Stateful Inspection Commands - Netopia CLI 874 Cli Reference Manual

Beginning with Firmware Version 8.3.3, IP Passthrough allows a first come first serve mode, which defaults to
an all-zeroes MAC address.
If you leave the default all-zeroes MAC address, the Router will select the next DHCP client that initiates a DHCP
lease request or renewal to be the IP passthrough host. When the WAN comes up, or if it is already up, the
Router will serve this client the IP passthrough/WAN address. When this client's lease ends, the IP
passthrough address becomes available for the next client to initiate a DHCP transaction. The next client will
get the IP passthrough address. Note that there is no way to control which PC has the IP passthrough address
without releasing all other DHCP leases on the LAN.
Note:
If you specify a non-zeroes MAC address, the DHCP Client Identifier must be in the format specified
above. Macintosh computers allow the DHCP Client Identifier to be entered as a name or text, however
®
Motorola Netopia routers accept only strict (binary/hex) MAC address format. Macintosh computers display
their strict MAC addresses in the TCP/IP Control Panel (Classic MacOS) or the Network Preference Pane of
System Preferences (Mac OS X).
Once configured, the passthrough host's DHCP leases will be shortened to two minutes. This allows for timely
updates of the host's IP address, which will be a private IP address before the WAN connection is established.
After the WAN connection is established and has an address, the passthrough host can renew its DHCP
address binding to acquire the WAN IP address.
A restriction
Since both the router and the passthrough host will use same IP address, new sessions that conflict with
existing sessions will be rejected by the router. For example, suppose you are a teleworker using an IPSec
tunnel from the router and from the passthrough host. Both tunnels go to the same remote endpoint, such as
the VPN access concentrator at your employer's office. In this case, the first one to start the IPSec traffic will
be allowed; the second one – since, from the WAN it's indistinguishable – will fail.

Stateful Inspection Commands

See also:
■ "Stateful Inspection Commands" on page 2-85
■ "Stateful Inspection Configuration Commands" on page 2-32
Note:
The commands in this section are supported beginning with Firmware Version 8.2.
cp { name | index } ip state-insp enable { yes | no | on | off }
no cp { name | index } ip state-insp enable
show cp { name | index } ip state-insp enable
These commands allow you to set, disable, or show the status of stateful inspection for the specified
Connection Profile. This option is disabled by default. Stateful inspection prevents unsolicited inbound access
when NAT is disabled.
Motorola Netopia® Router Connection Profile Commands 3-21
for Global Stateful Inspection commands.
for Ethernet interface commands.