Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Arctic networking properties
Document related concepts
Airborne Networking wikipedia , lookup
Wireless security wikipedia , lookup
Computer network wikipedia , lookup
Deep packet inspection wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
TCP congestion control wikipedia , lookup
Parallel port wikipedia , lookup
Network tap wikipedia , lookup
Distributed firewall wikipedia , lookup
Internet protocol suite wikipedia , lookup
Point-to-Point Protocol over Ethernet wikipedia , lookup
Remote Desktop Services wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Dynamic Host Configuration Protocol wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Transcript
Arctic Networking Properties Jari Lahti, CTO Wireless Industry General networking properties Solutions Network menu WiFi BLUETOOTH EDGE CDMA UMTS GPRS WiMax Summary Summary • Shows the status of all active network interfaces – loopback, Ethernet, SSH-VPN, L2TP-Tunnel, Dial-In • Shows the routing table • Shows the ARP cache WiFi BLUETOOTH EDGE CDMA UMTS GPRS WiMax Ethernet Ethernet • 10 Base-T or 100 Base-T – supports auto negotiation – supports half duplex and full duplex • Shielded Ethernet connection, shield connected to power supply ground – when using shielded cable consider the possible potential differences Ethernet settings • Override Ethernet configuration by DHCP? – – • Host name – – • • NOTE – Arctic must have only one default route (Ethernet, GPRS, Tunnel) enabled simultaneously! – The IP address of default gateway on LAN Use only when Ethernet should be used as default route Disable by entering 0 DNS servers – • The network mask of Ethernet network Default gateway – – • The IP address of Arctic Ethernet interface (LAN) Network mask – • The Host name of Arctic Identifies Arctic on SSH-VPN and L2TP Tunnels. Each Arctic must have different hostname on Tunneling configurations Ethernet IP address – • Enable if Arctic should fetch the Ethernet configuration from DHCP server on LAN Make sure the Default gateway is not enabled by DHCP server if other interface (Tunnel, GPRS) should be used as default route Addresses of DNS servers MAC address – shows Arctic's MAC/HW address WiFi BLUETOOTH EDGE CDMA UMTS GPRS WiMax GPRS GPRS • • • • • • • • General Packet Radio Service Wireless packet data channel Based on GSM technology and networks Designed for TCP/IP traffic Dynamic radio channel allocation Faster data transfer compared to GSM data Pricing based on amount of data Different pricing models, subscription and operator dependent – X EUR / MB (typically 0,5 - 2 EUR/MB) – X EUR / 100 MB (typically 5 - 15 EUR / 100 MB) – X EUR / Unlimited communication (typically 10 - 20 EUR) • Public network, Global - low initial investments GPRS throughput • Class 10 (4 downlink channels, 2 uplink channels) CS1 CS2 CS3 CS4 Uplink Downlink speed speed 18,1 36,2 26,8 53,6 31,2 62,4 42,8 107,0 CODING SCHEMES: CS1 => 9.05 kbps CS2 => 13.4 kbps CS3 => 15.6 kbps CS4 => 21.4 kbps • Typically CS1 and CS2 supported by GPRS networks • Table above indicates maximum throughput – practical throughput ~ 70-80% of maximum – ~5 kB/sec download • Round-trip times 350 ms - 2 sec – first packets typically have longer delays GPRS settings • GPRS enabled – • Access point name – – – • – Maximum MTU value – • – Enable if GPRS is used as a default route to external networks (typically when plain GPRS is used) Disable if other connection (Tunnel, Ethernet) is used as a default route to external networks – NOTE – Arctic must have only one default route (Ethernet, GPRS, Tunnel) enabled simultaneously! • Data only - GPRS LED blinks when data is transmitted Informative - GPRS LED indicates data and GPRS registration status GPRS username & password – – • The PIN code of GPRS SIM card (e.g. 1234) Non-numeric value causes Arctic not to try PIN code The SIM card must have at least 2 tries left Led indication – Maximum size of sent GPRS packet in bytes Default route – • • mandatory parameter public APN usually "INTERNET" private APN (e.g. viola.fi) requires operator contract PIN code – – • Set Yes to allow GPRS communication Username and password required by APN Use ”dummy” values e.g. user and pass even when not required by APN PPP idle timeout – If GPRS connection is idle more than defined amount of seconds Arctic will re-establish GPRS connection – The ICMP Echo sending interval of monitor should be smaller than PPP idle timeout in order to have uninterrupted connetion GPRS LED • On "Data only" mode the GPRS LED blinks when Arctic transmits GPRS data • On "Informative" mode the GPRS LED behaves following way – OFF: GPRS Modem turned off – 600 ms ON / 600 ms OFF: No SIM card inserted or no PIN entered, or network search in progress – 75 ms ON / 3 s OFF: Logged to network – 75 ms ON / 75 ms OFF / 75 ms ON / 3 s OFF: GPRS activated – Flashing slow: Indicates GPRS data transfer – ON: GSM Data call on progress WiFi BLUETOOTH EDGE CDMA UMTS GPRS Dial - in GSM Data WiMax Dial-in • It is possible to dial-in into Arctic with GSM data call – To configure Arctic in situations where GPRS connection is not possible – Public APN, Firewall blocks, D-NAT forwards TCP ports 22 (SSH), 23 (Telnet) or 80 (HTTP), Tunnel problems – Installed but unconfigured device • The SIM card must allow incoming data calls • Dial-in is enabled in Arctic by default • change the default username and password for Dial-in • When dial-in is active the GPRS data is suspended • Dial-in uses PPP protocol, not plain data. GSM data Dial-in settings • Dial-in enabled – • Require authentication (PAP) – • NOTE – also SMS Config is available for remote configuration in situations where GSM data is not possible • If the dial-in connection is idle more than defined timeout of seconds Arctic closes the connection Local IP address – – • The required username/password combination Idle timeout – • Set Yes to require password/username authentication for PPP connection Required username & password – • Set Yes to allow incoming data calls The IP address Arctic allocates itself in PPP connection After the connection is established the Arctic can be reached by using this IP address Peer's IP address – The IP address Arctic allocates for Peer (e.g. Laptop computer) in PPP connection Configuring Dial-In on Windows • Modem needs to be installed on PC (conventional PSTN or GSM modem) • • • • • • • • • • • • Go to Control Panel > Network connections Select "Create new Connection" Network connection type is "Connect to the Internet" Select "Set up my connection manually" Select "Connect using a dial-up modem" Select suitable modem ISP name can be e.g. Arctic or the hostname of Arctic Type the Arctic SIM card number as number to dial – Arctic SIM must support incoming GSM data call Type the username and password for Arctic Dial-in – "user" and "pass" by default Uncheck "Make this the default internet connection" Press finish - the Dial-in connection is configured To Dial-in to Arctic double-click the created connection icon on Control Panel > Network connections WiFi BLUETOOTH EDGE CDMA UMTS GPRS SSH-VPN Tunneling WiMax SSH-VPN • Secure and authenticated VPN tunnel – – – • • Extra GPRS data caused by SSH-VPN ~ 50-60 bytes/packet Tunnel establishment takes more time and data than with L2TPTunneling – • • uses SSH protocol authentication with 1024 bit RSA keys communicating parties must know each other's public keys in order to be able to authenticate Operators usually drop GPRS connections after X hours When SSH-VPN Tunnel is succesfully formed the "Status" LED of Arctic lits SSH uses TCP protocol – – – TCP is connection oriented protocol - possible NAT devices between Arctic and M2M GW maintains NAT binding without keepalive data Each packet must be acknowledged by receiver with ACK packet If the "tunneled" data also uses TCP this leads situation where multiple ACK packets are sent. This increases the amount of data transmitted and decreases performance on interactive applications Usually combined to a single packet USER TCP DATA OVER SSH SSH ACK USER TCP ACK OVER SSH SSH ACK SSH-VPN settings • Use SSH-VPN – • Interface – • Routing mode – – • "None" used if the SSH-VPN is a default route • already and Arctic is not required to advertise any specific network to Ethernet with Proxy-ARP • "Tunnel the following network" used to tell the Arctic which network is reachable behind tunnel. This must be used when the remote network is a subnet of the network in Ethernet interface or • when the SSH-VPN is not the default route of Arctic Remote network IP & mask – Defines the remote network behind tunnel Define the interface (GPRS or Ethernet) used to form SSH-VPN Tunnel Default route – • Set Yes to allow SSH-VPN operation – – Enable if the SSH-VPN tunnel is the primary comunication channel Usually this should be enabled If enabled all other default gateways (Ethernet, GPRS) must be disabled Tunnel server IP – The public IP address of M2M Gateway Tunnel server port – The TCP port M2M Gateway listens for incoming SSH connections Tunnel server GW – If Ethernet is used and M2M Gateway is not in same LAN as Arctic this field must contain the IP address of LAN's default gateway SSH-VPN key management • Local SSH public key – The public SSH key of Arctic. This must be copied to M2M Gateway – Use SHIFT-END to select the whole key and copy with CNTRL-C – Paste to M2M GW with CNTRL-V • Server SSH key – Shows the public key of M2M GW if the key is known by Arctic • Retrieve SSH server key – Uses HTTP (TCP port 80) to fetch the public key from M2M GW • Insert SSH server key – Paste the public key of M2M GW here manually if the "retrieve" method does not work Common SSH-VPN problems • Most of the problems are routing-related – – – • SSH-VPN can not be established – – – • Check the Arctic monitor pings the other end of tunnel, not the public IP address SSH-VPN drops after several hours – • Check the SSH-VPN interface (GPRS or Ethernet) Check the public keys. M2M GW and Arctic must know each other's public keys Check the firewall in M2M GW side to allow TCP port 22 SSH-VPN works only certain time if operator closes PDP contexts – • Multiple default routes defined to Arctic, there must be only one default route/default gateway defined "Remote network IP" and "Remote network mask" are incompatible in Arctic. Check the routes in Network>Summary when tunnel is active "Remote network IP" and "Remote network mask" are incompatible in M2M GW. Check with "route" command on M2M GW when tunnel is active. Check how often the operator drops GPRS connections SSH-VPN is slow or high variance in response times – "TCP over TCP" decreases performance, consider L2TP Tunnel WiFi BLUETOOTH EDGE CDMA UMTS GPRS WiMax L2TP TUNNEL L2TP TUNNEL • Plain tunneling without strong authentication or encryption – – • • • • • • Very fast data transfer and small delays when compared to other tunnels Very fast tunnel establishment Suitable for bringing full routing to private-APN systems Suitable for applications not requiring strong security Extra GPRS data caused by L2TP Tunnel ~ 30-40 bytes/packet L2TP uses UDP – – – • M2M Gateway authenticates the Arctic only by user/password combination Data is not encrypted UDP is connectionless protocol - possible NAT devices (APN, firewall) between Arctic and M2M GW may maintain the NAT binding only 30-60 seconds In order to keep the NAT binding valid additional keepalive data may be required Ask the NAT binding timeout from operator! When L2TP Tunnel is succesfully formed the "Status" LED of Arctic lits L2TP-TUNNEL settings • Use L2TP-VPN – • Interface – • – – Routing mode – – • • "None" used if the L2TP is a default route already and Arctic is not required to advertise any specific network to Ethernet with Proxy-ARP "Tunnel the following network" used to tell the Arctic • which network is reachable behind tunnel. This must be used when the remote network is a subnet of the network in Ethernet interface or when the L2TP is not the default route of Arctic Remote network IP & mask – Defines the remote network behind tunnel • The public IP address of L2TP server L2TP server port – • Enable if the L2TP tunnel is the primary comunication channel Usually this should be enabled If enabled all other default gateways (Ethernet, GPRS) must be disabled L2TP server IP – • Define the interface (GPRS or Ethernet) used to form L2TP Tunnel Default route – • Set Yes to allow L2TP tunneling The UDP port L2TP server listens for incoming connections L2TP server gateway – If Ethernet is used and L2TP server is not in same LAN as Arctic this field must contain the IP address of LAN's default gateway L2TP username & password – If the L2TP server requires PAP authentication these settings define the username/password combination Hello interval – Interval sending L2TP "Hello" messages in order to keep NAT binding active Common L2TP problems • Most of the problems are routing-related – – – • L2TP Tunnel can not be established – – • Check the L2TP interface (GPRS or Ethernet) Check the firewall in M2M GW side to allow UDP port 1701 L2TP works only certain time – • Multiple default routes defined to Arctic, there must be only one default route/default gateway defined "Remote network IP" and "Remote network mask" are incompatible in Arctic. Check the routes in Network>Summary when tunnel is active "Remote network IP" and "Remote network mask" are incompatible in M2M GW. Check with "route" command on M2M GW when tunnel is active. Check the Arctic monitor pings the other end of tunnel, not the public IP address L2TP works only certain time (minutes) – – Check how long the operator's NAT (or other NAT device between Arctic and L2TP server) maintains NAT binding for UDP and adjust the L2TP Hello interval to be smaller than the timeout Extra data caused by keepalive ~30 bytes / packet WiFi BLUETOOTH EDGE CDMA UMTS GPRS WiMax Monitor Monitor • The monitor application performs runtime supervisory of Arctic by inspecting various resources like – Status of filesystem and memory – GPRS modem and SIM card – Status of applications • The monitor should be used to verify the "end-to-end" operation of GPRS or Tunnel connection. This is achieved by periodically pinging the defined IP address. – In Tunnel mode pinging the private Tunnel IP of M2M GW – In plaing GPRS mode pinging suitable public IP address. • If the ping fails the monitor restarts GPRS connection and the Tunnel • If the systems inspection fails or the ping fails many times the monitor reboots Arctic • The monitor itself is protected by HW watchdog. If the monitor application hangs the Arctic will reboot. Monitor settings • ICMP Echo sending – • Interval – • • – – – – each ping sent consumes ~50 bytes of data in plain GPRS mode and ~100 bytes in Tunnel mode the reply consumes same amount the Interval defines the minimum time to detect closed GPRS or Tunnel connection. Adjust this parameter according the criticality of connection the interval must be smaller than GPRS idle timeout (typically 2/3 of GPRS idle timeout) in order to have uninterrupted communication • Number of retries sent before detecting connection to be closed Target IP address – – • The timeout in seconds waiting reply for sent ICMP Echo request Retries – NOTE The interval in seconds between ICMP Echo requests (pings) sent Reply timeout – • Set enabled in order to allow end-to-end testing of GPRS or Tunnel connection The IP address where ICMP Echo requests are sent In Tunnel mode this should be the other end of tunnel (M2M GW) Secondary target IP address – – The secondary IP address where ICMP Echo requests are sent if the primary IP address does not respond Use this option only in plain GPRS mode WiFi BLUETOOTH EDGE CDMA UMTS GPRS WiMax Routing Routing settings • Act as a router? – – • Enable in order to allow Arctic to route traffic between Ethernet, GPRS and Tunnel Enabled by default Use Proxy ARP? – – – – Enable in order to allow Arctic to "cheat" devices in Ethernet Usually used with subnetting when the network behind tunnel is a subnet of the network behind Ethernet interface Proxy-ARP makes it possible to access devices in subnet without using Arctic as a default gateway for Ethernet devices Disabled by default WiFi BLUETOOTH EDGE CDMA UMTS GPRS NAT Network Address WiMax Translation S-NAT (Source NAT) • Replaces the source address of IP packet with GPRS IP address • This is usually required (Network does not know how to route private IP addresses) – access internet from laptop-PC thru Arctic • The S-NAT can be turn completely off on Arctic • It's also possible to define only certain source addresses to be S-NAT processed ARCTIC GPRS IP: 11.22.33.44 Ethernet IP: 10.10.10.1 Ethernet 1 2 Data from 10.10.10.2 Data from 11.22.33.44 GPRS S-NAT settings • Enable S-NAT – set Yes to enable S-NAT operation • Use – Yes - The defined source address is S-NAT processed – No - The defined source address is not S-NAT processed • From IP • IP Address syntax – single IP address format (1.2.3.4) – net/bits on net (1.2.3.0/24) – any IP (0/0 or empty) • S-NAT is enabled by default – Defines the IP address or IP address range to be S-NAT processed D-NAT (Destination NAT) ARCTIC GPRS IP: 11.22.33.44 Ethernet IP: 10.10.10.1 2 Ethernet 1 Connect to 11.22.33.44 port 888 GPRS Forward to 10.10.10.4 port 80 Reply from 10.10.10.4 port 80 Reply from 11.22.33.44 port 888 3 4 • • • Requires fixed GPRS IP address (Private APN) Arctic forwards defined (protocol,port) connections from GPRS to Ethernet by replacing the destination IP address of packet The reply contains Arctic's GPRS IP as source address Makes it possible to access Ethernet devices behind GPRS without tunneling The Ethernet devices use Arctic as default gateway • The Arctic uses GPRS connection as default route • • D-NAT settings • Enable D-NAT – • Use – – • • • – single IP address format (1.2.3.4) – net/bits on net (1.2.3.0/24) – any IP (0/0 or empty) • "Redirect to IP" accepts only single IP address format • The source address of packet Destination port – Source IP Address syntax ANY - Checks the IP address only TCP - Protocol must be TCP UDP - Protocol must be UDP ICMP - Protocol must be ICMP Source IP – • Yes - The defined rule is processed No - The defined rule is not processed Protocol – – – – • set Yes to enable D-NAT operation The destination port (TCP,UDP) or ICMP type of packet Redirect to IP – The new destination IP address where packet is redirected Redir. port – The new destination port (TCP,UDP) or ICMP type where packet is redirected Common NAT problems • Redirecting (D-NAT) TCP port 22 (SSH), Telnet (23) or 80 HTTP and therefore making it impossible to access Arctic configuration from GPRS. – Solution: SMS config or Dial-in still provides access • Setting D-NAT protocol to ANY and therefore making it impossible to access Arctic configuration from GPRS. – Solution: SMS config or Dial-in still provides access • Running FTP server on passive mode behind D-NAT does not work, FTP must use active mode • Some VPN programs (Ipsec in tunnel mode) require NAT traversal in order to work over S-NAT WiFi BLUETOOTH EDGE CDMA UMTS GPRS WiMax DNS Update DNS Update • Requires public (but not static) GPRS IP address • Requires GPRS operator to allow incoming GPRS connections – Operator and subscription dependent policy • The idea is that Arctic informs remote Domain Name Server which IP address Arctic got from GPRS • Then the Arctic can be addressed with domain name instead of IP address – Makes it easier to access GPRS device, especially on automatic data collection applications IP 62.22.33.11 I Have IP 62.22.33.11 DNS SERVER Which IP is "arctic.exampledomain.com"? GPRS IP: 62.22.33.11 APN "arctic.exampledomain.com" is 62.22.33.11 Connect to 62.22.33.11 USER DNS Update settings • Enable – • Record TTL – • • – – DNS update works with common DNS servers like DNS-BIND DNS update does not work with DynDSN.org and other similar services using non-standard protocols • The domain name Arctic is given Use Transaction Signatures – • The IP address of DNS server which is responsible of maintaing the Zone's Name-IP address bindings Our domain name – • The Zone (domain) where Arctic belongs Authoritative name server address – NOTE How often Arctic refresh the DNS server about it's IP address (should be smaller than Record TTL) Zone – • Informs the DNS server how long the IP address is valid Record refresh interval – • set Yes to enable DNS update Set yes to enable DNS update authentication (usually required) Tsig key name and Tsig key – – Like username and password for authentication The key must be Base64 encoded WiFi BLUETOOTH EDGE CDMA UMTS GPRS WiMax SMS Config SMS Config • Enables Artic to be monitored and controlled with SMS messages – "Emergency" situations when Arctic on the field is not reacheable with GPRS or Dial-in • Two versions – Version 1.1 • Simple command set – Versions 1.2 and newer • Advanced command set • Advanced permission configuration • SMS Config is enabled by default • NOTE – SMS Config will delete all messages from SIM card – SMS Config will send "unknown command" reply if it does not recognise command – =>Make sure the SIM card message storage is empty! SMS Config 1.1 • • Password – If password is defined for Arctic it must be given in SMS before the command by separating it with a comma (,) Command set (all commands must be small-cap) –echo <string> echoes back the string (e.g. echo test) –reboot reboots arctic –restart gprs restarts GPRS –get hostname returns Arctic host name –get gprs enabled return is the GPRS enabled –get gprs pin returns GPRS PIN code –get gprs apn returns GPRS APN name –get gprs user returns GPRS user name –get gprs passwd returns GPRS password –get gprs defaultroute returns is the GPRS default route enabled –get gprs status returns is the GPRS enabled, active, interface name and enable status of default route –Exampe with password: pass,restart gprs –Example without password: restart GPRS Wireless Industry Firewall Solutions Firewall menu Firewall • Arctic firewall limits the IP communication between the following networks – From GPRS to Arctic (incoming) – From GPRS to LAN (forwarding) – From LAN to GPRS (outgoing) •Each firewall section can be turn on/off separately •The firewall can be turn completely on/off •Turning off the section or firewall means there is no traffic limitation •The tunnel connections are not affected by firewall •The dial-in connections are not affected by firewall Stateful inspection • Arctic firewall remembers the state of connections • No necessary to define separate rules for incoming and outgoing data of connection • S-NAT and D-NAT rules are prosessed before firewall rules • E.g. D-NAT is used to forward GPRS TCP port 888 to LAN IP 10.10.10.2 port 80 • GPRS to LAN firewall needs to be configured to accept TCP connection to 10.10.10.2 port 80 ARCTIC GPRS IP: 11.22.33.44 Ethernet IP: 10.10.10.1 2 Ethernet 1 Connect to 11.22.33.44 port 888 GPRS Forward to 10.10.10.2 port 80 Reply from 10.10.10.2 port 80 Reply from 11.22.33.44 port 888 3 4 Order of rule processing • The rules are processed from top to bottom • It's not possible to enable communication if it's disabled on rule before • It's not possible to disable communication if it's enabled on rule before • Examples of misleading configurations This setup accepts all data This setup drops all data to 10.10.10.4 GRPS to Arctic • • Defines the rules how to treat the traffic coming from GPRS targeted to Arctic Action – NO RULE - rule is disabled – ACCEPT - data is accepted – DROP - data is discharded • Protocol – – – – • IP Address syntax – single IP address format (1.2.3.4) – net/bits on net (1.2.3.0/24) – any IP (0/0) • ANY - Checks the IP address only TCP - Protocol must be TCP UDP - Protocol must be UDP ICMP - Protocol must be ICMP From IP – The source address of packet • Destination port – The destination port (TCP,UDP) or ICMP type of packet GRPS to LAN • • Defines the rules how to treat the traffic coming from GPRS targeted to LAN Action – NO RULE - rule is disabled – ACCEPT - data is accepted – DROP - data is discharded • Protocol – – – – • IP Address syntax – single IP address format (1.2.3.4) – net/bits on net (1.2.3.0/24) – any IP (0/0 or empty) • ANY - Checks the IP address only TCP - Protocol must be TCP UDP - Protocol must be UDP ICMP - Protocol must be ICMP From IP – The source address of packet • Destination IP – The destination address of packet • Destination port – The destination port (TCP,UDP) or LAN to GPRS • • Defines the rules how to treat the traffic coming from LAN targeted to GPRS Action – NO RULE - rule is disabled – ACCEPT - data is accepted – DROP - data is discharded • Protocol – – – – • IP Address syntax – single IP address format (1.2.3.4) – net/bits on net (1.2.3.0/24) – any IP (0/0 or empty) • This firewall section is useful for accepting only wanted data to enter GPRS network • ANY - Checks the IP address only TCP - Protocol must be TCP UDP - Protocol must be UDP ICMP - Protocol must be ICMP From IP – The source address of packet • Destination IP – The destination address of packet • Destination port – The destination port (TCP,UDP) or Common firewall problems • GPRS to Arctic firewall disables TCP port 22 (SSH), Telnet (23) or 80 HTTP and therefore makes it impossible to access Arctic configuration from GPRS. – Solution: SMS config or Dial-in still provides access • Violating the "from top to bottom" rule processing principle causes different operation than required Wireless Industry Services Solutions Services menu WWW Server Settings • WEB Server – • WEB Configuration Access – • • Enable to allow Arctic WEB server run on TCP port 80 Enable to allow Arctic configuration by using WEB browser Both settings are enabled by default NOTE – – – Disabling WEB Server or WEB Configuration access makes it impossible to turn them back by using WEB browser Consider do you need to disable WWW or block access to it from GPRS by using GPRS to Arctic firewall For enabling them again command line interface must be used Telnet Server Settings • Telnet server – • • • Enable to allow Arctic Telnet server run on TCP port 23 Telnet server is required to configure Arctic remotely with Telnet command line interface Telnet server is enabled by default NOTE – – – Disabling Telnet server makes it impossible to turn them back by using Telnet Consider do you need to disable Telnet totally or block access to it from GPRS by using GPRS to Arctic firewall For enabling Telnet again use WEB browser or SSH or command line SSH Server Settings • SSH server – • • • Enable to allow Arctic SSH server run on TCP port 22 SSH server is required to configure Arctic remotely with SSH command line interface SSH server is enabled by default NOTE – – – Disabling SSH server makes it impossible to turn them back by using SSH Consider do you need to disable SSH totally or block access to it from GPRS by using GPRS to Arctic firewall For enabling SSH again use WEB browser or Telnet or command line DHCP Server • Arctic has built-in DHCP server for allocating Ethernet configuration for Ethernet devices – IP address, netmask, default gateway, DNS server etc. • The Ethernet devices must have standard DHCP client – available on any PC operating system • There should be only one DHCP server on Ethernet LAN • The IP addresses allocated by DHCP server should not be used on manual configurations – prevents multiple devices having same IP address on LAN • DHCP server is disabled by default Give me IP address and other network information Here you are 172.16.8.80 Data from 172.16.8.80 DHCP Server Settings • DHCP Server – • Subnet (mandatory) – – – • NTP server (optional) – • LPR server (optional) – • Network Time Protocol server IP address to give for DHCP clients Print server IP address to give for DHCP clients WINS server (optional) – • – • Broadcast address to give for DHCP clients Default lease time (optional) – WINS server IP address to give for DHCP clients Default gateway IP address to give for DHCP Clients Usually the Ethernet IP address of Arctic Broadcast address (optional) – • DNS server IP address to give for DHCP clients Default gateway (optional) – – • Domain name to give for DHCP clients DNS servers (optional) – • Subnet mask to give for DHCP clients Domain name (optional) – • Defines the lP address range DHCP allocates for clients Subnet mask (optional) – • Netmask for Ethernet interface Address range to share (mandatory) – • Defines the subnet where DHCP server listens for requests Must be same as the subnet of Arctic Ethernet interface The subnet means the network part of IP address Netmask (mandatory) – • Enable to allow Arctic DHCP server How many seconds the given IP address is valid by default The DHCP client can request different lease time Max lease time (optional) – The maximum lease time allowed Wireless Tools Industry Solutions Debug information Console • Allows Linux shell commands to be executed from WEB user interface • Suggested use is only for monitoring, not configuring – uptime, ps, ifconfig, df, cat, etc. System log • Provides the information of Arctic system log • Useful for debugging problems Recent events • Provides recent events from system log Modem info • Provides information about GPRS modem and GPRS network Send SMS • Sending SMS from Arctic by using WEB interface • Useful for solving the GSM phone number of SIM card Default settings • Overwrites Arctic current settings with default ones • Hostname and Ethernet settings remain unchanged • Also from command line – /etc/defaults/setdef.sh • NOTE! It is not possible to revert back to old settings!
