Chapter 5: Firewall, Failover and Out of Band
112 Console Server & RIM Gateway User Manual
Note: Network forwarding allows the network packets on one network interface (i.e. LAN1/ eth0) to be forwarded to
another network interface (i.e. LAN2/eth1 or dial-out/cellular). So locally networked devices can IP connect
through the console server to devices on remote networks. IP masquerading is used to allow all the devices on
your local private network to hide behind and share the one public IP address when connecting to a public
network. This type of translation is only used for connections originating within the private network destined for the
outside public network, and each outbound connection is maintained by using a different source IP port number.
By default, all console server models are configured so that they will not route traffic between networks. To use the
console server as an Internet or external network gateway, forwarding must be enabled so that traffic can be routed from
the internal network to the Internet/external network:
 Navigate to the System: Firewall page, and then click on the Forwarding &Masquerading tab
 Find the Source Network to be routed, and then tick the relevant Destination Network to enable Forwarding
For example to configure a single Ethernet device such as an ACM5004-G as a cellular router:
 The Source Network would the Network Interface and the Destination Network would be Dialout/Cellular )
IP Masquerading is generally required if the console server will be routing to the Internet, or if the external network being
routed to does not have routing information about the internal network behind the console server.
IP Masquerading performs Source Network Address Translation (SNAT) on outgoing packets, to make them appear like
they've come from the console server (rather than devices on the internal network). When response packets come back
devices on the external network, the console server will translate the packet address back to the internal IP, so that it is
routed correctly. This allows the console server to provide full outgoing connectivity for internal devices using a single IP
Address on the external network.
By default IP Masquerading is disabled for all networks. To enable masquerading:
 Select Forwarding & Masquerading panel on the System: Firewall menu
 Check Enable IP Masquerading (SNAT) on the network interfaces where masquerading is be enabled
Generally this masquerading would be applied to any interface that is connecting with a public network such as the
Internet (e.g. for the ACM5004-G cellular router the IP masquerading would be enabled on Dialout/Cellular)
To Next Page
Loading...
Need help?
General
