.
The loopback IP address, commonly represented as 127.0.0.1, is a special address used for testing network connectivity on a local machine. It allows a device to send network messages to itself without involving external networks, making it useful for troubleshooting and diagnostics.
However, this IP can be changed as per requirement and to do that, Navigating to Setting>>Network configuration>> Loopback IP settings can be changed/updated.
Above screenshot shows the configuration window from GUI/WebUI
SMS Settings
User needs to enable SMS option in SMS settings page. This option is to validate the mobile numbers using which controlling commands could be sent to the router device. 1 to 5 mobile numbers can be authenticated by choosing from “Select Valid SMS user numbers” and adding the mobile numbers below respectively. API key is the pass key used in the commands while sending SMS. Displayed in the below screen is the default API key which can be edited and changed as per choice. After addition of the mobile numbers user needs to click on save button for changes to take place.
Select valid user number max. 5 and add authorized phone number in the main menu where want to find the alert and click on SMS Response Enable, save and update button, now send SMS commands from the configured mobile number. Once the commands are received from the user phone number the board send acknowledgement as per the commands after that it will send the router’s status once it has rebooted and is operational again.
Mentioned below are a few commands which can be sent from the configured mobile number to the router device. Below two commands are One for rebooting the router device and another to get the uptime.
1) {"device":["passkey","API key"],"command":"reboot","arguments":"hardware"}
2) {"device":["passkey ","API key"],"command":"uptime"}
After configuring all the required information, the user should click on the save and then click on the update to update the all the required information.
2.2 SIM
In this page the user needs to configure the Sim for the given device.
The user needs to select from the drop-down menu on which basis the sim needs to be switched.
Once the user selects on “signal strength” then the parameters related to signal strength will pop up and the user needs to configure the parameters based on the requirement
Threshold RSRP
This Needs to be set appropriately. Incorrect setting may cause unnecessary SIM switching. ( In General a BAD RSRP value range is -140 to -115 and FAIR RSRP value range is -115 to -105).
Threshold SINR
This Needs to be set appropriately. Incorrect setting may cause unnecessary SIM switching. ( In General a BAD SNR value range is -20 to 0 and FAIR SNR value range is 0 to 13)
Once the user selects on “Data Limit” then the parameters related to Data Limit will pop up and the user needs to configure the parameters based on the requirement.
SN | Field name | Sample value | Description |
1 | SIM Switch Based on | Data Limit | The user needs to select from the drop-down menu on what basis the sim needs to be switched. |
2 | SIM 1 Data Usage Limit (In MB) | 1000 | The user needs to set the limit for the data usage for SIM 1. |
3 | SIM 2 Data Usage Limit (In MB) | 1000 | The user needs to set the limit for the data usage for SIM 2. |
4 | Periodicity | Daily | The user needs to set the pattern/frequency to switch the sims. |
5 | Day Of Month | 16 | The user needs to set the day for switching the sim. |
After configuring all the required information, the user should click on the save.
2.3 Internet
In this page the user needs to configure the internet connection to set the priority from the various options. The user should decide what kind of connection it needs to provide to the device like LAN, WAN etc. Once the connections are configured then click on save option and then on update.
If the user needs to edit on the existing configuration, then the user should click on the “EDIT” button.
SN | Field name | Sample value | Description |
1 | Name | EWAN2 | This field displays the name of the WAN connection |
2 | Priority | 1 | In this dropdown box the user need to select the priority. |
3 | Select Track IP Numbers | 2 | In this dropdown the user needs to select the track number for the Ips. |
4 | TrackIP1 | 8.8.8.8 | In this text field the user needs to set the IP address for the track 1 |
5 | TrackIP2 | 8.8.4.4 | In this text field the user needs to set the IP address for the track 1 |
6 | Reliability | 1 | Not sure what needs to be written |
7 | Count | 1 | Not sure what needs to be written |
8 | Up | 1 | Not sure what needs to be written |
9 | Down | 1 | Not sure what needs to be written |
Once the user is done with modification click on the save button to save all the changes and then click on the update button.
2.4 VPN
VPN stands for Virtual Private Network, it establishes a connection between the system and a remote server, which is owned by a VPN provider.
Creating a point-to-point tunnel that encrypts the personal data, masks the IP address, and allows to block the required website to blocks via firewalls on the internet.
There are 5 types of setting available under VPN configuration.
- General Settings
- IPSEC
- Open VPN
- Wireguard
- Zerotier
General Settings
In this page the user must choose which type of VPN connection is required for the device.
The user must select from IPSEC or Open VPN based on its requirement. If required, the user can select for both the options.
The user needs to click on the save after selecting the option based on its requirement.
IPSEC
IPSEC VPN is used to create a VPN connection between local and remote networks. To use IPSEC VPN, the user should check that both local and remote routers support IPSEC VPN feature.
In this page the user can add/edit/delete the IPSEC VPN connection for the device.
The user needs to click on the update button once the required configuration is completed.
In IPSEC the user needs to click on edit button to edit the configuration of an existing VPN connection.
Click on the save button after the required configuration.
The tunnel will show established, showing the connection has been made.
SN | Field name | Sample value | Description |
1 | IPSEC | Site to Site VPN | In this dropdown the user should select the IPSEC connection type. |
2 | IPSEC Role | Client/Server | In this dropdown box the user needs to select the IPSEC role. |
3 | Connection Type | Tunnel | In this dropdown the user needs to select the connection type. The user should select on the connection enable check box. |
4 | Connection mode | start | In this drop down list the user should select the mode for the connection. it will have route/add/start/trap mode |
5 | Remote Server IP | 1.1.1.1 | In this text field the user needs to set the IP address for the remote server. |
6 | Local ID | g300 | The user needs to set the local id. |
7 | No. of local subnets | 1 | In this dropdown the user needs to select how many subnets it will be connected. |
8 | Local Subnet 1 | 192.168.11.1/24 | In this text box the user needs to put the address of the local subnet. |
9 | Remote id | sophos | In this text box the user needs to put the id of the remote connection. |
10 | No of remote subnet | 1 | In this dropdown the user needs to select how many subnets it will be connected remotely. |
11 | Remote subnet | 192.168.10.0/24 | In this text box the user needs to put the address of the remote subnet. |
12 | Key exchange | Ikev1 | In this dropdown the user should select the which key exchange version to be selected. |
13 | Aggressive | Yes/No | In this dropdown the user should select either yes or no . |
14 | IKE lifetime | 8 | Fill according to user’s requirements. |
15 | Lifetime in seconds | 1 | Fill according to user’s requirements. |
16 | Enable DPD Detection | 1
0 |
Indicates whether Dead Peer Detection is enabled to detect a lost connection. Enable this option as per server-side settings. |
17 | Time Interval (In Seconds) | 60 | This option is available only if DPD Detection is enabled. The time interval is the interval for DPD checks. |
18 | Action | Restart/clear/hold/
trap/start |
Restart: Action to take when DPD detects a lost connection (restart the connection). Select as per server-side setting. |
19 | Authentication Method | PSK | PSK: Pre-shared key is used for authentication. Select this option for authentication as per sever side setting. |
20 | Multiple Secrets | 1/0 | Indicates whether multiple PSK secrets are used. Enable only if required. |
21 | PSK Value | ****** | Pre-shared key value (masked for security). |
*Below are Phase I and Phase II settings details*
Proposal settings Phase I | |||
---|---|---|---|
22 | Encryption Algorithm | AES 128
AES 192 AES 256 3DES |
AES 256: Encryption algorithm for Phase I. Select as per server-side configuration. Both server and client should have same configuration. |
23 | Authentication Phase I | SHA1
MD5 SHA 256 SHA 384 SHA 512 |
SHA 512: Authentication algorithm for Phase I.
Select as per server-side configuration. Both server and client should have same configuration. |
24 | DH Group | MODP768(group1)
MODP1024(group2) MODP1536(group5) MODP2048(group14) MODP3072(group15) MODP4096(group16) |
MODP2048 (group14): Diffie-Hellman group for key exchange.
Select as per server-side configuration. Both server and client should have same configuration. |
Proposal settings Phase II | |||
25 | Hash Algorithm | AES 128
AES 192 AES 256 3DES |
AES 256: Encryption algorithm for Phase II. Select as per server-side configuration. Both server and client should have same configuration. |
26 | Authentication Phase II | SHA1
MD5 SHA 256 SHA 384 SHA 512 |
SHA 512: Authentication algorithm for Phase II.
Select as per server-side configuration. Both server and client should have same configuration. |
27 | PFS Group | MODP768(group1)
MODP1024(group2) MODP1536(group5) MODP2048(group14) MODP3072(group15) MODP4096(group16) |
MODP2048 (group14): Perfect Forward Secrecy group.
Select as per server-side configuration. Both server and client should have same configuration. |
Open VPN
In the OpenVPN connection, the home network can act as a server, and the remote device can access the server through the router which acts as an OpenVPN Server gateway. To use the VPN feature, the user should enable OpenVPN Server on the router, and install and run VPN client software on the remote device.
The user needs to “upload” the respective certificate from a valid path and then click on the “Update.”
Once the OpenVPN connection starts the user will get an option to enable/disable the VPN connection as and when required.
By clicking on the enable/disable button, the user can start/stop the VPN connection.
VPN has been established.
WireGuard:
WireGuard is simple, fast, lean, and modern VPN that utilizes secure and trusted cryptography.
Click on “Edit” to start configurations as needed.
EDIT:
Click on the save button after the required configuration.
SN | Field name | Sample Value | Description |
1 | Wireguard Role | Client/Server | In this dropdown box the user needs to select the wireguard role. |
2 | Listen Port | 51820 | The UDP port on which the WireGuard client listens for incoming connections. |
3 | IP Addresses | 10.0.0.1/24 | The IP address and subnet mask assigned to the WireGuard client's interface. This address is used within the VPN. |
4 | Allowed PeerIPs | 10.1.1.1 | The IP address of the allowed peer(s) that can connect to this WireGuard client. This might need adjustment based on the actual peer IPs used in the network. |
5 | Endpoint HostIP | 10.1.1.1 | The IP address of the WireGuard server (the endpoint to which the client connects). |
6 | Endpoint HostPort | 51820 | The port on the WireGuard server to which the client connects. |
7 | PeerPublicKey | ***** | The public key of the peer (the server) the client is connecting to. This key is part of the public-private key pair used in WireGuard for encryption and authentication. |
8 | Enable Preshared key | Yes/No | This option indicates that a pre-shared key (PSK) is used in addition to the public-private key pair for an extra layer of security. |
9 | Preshared key | ***** | The actual pre-shared key value shared between the client and the server. This option appears only if you have enabled preshared key. |
Zerotier:
ZeroTier is a tool that lets you create your own private network over the internet.
Go to ZeroTier Central and sign up for a free account. In ZeroTier Central, click on "Create a Network". This will generate a unique 16-digit network ID for your new network.
Go to settings => VPN, in general settings, enable ZeroTier and save.
Copy and paste the unique 16-digit network ID in the edit section.
Click on the save button after the required configuration.
SN | Field Name | Sample Value | Description |
1 | NetworkID | Ad2769hfkw2345f4 | In this dropdown box the user needs to paste the unique 16-digit network id. |
2 | Listen Port | 9993 | Default |
2.5 Firewall
A firewall is a layer of security between the network and the Internet. Since a router is the main connection from a network to the Internet, the firewall function is merged into this device. Every network should have a firewall to protect its privacy.
There are 6 types of setting available under firewall.
- General Settings
- Port forwards
- Traffic Rules
- SNAT traffic Rules
- Parental Control
- Zone Forwarding
General Setting
General settings are subdivided into 2 parts,
1.) General settings
In general settings, the settings that are made are default settings and can be changed according to user’s preference.
Specification details are below:
SN | Field Name | Sample Value | Description |
1 | Enable SYN-flood protection | Enabled | This is enabled by default; setting can be changed if required. |
2 | Disable IPV6 | Disabled | This is enabled by default; setting can be changed if required. |
3 | Drop invalid packets | Disabled | This is enabled by default; setting can be changed if required. |
4 | TCP SYN Cookies | Disabled | This is enabled by default; setting can be changed if required. |
5 | Input | Reject/Accept | By default, the setting is ‘Reject’ but this needs to be changed to ‘Accept’ compulsory. |
6 | Output | Reject/Accept | By default, the setting is ‘Reject’ but this needs to be changed to ‘Accept’ compulsory. |
7 | Forward | Reject/Accept | By default, the setting is ‘Reject’ but this needs to be changed to ‘Accept’ compulsory. |
2.) Zone settings
In zone settings, there’s an option to add “New Zone”, according to user’s requirement.
Port Forwards:
Port forwarding is a feature in a router or gateway that allows external devices to access services on a private network.
It maps an external port on the router to an internal IP address and port on the local network, enabling applications such as gaming servers, web servers, or remote desktop connections to be accessed from outside the network.
This helps in directing incoming traffic to the correct device within a local network based on the port number, enhancing connectivity and accessibility.
EDIT
Click on the save button after the required configuration.
SN | Field name | Sample value | Description |
1 | Name | Example: Web_Server_Forward
|
Field must not be empty. Provide a name for the rule to easily identify it. |
2 | Protocol | Example: TCP+UDP
|
Select the protocol for the rule.
Options typically include TCP+UDP, TCP, UDP, ICMP, Custom. |
3 | Source zone | Example: SW_LAN
|
Select the source zone where the traffic is originating from. Options typically include EWAN2,SW_LAN,CWAN1,CWAN1_0,CWAN1_1,VPN |
4 | Source MAC address [optional] | Example: any
|
any: Leave as any if you don't want to specify a MAC address.
|
5 | Source IP address[optional] | Example: Leave blank if not needed. | Optionally specify an IP address or range. |
6 | Source port | Example: 80, 443 (if matching traffic for web server ports)
|
Specify the source port or port range. |
7 | Destination zone | Example: SW_LAN
|
Select the destination zone where the traffic is heading to. |
8 | Destination IP address | Leave blank if not needed. | Optionally specify the destination IP address or range. |
9 | Destination port | Example: 80 (if redirecting to a web server port)
|
Specify the destination port or port range. |
Traffic Rule:
"Traffic rules" refer to the policies and regulations that govern the flow of data packets within a network.
To allow new traffic, click on “Add and Edit” in “New Traffic Rule”.
EDIT
Specification details are below:
SN | Field name | Sample Value | Description |
1 | Name | Example: Allow_HTTP_and_HTTPS | Field must not be empty: Provide a descriptive name for the traffic rule. |
2 | Restrict to Address Family | 1. Options: IPv4, IPv6
2. Example: IPv4 if dealing with typical internet traffic. |
Select the address family to generate iptables rules for. |
3 | Protocol | Example: TCP+UDP | TCP+UDP: Match incoming traffic using the given protocol. |
4 | Match ICMP Type | Example: any | Match all ICMP types if set to any. Specific types can be chosen if needed. |
5 | Source Zone | Example: LAN | Specifies the traffic source zone. |
6 | Enable DDoS Prevention | Example: ‘Checked’ if you want to enable DDoS prevention measures | Enable or disable Distributed Denial of Service (DDoS) prevention. |
7 | Source MAC Address | Example: any | any: Match traffic from any MAC address or specify a particular MAC address. |
8 | Source Address | Example: 192.168.1.0/24 | Match incoming traffic from the specified source IP address or range. |
9 | Source Port | Example: any if all source ports should be matched | any: Match incoming traffic from the specified source port or port range. |
10 | Destination Zone | Example: WAN | Specifies the traffic destination zone. |
11 | Action | Example: ACCEPT | Options: ACCEPT, DROP, REJECT. Specify the action to take for matched traffic. |
12 | Limit | Example: 10/minute to limit matches to 10 times per minute. | Maximum average matching rate; specified as a number, with an optional /second, /minute, /hour, or /day suffix. |
13 | Extra arguments | Example: --log-prefix "Blocked: " to add a log prefix to log messages for this rule. | Passes additional arguments to iptables. Use with care as it can significantly alter rule behaviour. |
Click on save once configured.
SNAT Traffic Rule:
For configuring SNAT (Source Network Address Translation) traffic rules, you can control how outbound traffic from your local network is translated to a different IP address as it exits the network.
To add new source NAT,
Click on “ADD” in “New Source NAT:”
Edit
Specification details are below:
SN | Field name | Sample value | Description |
1 | Name | Example: SNAT_WAN_to_LAN | Field must not be empty: Provide a unique and descriptive name for the SNAT rule. |
2 | Protocol | Example: TCP+UDP | TCP+UDP: Select the protocols that the SNAT rule will apply to. |
3 | Source Zone | Example: wan | wan: Specifies the source zone from which the traffic originates. |
4 | Source IP Address | Example: any or a specific range like 192.168.1.0/24 | -- please choose --: Specify the source IP address or range. Leave empty if the rule applies to any source IP. |
5 | Source Port | Example: any | any: Specify the source port or port range from which the traffic originates. |
6 | Destination Zone | Example: lan | lan: Specifies the destination zone to which the traffic is directed. |
7 | Destination IP Address | Example: any or a specific IP like 192.168.1.100 | -- please choose --: Specify the destination IP address or range. Leave empty if the rule applies to any destination IP. |
8 | Destination port | Example: any | any: Specify the destination port or port range to which the traffic is directed. |
9 | SNAT IP Address | Example: 203.0.113.5 (an external IP address) | -- please choose --: Specify the IP address to which the source IP should be translated. |
10 | SNAT Port | Example: Leave empty if not needed, or specify a port like ‘12345’ | Optionally, rewrite matched traffic to a specific source port. Leave empty to only rewrite the IP address. |
11 | Extra Arguments | Example: --log-prefix "SNAT_traffic: " (to add a log prefix to log messages for this rule) | Pass additional arguments to iptables. Use with care as it can significantly alter rule behaviour. |
Click on save once configured.
Parental Control:
For configuring parental control rules, you want to set restrictions based on time, source, and destination zones, as well as specific devices.
To add parental control in firewall,
Click on “Add and Edit” in “New parental control:” field.
Edit
Specification details are given below:
SN | Field Name | Sample Value | Description |
1 | Name | Example: Parental_Control_Sunday | Field must not be empty: Provide a unique and descriptive name for the parental control rule. |
2 | Proto | all | all: This specifies that the rule will apply to all protocols. |
3 | Source Zone | Example: lan | Field must not be empty: Please look at Firewall->Zone Settings to find zone names. |
4 | Destination Zone | Example: wan | Field must not be empty: Please look at Firewall->Zone Settings to find zone names. |
5 | Source MAC Address | Example: 00:1A:2B:3C:4D:5E | Field: Enter the MAC address of the device you want to apply the parental control rule to. This is useful for restricting specific devices. |
6 | Target | Example: Reject | Accept: This specifies the action to take. For parental controls, you might want to use ‘Reject’ or ‘Drop’ to block traffic. |
7 | Weekdays | Example: Sunday | Sunday: Specify the days of the week when the rule should be active. |
8 | Month Days | Example: All | All: Specify the days of the month when the rule should be active. |
9 | Start Time (hh:mm:ss) | Example: 18:00:00 (6:00 PM) | Field must not be empty: Specify the start time when the rule should begin to apply. |
10 | Stop Time (hh:mm:ss) | Example: 22:00:00 (10:00 PM) | Field must not be empty: Specify the stop time when the rule should end. |
Click on save once configured.
Zone Forwarding:
Zone forwarding in network configuration allows traffic to be directed from one zone to another.
To ADD new zone,
Click on “Add” in “New Zone Forward:” field.
EDIT
Specification details are below:
SN | Field Name | Sample Value | Description |
1 | Source Zone | Example options: lan, wan, etc. | --please choose--: Select the source zone from which the traffic originates. |
2 | Destination Zone | Example options: lan, wan, etc. | --please choose--: Select the destination zone to which the traffic is directed. |
Click on save once configured.
2.6 Loopback Rule
In this page the user can configure the port where he want to forward the traffic to. Here the user can add/edit/delete different port ports as per the requirement.
The user should click on ‘add’ and then ‘edit’ to do the required changes in the port and enter the valid information in each section to configure the port for forwarding.
Specification details are given below:
SN | Field Name | Sample Value | Description |
1 | Name | Example: loopback | Provide a descriptive name for the rule. |
2 | Protocol | Example: TCP+UDP | TCP+UDP: Select the protocols that the rule will apply to. |
3 | Source IP Address [Optional] | Example: any or a specific IP range like 192.168.1.0/24 | Optionally specify the source IP address or range. Leave empty if the rule should apply to any source IP. |
4 | Source Port [Optional] | Example: any | any: Specify the source port or port range from which the traffic originates. any allows traffic from all ports. |
5 | Loopback IP Address | Example: 127.0.0.1 | Specify the loopback IP address. Typically, this is 127.0.0.1. |
6 | Port | Example: any | any: Specify the destination port or port range to which the traffic is directed. any allows traffic to all ports. |
7 | Action | Example: DNAT | This specifies the action to take either DNAT or SNAT. |
8 | Internal IP Address | Example: 192.168.1.100 | Field must not be empty: Specify the internal IP address to which the traffic should be redirected. |
9 | Internal Port | Example: any | Redirect matched incoming traffic to the given port on the internal host. |
Once the user is done with the required configurations, user should click save button and then click on the update to save the changes.
2.7 Remote Monitoring
In this page the user can select which equipment needs to be monitored remotely.
Once the user selects the type of RMS click on save.
NMS:
In this page the user should type the server IP or domain name in the URL then click on save.
Click on upload and start (Once key is uploaded and this option is clicked, NMS automatically starts, and this router device gets registered with the NMS server provided).
TR069
To enable the TR069 the user needs to click on the enable check box.
Once the user clicks on the check box of enable it will display all the required filed to configured.
Specification details are given below:
SN | Field Name | Sample Value | Description |
1 | Serving Interval | 300 | A value of 300 seconds means the device will check in with the ACS (auto-configuration servers) every 5 minutes. |
2 | Interface | This can be something like eth0 or wan. | This specifies the network interface used for TR-069 communication. |
3 | Username | Example: User | The username used to authenticate with the ACS. |
4 | Password | •••• | The password used to authenticate with the ACS. |
5 | URL | http://example.com | The URL of the ACS. This is where the CPE (customer-premises equipment) will send its requests and where it will receive configurations and updates from. |
The user should fill all the required fields and click on the save button.
2.8 Tunnel
Tunnels are a method of transporting data across a network using protocols which are not supported by that network.
It is further categorised into 3 sections,
1.) General Settings
2.) GRE Tunnel
3.) IPIP Tunnel
General Settings
In this page the user needs to select under which type of tunnel it needs to send the data.
Once the user selects the type of tunnel then click in the save button.
GRE Tunnel:
A GRE (Generic Routing Encapsulation) tunnel configuration involves setting up a virtual point-to-point connection between two endpoints over an IP network.
Here the user can add/edit/delete the details of the tunnel.
Once the required update is done then click on update to save the changes.
EDIT:
Here the user can add/edit/delete the details of the tunnel. Once the required update is done then it needs to click on update to save the changes.
IPIP Tunnel
In this page the user needs to add all the details of IPIP tunnels.
Once the user configured all the required fields then it needs to click on the save.
Here the user can add/edit/delete the details of the tunnel. Once the required update is done then it needs to click on update to save the changes.
3 Maintenance
In this module the user can configure/upgrade/modify the settings related to system, password, firmware and monitoring.
It includes below submodules.
- General
- Password
- Reboot
- Import and Export config
- Firmware upgrade
- Monitor Application
3.1 General
In this section the user can configure the details related to time zone and host name
SN | Field name | Sample value | Description |
1 | Local Time | 2023/12/13 12:24:11 | It displays the system current date and time. |
2 | HostName | 31B30230298 | It displays the host name. |
3 | Timezone | Asia/Kolkata | It displays in which time zone its configured. |
Once the user configures the required details then click on the save button to save all the details.
Logging
Here the user can configure the basic aspects of your device related to system.
SN | Field name | Sample value | Description |
1 | System log buffer size | 32 | This displays the log size of system buffer |
2 | External system log server | 0.0.0.0 | This displays the ip add of the external system log |
3 | External system log server port | 514 | This displays the port number of the external system log |
4 | Log output level | debug | In this drop down the user selects the level of the log output. |
5 | Cron Log level | debug | In this drop down the user selects the level of the corn log . |
Once the user configures the required details then click on the save button to save all the details.
Language and Style
Here the user can configure the basic aspects of your device related to language.
Once the user configures the required details then click on the save button to save all the details.
3.2 Password
In this module the user can set the password for the admin credentials.
Specifies the password for the guest account. If the user enter a plaintext password here, it will get replaced with a crypted password on save. The new password will be effective once the user logs out and log in again.
The user needs to write the password in the text box and click on the save button to save the password.
3.3 Reboot
In this module the user can reboot the device remotely.
To start the reboot process first the user needs to fill all the required fields.
Need to select the type of reboot for the device whether it needs to be Hardware or Software reboot.
SN | Field name | Sample value | Description |
1 | Type | Maintenance Reboot | In this dropdown list the user needs to select the type of reboot is required to configure. |
2 | Reboot Type | Hardware | In this dropdown list the user needs to select the hardware or software reboot is required. |
3 | Minutes | 59 | In this dropdown the user needs to configure the min to start the reboot activity |
4 | Hours | 22 | In this dropdown the user needs to configure the hours to start the reboot activity |
5 | Day of Month | All | In this dropdown the user needs to configure the day of the month to start the reboot activity |
6 | Month | All | In this dropdown the user needs to configure the month to start the reboot activity |
7 | Day of the week | All | In this dropdown the user needs to configure the week to start the reboot activity |
Once the user fills all the required given parameters click on the save.
To start the reboot process, click on the “Reboot Now” button.
3.4 Import and Export
In this section, User can Import & Export Configuration files of the Device.
click “Export Config” to export device configuration & settings to a text file,
click “Import Config” to import device configuration & settings from a previously exported text file.
The user need to select on the choose file to and click on the apply.
3.5 Firmware Upgrade
The user can upgrade with the latest software for the existing firmware.
Click on the flash image and chose the path where the sys-upgrade file is kept and then click on flash image, it will upgrade to the latest software once the reboot is done.
Click on the Retain Config and flash and chose the path where the sys-upgrade file is kept and then click on Retain Config and flash, it will upgrade to the latest software once the reboot is done.
Click on the Factory Reset for the complete retest of the device.
3.6 Monitor Application
4 Status
In this module the user can view the status of the router device with respect to the network, Wan, modem etc.
It has 4 submodules.
- Interfaces
- Internet
- Modem
- Route
4.1 Interfaces
In this page the user can see the traffic status for all the network through which the device works.
Looking on the network status the user can check if the cellular or the ethernet is up.
4.2 Internet
In this submodule the user can view the status of the internet connections.
To see the latest status of the internet connection the user needs to click on the refresh button.
4.3 Modem
In this sub module the user will get to know the status of the cellular interface which is installed inside the modem. The user can view all the details related to the sim in terms of Operator, Network technology, Mobile country code, Upload bandwidth, Download Bandwidth, Frequency band, RSRP, RSRQ, RSSI & SNR under this page.
4.4 Route
In this page the user can check the status of the route for the device. The ARP status can be visible in under this page.
5 Features
In this module the user can see all the features that the router device has.
This module includes the below features.
- Mac Address Binding
- URL Filtering
- Web Server
- Wi-Fi MacID Filtering
- Routing
- Others
5.1 Mac Address Binding
Under this submodule the user can configure/update/edit the IP Address for MAC
The user should write MAC address and then click on the add button. Once the address is added then click on the update button to save the modification.
The user needs to click on the Edit button to modify the preexisting configuration.
Once the user modifies the MAC address /IP Address then click on the save button to save the changes done.
The user can click on the deleted button to delete an existing configured device.
Post all the changes the user needs to click on the update to reflect all the changes in the application.
5.2 URL Filtering
In this submodule the user should provide the URL which needs to be blocked for the device.
To add the new URL for blocking, click on the Add New button.
Once the user clicks on the Add New button a new pop will appear in that page write the URL and click on the save. The user can select the status of that URL while defining the URL.
To edit / delete the existing URL the user needs to click on the edit /deleted button respectively.
Click on the save after the changes are done as per the need.
5.3 Web Server
In this submodule the user can configure webserver related parameters.
To configure the HTTP, click on the enable HTTP. Once the user clicks on the check box the HTTP Port text box will appear where the user needs to configure the port id.
Click on save buttons to save the changes.
To configure the 2nd HTTP, click on the enable HTTP. Once the user clicks on the check box the HTTP Port text box will appear where the user needs to configure the port id.
Click on save buttons to save the changes.
Click on the “Redirect https” and “RFC1918 Filter” check box to respectively and click on the save button to save the changes.
To configure the NTP sync, click on the enable NTP sync. Once the user clicks on the check box the respective text boxes will appear to configure the parameters.
Once the user configures the parameters click on the save button to save the given values.
5.4 Wi-Fi MacID Filtering
In this module the user can filter the Macids. Mac address filtering allows users to block traffic coming from certain known machines or devices.
Before adding the MacIDs the user needs to select the mode from the dropdown menu.
To Add the MacID the user needs to click on Add New option select the mac id and network name Wi-Fi 2.4G AP OR Wi-Fi 2.4G AP Guest, select enable/disable option and save it and update.
Once the required MACID and Network Name is configured the user needs to click on the save button to add the details.
The user needs to click on the edit button to do modifications on the pre-existing configuration.
Once the required MACID / Network Name is modified the user needs to click on the save button to reflect the changed value in the application.
WIFI 2.4G AP Guest
To Add the MacID the user needs to click on Add New option select the mac id and network name Wi-Fi 2.4G AP Guest, select enable/disable option and save it and update.
Once the required MACID and Network Name is configured the user needs to click on the save button to add the details.
The user needs to click on the edit button to do modifications on the pre-existing configuration.
Once the required MACID / Network Name is modified the user needs to click on the save button to reflect the changed value in the application.
5.5 Routing
In this submodule the user can configure the parameters related to routing of the device. like Target address, Networks address etc.
To add a new device the user needs to fill all the required information and click on the add button.
SN | Field name | Sample value | Description |
1 | Interface | eth0.1 | In this drop down list the user should configure the interface name. |
2 | Target | 192.168.10.1 | In this text box the user needs to insert the target IP address |
3 | IPV4 Netmask | 255.255.255.0 | In this text box the user should give the address for the IPV4Netmask |
4 | Metric | 5 | In this text box the user should insert the number of the metric. |
5 | IPV4 Gateway | 192.168.100.1 | In this text box the user should configured the address for the IPV4 Gateway. |
6 | Route Type | Unicast | In this drop down box the user should select the type of route needed for the device. |
To edit the existing device the user needs to click on the edit option.
Once the changes are done click on the save button to save all the changes.
Click on the deleted button to delete the existing device detail.
Advanced Static IPV4 Routes:
To add a new device the user needs to fill all the required information and click on the add button.
SN | Field name | Sample value | Description |
1 | Interface | eth0.1 | In this drop down list the user should configure the interface name. |
2 | To | 192.168.10.1 | In this text box the user needs to insert the target IP address |
3 | IPV4 Netmask | 255.255.255.0 | In this text box the user should give the address for the IPV4Netmask |
4 | Table | local | |
5 | From | 192.168.100.1 | In this text box the user should configured the from address for the routes |
6 | Priority | 230 |
To edit the existing device the user needs to click on the edit option.
Once the changes are done click on the save button to save all the changes.
Click on the deleted button to delete the existing device detail.
Once all the configurations are done click on the update button to reflect the changes made.
5.6 Others
In this page the user will get to do all the other miscellaneous configuration with respect to the device based on the required parameters.
SN | Utility | Action | Description |
1 | Set Date | SET | Need to set the date and time and after click command get the Date and time |
2 | Gate Date | GET | Needs to get the system date and time |
3 | IPsec status all | GET | Needs to get the IPsec details |
4 | Wi-Fi Scan | GET | Needs to get the Wi-Fi status |
5 | ipref3 client | RUN | Needs to click on the RUN to execute the command |
7 | ipref3 server | RUN | Needs to click on the RUN to execute the command |
8 | Ping | PING | Needs to click on the ping status |
9 | Traceroute | RUN | Needs to click on the ping Traceroute status |
10 | NTP Sync | SYNC | Click to Sync the NTP |
11 | Download Files | DOWNLOAD | Click to Download the files /Database |
12 | Restart Power | RESTART | Click Restart the power |
13 | Restart Modem | RESTART | Click to Restart the modem |
14 | Run at command | RUN | Click to Run the command |
15 | Show board configuration | SHOW | To Show the board configuration |
16 | Show VPN Certificate Name | SHOW | To Show VPN Certificate Name |
17 | Switch SIM to Secondary | RUN | Click to switch the SIM to secondary mode |
18 | Send Test SMS | SEND | To Send the SMS Confirmation |
19 | Readlatest SMS | READ | Click to Read the latest SMS |
20 | Data Usage | SHOW | Click to show the data usage. |
21 | Monthly Data Usage | SHOW | Click to show the monthly data usage |
22 | Modem debug Info | READ | Click to read the information about the modem debug |
23 | Scan Network operators (take>3mins) | SHOW | Click to show the Network operator |
24 | Network operators (first perform scan network operator | SHOW | Click to show the Network operator |
25 | ReadLogFiles | READ | Click to read the log files |
26 | Enable ssh | RUN | Click to Run the command |
27 | Disable ssh | RUN | Click to Run the command |
28 | Clear SIM1 Data | CLEAR | Click to clear the SIM1 data |
29 | Clear SIM2 Data | CLEAR | Click to clear the SIM data |
6 Logout
The user should click on log out option to logged out from the router application.
The user needs to click on the ok to come out of the router application.