Step 1. Connect an ADSL or a cable modem.........11 3.1.2 Step 2. Connect computers or a Network..........11 3.1.3 Step 3. Attach the AC adapter..............12 3.1.4 Step 4. Power on RX3141, the ADSL or cable modem and power up your computers..................12 Part 2 — Configuring Your Computers..............13...
Page 3
Windows® 95, 98, and Me PCs ..............14 3.2.5 Windows® NT 4.0 workstations:..............15 3.2.6 Assigning static IP addresses to your PCs ..........15 Part 3 — Quick Configuration of the RX3141............16 3.3.1 Setting Up the RX3141 ................16 3.3.2 Testing Your Setup ..................17 3.3.3...
Page 4
DHCP Server Configuration....35 DHCP (Dynamic Host Control Protocol)............35 6.1.1 What is DHCP? ..................35 6.1.2 Why use DHCP?..................35 6.1.3 Configuring DHCP Server................35 6.1.4 Viewing Current DHCP Address Assignments ........37 Configuring Static Routes ......39 Overview of IP Routes..................39 7.1.1 Do I need to define static routes? ............39 Static Route ......................40 7.2.1 Static Route Configuration Parameters...........40...
Page 6
11.7 . System Configuration Management ..............79 11.7.1 Backup System Configuration ..............79 11.7.2 Restore System Configuration..............81 IP Addresses, Network Masks, and Subnets ..........83 12.1 IP Addresses.......................83 12.1.1 Structure of an IP address ...............83 12.2 Network classes....................84 12.3 Subnet masks .....................85 Troubleshooting ........87 13.1 Diagnosing Problem using IP Utilities..............88 13.1.1...
Page 7
List of Figures Figure 2.1. Front Panel LEDs...........................6 Figure 2.2. Rear Panel Connectors .........................7 Figure 3.1. Overview of Hardware Connections ....................12 Figure 3.2. Login Screen ............................16 Figure 3.3. System Status Page ........................... 17 Figure 4.1. Configuration Manager Login Screen ....................19 Figure 4.2.
Page 8
Figure 9.7. Sample Outbound ACL List Table...................... 58 Figure 9.8. Self-Access ACL Configuration Page ....................60 Figure 9.9. Self-Access ACL Configuration Example ..................60 Figure 9.10. Existing Self-Access ACL Rules ...................... 61 Figure 9.11 Sample Firewall Log .......................... 62 Figure 10.1 NAPT – Map Any Internal PCs to a Single Global IP Address ............63 Figure 10.2 Reverse NAPT –...
Page 9
List of Tables Table 2.1. DoS Attacks.............................5 Table 2.2. Front Panel Label and LEDs ........................6 Table 2.3. Rear Panel Labels and LEDs .........................7 Table 3.1. LED Indicators............................12 Table 3.2. Default Settings Summary........................18 Table 4.1. Description of Commonly Used Buttons and Icons ................21 Table 5.1.
Internet using your high-speed broadband connection such as those with ADSL or cable modem. This User Manual will show you how to set up the RX3141, and how to customize its configuration to get the most out of this product.
Notational conventions Acronyms are defined the first time they appear in the text. For brevity, RX3141 is sometimes referred to as the “router” or the ”gateway”. The terms LAN and network are used interchangeably to refer to a group of Ethernet-connected computers at one site.
2.3.1 NAT Features RX3141 provides NAT to share a single high-speed Internet connection and to save the cost of multiple connections required for the hosts on the LAN segments connected to it. This feature conceals network address and prevents them from becoming public. It maps unregistered IP address of hosts connected to the LAN with valid ones for Internet access.
“WinNuke”, a widely used program to remotely crash unprotected Windows systems in the Internet. The RX3141 Firewall also provides protection from a variety of common Internet attacks such as IP Spoofing, Ping of Death, Land Attack, and Reassembly attacks.
RX3141, packets pertaining to an application, require a corresponding allow rule. In the absence of such rules, the packets will be dropped by the RX3141 Firewall. As it is not feasible to create policies for numerous applications dynamically (at the same time without compromising security), intelligence in the form of Application Level Gateways (ALG), is built to parse packets for applications and open dynamic associations.
LED Label Color Status Indication ○ POWER Green RX3141 is powered on RX3141 is powered off ○ 1 – 4 Identifies the LAN port LEDs. Status of each LAN port is indicated by 3 LEDs: STATUS, SPEED and DUPLEX. ○...
RX3141 User’s Manual Chapter 2 Getting to Know LED Label Color Status Indication Amber Speed is 10Mbps Blinking Data is transmitted or received via the connection No link is established. ○ DUPLEX Amber The LAN port is operating in full-duplex mode.
○ ○ Wall Mount Slots: You may use these slots to hang RX3141 on the wall to save space. Depending on your particular requirement by taking into account the location of the power outlet, power cord length, Ethernet cable length and etc., you can hang RX3141 in 4 different orientations: front panel up, rear panel up, left side up or right side up.
Depending on your environment, you may choose one of the three supported placement options for RX3141 – desktop placement, magnet mount and wall mount. 2.5.1 Desktop Placement You may place RX3141 on any flat surface. The space-saving design of RX3141 occupies only a small area on your desk. 2.5.2 Magnet Mount Instructions Place RX3141 onto any metal surface that attracts magnet, such as most desktop computer housings, cabinets and etc.
Step 1. Connect an ADSL or a cable modem. For the RX3141: Connect one end of the Ethernet cable to the port labeled WAN on the rear panel of the device. Connect the other end to the Ethernet port on the ADSL or cable modem.
Step 4. Power on RX3141, the ADSL or cable modem and power up your computers. Plug the AC adapter to the power input jack of RX3141. Turn on your ADSL or cable modem. Turn on and boot up your computer(s) and/or any LAN devices such as wireless AP, hubs or switches.
RX3141 to do so. See “Assigning static IP addresses to your PCs” Note in page 15 for instructions. If you have connected your PC via Ethernet to the RX3141, follow the instructions that correspond to the operating system installed on your PC. 3.2.2 Windows®...
10. In the TCP/IP Properties dialog box, click the “ Default Gateway ” tab. Enter 192.168.1.1 (the default LAN port IP address of the RX3141) in the “ New gateway ” address field and click <Add> button to add the default gateway entry.
In some cases, you may want to assign IP addresses to some or all of your PCs directly (often called “statically”), rather than allowing the RX3141 to assign them. This option may be desirable (but not required) if: You have obtained one or more public IP addresses that you want to always associate with specific computers (for example, if you are using a computer as a public web server).
“ LAN settings… ” and then uncheck “ Use proxy server for your LAN … ” 2. On any PC connected to one of the four LAN ports on the RX3141, open your Web browser, and type the following URL in the address/location box, and press <Enter> : http://192.168.1.1...
3.3.2 Testing Your Setup At this point, the RX3141 should enable any computers on your LAN to use the RX3141’s ADSL or cable modem connection to access the Internet. To test the Internet connection, open your web browser, and type the URL of any external website (such as http://www.asus.com).
Default Router Settings In addition to handling the DSL connection to your ISP, the RX3141 can provide a variety of services to your network. The device is pre-configured with default settings for use with a typical home or small office network.
It enables you to configure the device settings to meet the needs of your network. You access it through your web browser from any PC connected to the RX3141 via the LAN or the WAN ports.
You can click on any menu item to expand/contract any menu groups or to access a specific configuration page. The configuration pane is where you interact with the Configuration Manager to configure the settings for RX3141. Menu navigation tips show how the current configuration can be accessed via the menus.
RX3141 User’s Manual Chapter 4. Using the Configuration Manager 4.2.2 Commonly Used Buttons and Icons The following buttons or icons are used throughout the application. The following table describes the function for each button or icon. Table 4.1. Description of Commonly Used Buttons and Icons...
Chapter 4. Using the Configuration Manager RX3141 User’s Manual Overview of System Configuration To view the overall system configuration, log into the Configuration Manager, and then click Status menu. Figure 4.3 shows sample information available in the System Information page.
Ethernet switch. You must assign a unique IP address to each device residing on your LAN. The LAN IP address that identifies the RX3141 as a node on your network must be in the same subnet as the PCs on your LAN.
Router Connection Setup configuration page is then displayed as shown in Figure 5.1. Figure 5.1. Router Connection Setup Configuration – LAN Configuration 2. (Optional) Enter the host name for RX3141. Note that the host name is used for identification only and is not used for any other purpose.
Chapter 5 Router Connection Setup WAN Configuration This section describes how to configure WAN settings for the WAN interface on the RX3141 that communicates with your ISP. You’ll learn to configure IP address, DHCP and DNS server for your WAN in this section.
Chapter 5 Router Connection Setup RX3141 User’s Manual 5.2.2 PPPoE PPPoE connection is most often used by ADSL service providers. Connection Mode drop- down list Figure 5.3. WAN – PPPoE Configuration...
Status On: PPPoE connection is active. Off: PPPoE connection is inactive. Connecting: RX3141 is trying to connect to your ISP using PPPoE connection mode. Manual Click the Disconnect or Connect button to disconnect or connect to your Disconnect/Connect service provider using the PPPoE connection mode.
Chapter 5 Router Connection Setup RX3141 User’s Manual 5.2.2.2 Configuring PPPoE for WAN Follow the instructions below to configure PPPoE settings: 1. Open the Router Connection configuration page by double clicking the Router Setup Connection menu. 2. Select PPPoE from the WAN Connection Mode drop-down list as shown in Figure 5.3.
RX3141 User’s Manual Chapter 5 Router Connection Setup 5.2.3 PPPoE Unnumbered Some of the ADSL service providers may offer PPPoE unnumbered service. Choose this connection mode if your ISP provides such service. Connection Mode drop- down list Figure 5.11. WAN – PPPoE Unnumbered Configuration...
Status On: PPPoE unnumbered connection is active. Off: No PPPoE unnumbered connection is inactive. Connecting: RX3141 is trying to connect to your ISP using PPPoE unnumbered connection mode. Manual Click the Disconnect or Connect button to disconnect or connect to your Disconnect/Connect service provider using the PPPoE unnumbered connection mode.
RX3141 User’s Manual Chapter 5 Router Connection Setup 5.2.3.2 Configuring PPPoE Unnumbered for WAN Follow the instructions below to configure PPPoE unnumbered settings: 1. Open the Router Connection configuration page by double clicking the Router Setup Connection menu. 2. Select PPPoE Unnumbered from the WAN Connection Mode drop-down list as shown in Figure 5.11.
WAN subnet mask provided by your ISP. Typically, it is set as 255.255.255.0. Gateway Address Gateway IP address provided by your ISP. It must be in the same subnet as the WAN on the RX3141. Primary/Secondary You must at least enter the IP address of the primary DNS server. Secondary...
IP information to computers on a network. When you enable DHCP on a network, you allow a device — such as the RX3141 — to assign temporary IP addresses to your computers whenever they connect to your network. The assigning device is called a DHCP server, and the receiving device is a DHCP client.
Internet names that you type into your web browser into their equivalent numeric IP addresses. Typically, the server(s) are located with your ISP. However, you may enter LAN IP address of the RX3141 as it will serve as DNS proxy for the LAN computers and forward the DNS request from the...
6.1.4 Viewing Current DHCP Address Assignments When the RX3141 functions as a DHCP server for your LAN, it keeps a record of any addresses it has leased to your computers. To view a table of all current IP address assignments,...
The essential challenge of a router is: when it receives data intended for a particular destination, which next device should it send that data to? When you define IP routes, you provide the rules that the RX3141 uses to make these decisions.
RX3141 User’s Manual Chapter 7. Configuring Static Routes 7.2.2 Adding Static Routes Figure 7.2. Static Route Configuration Follow these instructions to add a static route to the routing table. 1. Open the Static Route configuration page by double clicking the Advanced Static Route menu.
For each of these destination IP addresses, the table lists the IP address of the first hop the data should take. This table is known as the device’s routing table. To view the RX3141’s routing table, double click the Advanced Static Route menu. The Routing Table displays at the upper half of the Static Route Configuration page, as shown in Figure 7.1:...
Dynamic DNS is a service that allows computers to use the same domain name, even when the IP address changes from time to time (during reboot or when the ISP's DHCP server resets IP leases). RX3141 connects to a Dynamic DNS service provider whenever the WAN IP address changes. It supports setting up the web services such as Web server, FTP server using a domain name instead of the IP address.
Domain Name Enter the registered domain name provided by your ISP into this field. For example, If the host name of your RX3141 is “host1” and the domain name is “yourdomain.com”, The fully qualify domain name (FQDN) is “host1.yourdomain.com”. Username Enter the username provided by your DDNS service provider in this field.
RX3141 User’s Manual Chapter 8. Configuring DDNS Configuring HTTP DDNS Client Figure 8.2. HTTP DDNS Configuration Page Follow these instructions to configure the HTTP DDNS: 1. First, you should have already registered a domain name to the DDNS service provider. If you have not done so, please visit www.dyndns.org...
View firewall log. Note: When you define an ACL rule, you instruct the RX3141 to examine each data packet it receives to determine whether it meets criteria set forth in the rule. The criteria can include the network or Internet...
NAT. Default Self Access Rules The default self access rules allow http, ping, DNS, DHCP access to the RX3141 router from the LAN. It is not necessary to remove the default ACL rule from the ACL rule table! It is better to create higher priority ACL rules to override the default rule.
IP loose/strict source routing packets. For example, a security device with the RX3141 Firewall provides protection from “WinNuke”, a widely used program to remotely crash unprotected Windows systems. For a complete list of DoS protection provided by the RX3141, please see Tables 2.1 and 9.2.
Flooding flooding attacks. These attacks involve sending lots of TCP SYN/ICMP/UDP to a host in a very short period of time. RX3141 will not drop the flooding packets to avoid affecting the normal traffic. A hacker may be scanning your system by sending these specially formatted XMAS/NULL/FI packets to see what services are available.
RX3141 User’s Manual Chapter 9. Configuring Firewall/NAT Settings 9.2.2.2 Configuring DoS Settings To configure DoS settings, follow the instructions below: 1. Open the Router Security configuration page as shown in Figure 9.1 by double clicking on Router Setup Security menu.
Mave This option allows you to set a priority for this rule. The RX3141 Firewall acts on packets based on the priority of the rules. Set a priority by specifying a number for its position in the list of rules: 1 (First) This number marks the highest priority.
Page 63
Domain In order for this option to work, user’s PC must use RX3141 as its DNS server. The domain name variable / IP addresses association is cleared after every system restart. Multiple ACL rules can be associated to the same domain name / IP addresses association.
Page 64
Chapter 9. Configuring Firewall/NAT Settings RX3141 User’s Manual Field Description arbitrary source port number. Single This option allows you to apply this rule to an application with a specific source port number. Port Number Enter the source port number Range Select this option if you want this rule to apply to applications with this port range.
RX3141 User’s Manual Chapter 9. Configuring Firewall/NAT Settings Configuring Inbound ACL Rules By creating ACL rules in Inbound ACL configuration page as shown in Figure 9.2, you can control (allow or deny) incoming access to computers on your LAN. Options in this configuration page allow you to:...
Chapter 9. Configuring Firewall/NAT Settings RX3141 User’s Manual Figure 9.3 illustrates how to create a rule to allow inbound HTTP (i.e. web server) service. This rule allows inbound HTTP traffic to be directed to the host w/ IP address 192.168.1.28. Note that the newly added inbound ACL rule is displayed in the Existing Inbound ACL table shown in Figure 9.4.
RX3141 User’s Manual Chapter 9. Configuring Firewall/NAT Settings 9.4.4 Display Inbound ACL Rules To see existing inbound ACL rules, just open the Inbound ACL Rule configuration page by double clicking the Router Setup Inbound ACL menu. The existing inbound ACL rules are displayed at the bottom of the configuration page.
Chapter 9. Configuring Firewall/NAT Settings RX3141 User’s Manual 4. Assign a priority for this rule by selecting a number from the “ Move to ” drop-down list. Note that the number indicates the priority of the rule with 1 being the highest. Higher priority rules will be examined prior to the lower priority rules by the firewall.
Configuring Self-Access ACL Rules – (Router Setup Self-Access ACL) Self-Access rules control access to/from the RX3141 itself. You may use Self-Access Rule Configuration page, as illustrated in Figure 9.8, to: Add a Self-Access rule Modify an existing Self-Access rule...
Existing Self-Access ACL list table at the bottom half of the Self-Access ACL configuration page. Example Figure 9.9 shows a sample self-access ACL configuration to allow TCP port 80 traffic (i.e. HTTP traffic) from any one to RX3141. Figure 9.9. Self-Access ACL Configuration Example 9.6.2 Modify a Self-Access Rule To modify a Self-Access rule, follow the instructions below: 1.
RX3141 User’s Manual Chapter 9. Configuring Firewall/NAT Settings 3. Make desired changes to any settings.. 4. Click on the button to save the changes. The new settings for this Self-Access rule will then be displayed in the Existing Self-Access ACL table located at the bottom half of the Self-Access ACL configuration page.
9.7.1 Log Format Two types of log are supported by the RX3141 – system security log and firewall access control log. They are designated by the two keywords, sys and fw respectively. The log format is best explained by examples: System Security Log Example: Jan 1 00:01:22 2000 klogd: sys: TCP XMAS/NULL packet from 192.168.1.100.
10.1 NAT Overview Network Address Translation allows use of a single device, such as the RX3141, to act as an agent between the Internet (public network) and a local (private) network. This means that a NAT IP address can represent an entire group of computers to any entity outside a network.
Reverse NAPT is also called inbound mapping, port mapping, or virtual server. Any packet coming to the RX3141 can be relayed to the internal host based on the protocol, port number and/or IP address specified in the ACL rule. This is useful when multiple services are hosted on different internal hosts. Figure 10.2 shows that web server (TCP/80) is hosted on PC A, telnet server (TCP/23) on PC B, DNS server (UDP/53) on PC C and FTP server (TCP/21) on PC D.
RX3141 User’s Manual Chapter 11. System Management Table 10.1. Virtual Server Configuration Parameters Setting Description Enable Select an application from the list of pre-configured applications. The corresponding protocol and the redirect port range will be automatically selected. Select “Manual Setting” if you want to configure the settings yourself.
Chapter 11. System Management RX3141 User’s Manual Application Service Port Numbers Netmeeting or VOIP 1503-1503, 1720 (ALG) NEWS TCP 119-119 PC Anywhere TCP: 5631 PC Anywhere TCP: 5631, UDP: 5632 POP3 TCP 110-110 Powwow Chat 13223-13223 Red Alert II 1234-1237...
RX3141 User’s Manual Chapter 11. System Management 5. For security concerns, the RX3141 denies all the access requests from the external users unless a proper inbound ACL rule is setup for each virtual server to allow external users to access the internal servers set up in the Virtual Server configuration page.
Chapter 11. System Management RX3141 User’s Manual Setting Description Application Name The name identifying the application. Outgoing (Trigger) The port range this application uses when it sends outbound packets. The Port Range outgoing port numbers act as the trigger. When the router detects the...
3. Click to save the settings. 4. The RX3141 has a default outbound ACL rule to forward all the outbound traffic to the external networks. This default outbound ACL rule allows any one to use application defined in the Special Application configuration page.
Chapter 11. System Management RX3141 User’s Manual System Management This chapter describes the following administrative tasks that you can perform using the Configuration Manager: Modify password and system-wide settings View system information Modify system date and time Reset system configuration...
Page 81
WAN port. 8. Allow Ping Interface: You may check the LAN and/or WAN check box to allow ping to the RX3141 from the LAN or WAN interface. It is recommended that you enable this option for the LAN only.
Chapter 11. System Management RX3141 User’s Manual 11.2 Viewing System Information System Information page displays whenever you log into RX3141. It contains information for the overall system settings. Figure 11.2. System Status Page...
However, there is no real time clock inside RX3141; RX3141 relies on external time servers to maintain correct time. RX3141 allows you to configure up to three external time servers. Make sure that the “ Enable ” check box is checked to activate the SNTP (Simple Network Time Protocol) service for time keeping.
Chapter 11. System Management RX3141 User’s Manual 11.3.1 View the System Date and Time To view the updated system date and time, log into Configuration Manager, click the Router Setup Timezone menu. Note that the system will go back to the default time, 1/1/2000 00:00:00, if SNTP service is not enabled or none of the configured SNTP servers are not accessible after system is rebooted or powered off.
11.5 Firmware Upgrade ASUSTeK may from time to time provide you with an update to the firmware running on the RX3141. All system software is contained in a single file, called an image. Configuration Manager provides an easy way to upload the new firmware image.
Chapter 11. System Management RX3141 User’s Manual 2. In the Firmware text box, enter the path and name of the firmware image file. Alternatively, you may click on button to open a file manager to search for the firmware image on your computer.
Figure 11.11. Firmware Upgrade Count Down Timer 6. When you are reconnected to the RX3141, click Status menu to check if the new firmware is properly upgraded. Note that you probably need to clear the cache of your web browser to see the new System Information page.
Figure 11.13. System Reboot Confirmation Your browser will be reconnected back to the RX3141 when the timer, as illustrated in 4. Figure 11.14, elapses. Figure 11.14. System Reboot Countdown Timer...
RX3141 User’s Manual Chapter 11. System Management 11.7 . System Configuration Management 11.7.1 Backup System Configuration Follow the steps below to backup system configuration: 1. Open the System Configuration Backup/Restore page, as illustrated in Figure 11.15, by double clicking the Management Backup/Restore menu.
Chapter 11. System Management RX3141 User’s Manual 5. Enter the desired filename for the backup configuration file as illustrated in Figure 11.17and click on the button to continue. Enter desired filename Figure 11.17. System Configuration Backup Page – Save As Dialog 6.
RX3141 User’s Manual Chapter 11. System Management 11.7.2 Restore System Configuration Follow the steps below to backup system configuration: 1. Open the System Configuration Backup/Restore configuration page by double clicking the Management Backup/Restore menu. 2. Enter the path and filename of the system configuration file that you want to restore in the text field.
4. A message will pop up, as illustrated in Figure 11.21, to let you know whether the system configuration is successfully restored. Note that you must reboot the RX3141 to make the new system configuration in effect.
RX3141 User’s Manual Chapter 12. IP Addresses, Network Masks, and Subnets IP Addresses, Network Masks, and Subnets 12.1 IP Addresses This section pertains only to IP addresses for IPv4 (version 4 of the Internet Protocol). IPv6 addresses are not covered.
Chapter 12. IP Addresses, Network Masks, and Subnets RX3141 User’s Manual 12.2 Network classes The three commonly used network classes are A, B, and C. (There is also a class D but it has a special use beyond the scope of this discussion.) These classes have different uses and characteristics.
RX3141 User’s Manual Chapter 12. IP Addresses, Network Masks, and Subnets 12.3 Subnet masks A mask looks like a regular IP address, but contains a pattern of bits that tells what parts of an IP address are the network ID and what parts are the host ID: bits set to 1 mean "this bit is part of the...
RX3141 User’s Manual Appendix Troubleshooting This appendix suggests solutions for problems you may encounter in installing or using the RX3141, and provides instructions for using several IP utilities to diagnose problems. Contact Customer Support if these suggestions do not resolve the problem.
Cannot access the Use the ping utility, discussed in the following section, to check Configuration whether your PC can communicate with the RX3141’s LAN IP Manager program address (by default 192.168.1.1). If it cannot, check the Ethernet from your browser.
If the target computer cannot be located, you will receive the message “Request timed out.” Using the ping command, you can test whether the path to the RX3141 is working (using the preconfigured default LAN IP address 192.168.1.1) or another address you assigned.
Appendix RX3141 User’s Manual Figure 13.2. Using the nslookup Utility There may be several addresses associated with an Internet name. This is common for web sites that receive heavy traffic; they use multiple, redundant servers to carry the same information.