MikroWall Hotspot Router and Firewall System

Similar documents
AirLive RS Security Bandwidth Management. Quick Setup Guide

SonicWALL Security Appliances. SonicWALL SSL-VPN 200 Getting Started Guide

CHAPTER 7 ADVANCED ADMINISTRATION PC

OUTDOOR IR NETWORK CAMERA Series

D-Link (Europe) Ltd. 4 th Floor Merit House Edgware Road London HA7 1DP U.K. Tel: Fax:

1 Hardware Installation

Port Forwarding Setup (NB7)

Broadband Router DC 202

Wireless-G Router User s Guide

LevelOne. Quick Installation Guide. WHG series Secure WLAN Controller. Introduction. Getting Started. Hardware Installation

Broadband Router DC-202. User's Guide

Conceptronic C100BRS4H Quick Installation Guide. Congratulations on the purchase of your Conceptronic 4-ports Broadband Router.

LevelOne Broadband Routers

IP806GA/GB Wireless ADSL Router

LevelOne FBR User s Manual. 1W, 4L 10/100 Mbps ADSL Router. Ver

Installation Procedure Windows 2000 with Internet Explorer 5.x & 6.0

Installation Procedure Windows 95/98/ME with Internet Explorer 5.x & 6.0

F5 WANJet 200. Quick Start Guide. Quick Start Overview

Installation Procedure Windows NT with Netscape 4.x

DSL-G624T. Wireless ADSL Router. If any of the above items is missing, please contact your reseller. This product can be set up using any

DVG-2001S VoIP Terminal Adapter

Quick Installation Guide DIR-300NRU. Wireless Router with Built-in 4-port Switch

Wireless a CPE User Manual

Please read instructions thoroughly before operation and retain it for future reference.

Quick Installation Guide DSL-2650U/NRU. 3G/ADSL/Ethernet Router with Wi-Fi and Built-in Switch

Table of Contents. CRA-200 Analog Telephone Adapter 2 x Ethernet Port + 2 x VoIP Line. Quick Installation Guide. CRA-200 Quick Installation Guide

WL5041 Router User Manual

CyberGuard SG User Manual

LevelOne WBR User s Manual. 11g Wireless ADSL VPN Router. Ver

AirCruiser G Wireless Router GN-BR01G

WHG711 V3.20. Secure WLAN Controller

Deployment Guide: Routing Mode with No DMZ

Part # Quick-Start Guide. SpeedStream 6500 Residential Gateway

Multi-Homing Broadband Router. User Manual

Step-by-Step Configuration

FusionHub. SpeedFusion Virtual Appliance. Installation Guide Version Peplink

Port Forwarding Setup (RTA1025W)

Quick Installation Guide DSL-2540U. ADSL Annex B/Ethernet Router with Built-in Switch

DSL/CABLE ROUTER with PRINT SERVER

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 8 Networking Essentials

A5500 Configuration Guide

PTZ NETWORK CAMERA SERIES

Part # Quick-Start Guide. SpeedStream 4200 Modem PPPoE Modem Router

WHG201 V1.00. Secure WLAN Controller

Quick Installation Guide DSL-2640U/NRU. ADSL/Ethernet Router with Wi-Fi and Built-in Switch

IP819VGA g ADSL VoIP Gateway

WHG311 V1.03. Secure WLAN Controller

CyberGuard SG User Manual

1 Installation. 2 Set an admin password. 3 Setup Basic Settings. WiFi Hotspot Pro User Guide. April Version 1.3-9

Sonicwall NSA240 / TZ210 Configuration Guide (Firmware: SonicOS Enhanced o & up)

Content 1 OVERVIEW HARDWARE DESCRIPTION HARDWARE INSTALLATION PC CONFIGURATION GUIDE... 5 WEB-BASED MANAGEMENT GUIDE...

High Resolution Dome Network Camera Series

LevelOne. User Manual. WAP Mbps PoE Wireless AP V3.0.0

Quick Installation Guide DSL-2650U. 3G/ADSL/Ethernet Router with Wi-Fi and Built-in Switch

Broadband Router. User s Manual

LKR Port Broadband Router. User's Manual. Revision C

Please take the time now to check the contents of your package: HPS12U Print Server One CD-ROM Quick Installation Guide One power adapter

Gnet BB005x ADSL modem/router *Configuration and Installation Guide*

Thank you for your purchase of the KX II, the industry's most full-featured, enterprise-class, secure, digital KVM (Keyboard, Video, Mouse) switch.

How to Configure Guest Access with the Ticketing System

802.11N Wireless ADSL Router

Congratulations on purchasing Hawking s HWPS12UG 1-Port Parallel + 2 USB Ports Wireless G Print Server. The Hawking HWPS12UG is a powerful and

Barracuda Link Balancer

WHG425 V3.20. Secure WLAN Controller

Downloaded from manuals search engine

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 9 Networking Practices

ADSL Router Quick Setup Guide

WHG325 V3.30. Secure WLAN Controller

FusionHub. Evaluation Guide. SpeedFusion Virtual Appliance. Version Peplink

Dominion KX II-101. Quick Setup Guide. Step 1: Configure the Target Server

LEGUANG N900 Wireless Router Configuration Guide

CTX 1000 VoIP Accelerator User Guide

VG422R. User s Manual. Rev , 5

SonicWALL / Toshiba General Installation Guide

NetExtender for SSL-VPN

Configuring your MikroTik as a Standard LucidView Enforcer

A+ Guide to Hardware: Managing, Maintaining, and Troubleshooting, 5e. Chapter 10 Networking Essentials

SMC Barricade Routers

300M Wireless-N Broadband Router User Manual

EdgeXOS Platform QuickStart Guide

WHG405 V2.10. Secure WLAN Controller

WHG713. Secure WLAN Controller

Comodo Korugan Software Version 1.8

Multi-Function Wireless Router. User's Guide. Wireless Access Point Broadband Internet Access. 4-Port Switching Hub

Hotspot with Active Directory

Lab - Connect to a Router for the First Time

4-Port Broadband user manual Model

DuxTel Internet Commander

2Wire IG 2700 ADSL Router. RJ45 connecting cable

Security SSID Selection: Broadcast SSID:

Installation Procedure Red Hat 7 with Netscape 6

SonicWALL TZ 150 Getting Started Guide

Access the GV-IP Camera through a broadband modem

NET INTEGRATION TECHNOLOGIES INC. NET INTEGRATOR MICRO. Quick Start Guide

Connecting the DI-804V Broadband Router to your network

How to upgrade your NetComm NB5 ADSL2+ Modem From version x or to (current)

LevelOne. User's Guide. Broadband Router FBR-1402TX FBR-1403TX

EWS5207. Secure WLAN Controller

Step-by-Step Configuration

Active Club POS Hardware Setup

Transcription:

MikroWall Hotspot Router and Firewall System Installation and configuration guide Contents: 1.0 The Device:...2 1.1 The MikroWall Wireless...2 1.2 MikroWall Standard...2 2.0 Installation...2 2.1 Before you start:...3 2.2 Connections:...3 3.0 Accessing internet from the public access stations...4 4.0 Accessing internet from a wireless device....4 5.0 Adding new users...5 5.1 Winbox Administration...5 5.1.1 Preparing the administration computer...5 5.1.2 Accessing the Winbox console....6 5.1.3 Webministrator Access Management application...6 5.2 Mikrotik Hotspot Manager...7 6.0 Further tasks...7 6.1 Change administrator Password...7 6.2 Set SMTP mail transfer mapping...8 7.0 Advanced Configuration Tasks...8 7.1 Installation to non-dhcp managed LAN...9 7.2 Support network logon from public access stations...9 7.3 Other functions and features...10 Appendix A: Netmask and mask bit length notation...11

Congratulations on your purchase of a MikroWall system from ViewBank Rise Networks. Based on the popular MikroTik RouterOS (www.mikrotik.com), the MikroWall solution is more than just a public internet access system, combining the functions of internet café service, wireless access point, corporate firewall, VPN server and Voice over IP (VoIP) gateway into a single powerful and flexible IP network solution. This guide is aimed at getting the system online and running with basic public internet access capabilities quickly and easily. For advanced configuration and management, the Mikrotik RouterOS documentation available for download from the Mikrotik web site is highly recommended. 1.0 The Device: There are two available versions of the MikroWall Hotspot Router: 1.1 The MikroWall Wireless The MikroWall Wireless appliance includes an integrated WiFi (802.11b or 802.11b/g) interface, allowing customers to connect to the public internet access service from any WiFi enabled device (Laptop, PDA, etc) 1.2 MikroWall Standard The MikroWall Standard appliance does not include an integrated WiFi interface, but can still support wireless device connections by using a readily available off the shelf wireless access point device (further details below). The MikroWall Standard device is otherwise identical in operation and function to the MikroWall Wireless version. You can identify which appliance you have by inspecting the back of the unit. Wireless Standard has two 10/100 ethernet interfaces fitted whilst the Wireless version (pictured) has an additional wireless interface: wireless interface 2.0 Installation ethernet interfaces This guide assumes that you have an existing ethernet network (LAN) with a suitable broadband internet (e.g. ADSL) service. Most implementations of this type of set up supports assignment of network addresses and internet configuration by the broadband router, using DHCP (Dynamic Host Configuration Protocol). The MikroWall appliance default configuration is designed to support this type of implementation. If a DHCP service is not available on your LAN, additional configuration may be required. Please refer to the section Advanced Configuration for further details if this is the case for your network. ViewBank Rise Networks 2005 www.viewbankrise.net.au 2

2.1 Before you start: The following components are required to get your public internet service up and running: a) The MikroWall Hotspot appliance b) An ethernet switch or hub (additional to your existing network) c) Two standard ethernet cables (usually blue in color) 2.2 Connections: Locate the MikroWall Hotspot appliance in a convenient location that is close to the existing ethernet switch or hub. Connect the MikroWall device to a suitable power outlet and turn on the device. The device will make a series of beeps when starting up. When you hear two short beeps in sequence, this indicates that the device is ready for operation. Locate the new ethernet switch or hub adjacent to the MikroWall device and plug in to a suitable power outlet. Connect the interface labeled Private Network to your existing ethernet switch or hub using a standard ethernet cable. Connect the interface labeled Public Network to the new ethernet hub or switch using a standard ethernet cable. Wireless access stations private ADSL Modem internet public Existing switch/hub Public access switch/hub Public access stations Existing network Public access network Connect your public access workstations (i.e. Internet Café computers) to the new ethernet switch or hub using standard ethernet cables. ViewBank Rise Networks 2005 www.viewbankrise.net.au 3

The diagram above depicts the final configuration of the network components. Your MikroWall Hotspot appliance is now ready for test operation. 3.0 Accessing internet from the public access stations. In this section, it is assumed that the public access workstation is connected to the network as described in section 2.0 above. The TCP/IP properties of the local network interface on the public access computer should be set to Server Assigned IP addresses and DNS (pictured). It is also assumed that the public access station are not configured to log on to a network server. That is they either log on locally or do not require log on at all to access the workstation programs. If it is required that the public access station connect to a network server, file or print server or require some other (non internet) service, then either those servers must be also connected to the public network, or additional advanced configuration may be required. Refer to the section Advanced Configuration below. Turn on the public access station and log on to the computer in the normal way. Open a web browser program, such as Microsoft Internet Explorer or equivalent. If you do not immediately see the Hotspot Login screen, enter any URL in the address field (e.g. www.google.com) and click GO. At the Hotspot login prompt, enter the username admin and password admin to access internet. 4.0 Accessing internet from a wireless device. Before attempting to connect to the MikroWall appliance from a wireless enabled device, first make sure that the type of wireless interface is supported. The MikroWall wireless system supports the WiFi standards 802.11b and (selected units) 802.11g. Note that there are several wireless technologies that are not supported, including 802.11a, Bluetooth, IRDA (Infrared) and mobile phone systems such as GSM. The following steps describe connection of a windows based computer or laptop to the wireless network. The procedure may vary for other types of devices, but the steps are similar. Turn on the wireless (WiFi) enabled device and log on in the usual way. Right click on the wireless interface icon in the task bar (pictured), and select view all wireless connections ViewBank Rise Networks 2005 www.viewbankrise.net.au 4

Select the wireless network hotspot, check the box labeled allow me to connect to this network even though it is not secure and click connect. Watch the progress indicator on the wireless interface icon, and wait for the message Connected to hotspot to appear. If you do not immediately see the Hotspot Login screen, enter any url in the address field (e.g. www.google.com) and click GO. At the Hotspot login prompt, enter the username admin and password admin to access internet. 5.0 Adding new users. There are three supported mechanisms to add and manage users. a) Use the built-in Winbox administration tool b) Use the supported online Webministrator internet account management service from ViewBank Rise Networks c) Use the Mikrotik Hotspot Administration system from Mikrotik systems 5.1 Winbox Administration. To access the built in Winbox admin application, it is recommended to use a (Microsoft Windows) computer connected to the Private Network interface of the MikroWall appliance. It is also possible to use a (Microsoft Windows) public access workstation for this task by first logging on to the internet service, and then following the instructions starting from step (5.1.2) below. The following instructions describe the steps required for use of a Windows XP or Windows 2003 based computer. The procedure for other systems may vary, but the steps are similar. 5.1.1 Preparing the administration computer. Before you start: The selected administration computer will require a static IP address for ideal configuration. Identify a free IP address for your LAN before starting this procedure. You may need to consult your network administrator for assistance. Click Start, then Connect To, then Show all Connections. Right click on the Local Area Connection, and choose Properties. Select Internet Protocol (TCP/IP) on the General tab, then click Properties. If the current configuration already shows use the following IP address, then you may skip the following step. ViewBank Rise Networks 2005 www.viewbankrise.net.au 5

Select use the following IP address, and enter the static IP address details, DNS server/s and gateway obtained as above. Click the advanced button. Click add, and enter the IP address 10.1.30.2 and net mask 255.255.255.0 then click OK for all open dialogs. 5.1.2 Accessing the Winbox console. This process may be completed from a suitable admin computer configured as per 5.1.1 above, or from any public access or wireless computer after logging in to the public access internet service as per sections 3.0 and 4.0 above. It is recommended to use an administration computer for both security and convenience. Open an internet browser program and go to: http://10.1.30.1:8081 Click on the image for MikroWall Winbox Console, and select open when prompted. When the Winbox console appears, enter the following details: Connect to: 10.1.30.1:8081 Login: admin Password: admin Keep Password: checked Note: Hotspot Click save, then connect. Click on IP, then Hotspot On users tab, click add (red cross) Enter the name and password of a new user, then OK. Now you may log on to the public internet access service using that new username and password. 5.1.3 Webministrator Access Management application. The Webministrator application is an online hotspot and public internet administration system supporting a vast range of functions and features and is the ideal partner for the MikroWall Hotspot appliance. The Webministrator application includes support for functions including: ViewBank Rise Networks 2005 www.viewbankrise.net.au 6

Comprehensive access plan creation: create access plans limited by time and/or download, expiry profiles, upload and download speeds including automatic excess shaping One click Hotspot Ticket creation. Automated accounting and billing processes for regular or long term customers Support for custom domains including email accounts and web site management Optional online secure and real-time credit card payments The Webministrator package is available on monthly subscription basis with a range of plans to suit any public access operation from public access internet café to large wireless ISP. For further details, contact ViewBank Rise Networks, or visit our web site. 5.2 Mikrotik Hotspot Manager The Mikrotik Hotspot Manager is a stand-along hotspot administration package available for download from the Mikrotik web site at www.mikrotik.com. Although currently only available as pre-release beta and therefore not supported, this system provides a flexible set of tools and functions to manage public internet access customers easily and efficiently. To obtain the Mikrotik Hotspot Manager, go to the Mikrotik web sites, download the package and follow the documentation provided. 6.0 Further tasks 6.1 Change administrator Password For security, it is highly recommended to change the system admin password to a more secure value. The system password is changed via the Winbox console application. Begin by accessing the Winbox Console using one of the methods described in section 5.1 above. Click the Password selection on the left hand menu (green padlock icon) Enter the original password (default is admin ), then your chosen password twice. Warning: Make sure that you do not forget or lose the new password. Lost passwords can not be recovered. Loss of password will require complete system reset and render the device unusable as a Hotspot appliance without full reconfiguration. ViewBank Rise Networks 2005 www.viewbankrise.net.au 7

6.2 Set SMTP mail transfer mapping A common problem encountered when mobile users connect to public access services is that although email can be retrieved successfully, sending email will fail. The reason for this that most ISP mail systems will not accept email from unknown network locations as a protection from abuse by bulk email senders (spam). The MikroWall Hotspot Router solves this problem by supporting a mechanism to allow automatic redirection of outbound email traffic to a local ISP mail system. Before you start: Obtain the IP address of your ISP SMTP mail server (outbound mail). If you do not know what the mail server address is, consult your ISP. Note that the mail server IP address is required which is 4 numbers separated by periods. most ISPs will refer to the server by name (eg mail.myisp.com) but you must have the IP address for this task. Open the Winbox console by one of the methods described in section 5.1 above. Click the IP menu, and then select firewall. Select the Destination NAT tab. Click Add (red cross) icon Enter tcp in the protocol field Check the right hand checkbox beside Dst Port and enter the value 25. Select the Action tab For Action, select nat Enter the IP Address of your ISP mail server in both fields of To Dst Addresses. Enter the value 20 in the To Dst Ports field. Click Tools select Comment and enter text such as Redirect outbound SMTP traffic and click OK, and OK again. 7.0 Advanced Configuration Tasks ViewBank Rise Networks 2005 www.viewbankrise.net.au 8

7.1 Installation to non-dhcp managed LAN. If your existing LAN is not managed by a DHCP service, then many of the basic network configuration tasks must be done manually including IP address of the private LAN interface, DNS servers and default gateway. Before you start: Begin by gathering the required network configuration information. You will need to know: A spare IP Address on the local network to connect to the LAN The netmask for the local network The default gateway IP Address(es) of one (or two) DNS server(s) Start by connecting to the Winbox console using one of the methods described in section 5.1 above. Click the IP menu, then choose Addresses. Click the add (red cross) icon. For Address, enter the IP address obtained from above. In the field after IP address (after the / character) enter the netmask bit length. (refer to the table in appendix A for more information) Select private in the interface select list. Click OK. 7.2 Support network logon from public access stations The MikroWall Hotspot router contains an integrated and dynamic firewall that limits access to network resources from unauthenticated stations on the public network. Therefore, in order to allow access to services on the private network from unauthenticated computers, the MikroWall firewall must be configured to allow access to specific addresses and/or ports to allow unauthenticated access to those server resources. Before you start: Before starting this configuration step, you will need to identify the IP address and netmask of all private network servers to which access must be granted. If you are unsure of the server IP address(es), you may need to consult your network administrator. Firewall configuration is conducted via the MikroWall Winbox console. Start by connecting to the Winbox console using one of the methods described in section 5.1 above. Click the IP menu, then select firewall. ViewBank Rise Networks 2005 www.viewbankrise.net.au 9

On the Filter Rules tab, select forward in the select list at the top right of the firewall window, and click the add (red cross) icon. Enter the IP address of the server to grant access in the Dst Address field and the netmask bit length (refer to appendix A for further information about netmask definition) then click OK. Move the mouse cursor over the newly created rule at the bottom of the list, then using the left mouse button, drag the new rule to the top of the list. Click the add icon again, and enter the IP address and mask of the destination server, and OK. Move the new rule again to the top of the list. 7.3 Other functions and features The MikroWall Hotspot router includes many more advanced functions and features including transparent HTTP cache, DHCP server, network address translation and redirection (NAT), VoIP gateway, QoS, IP accounting, VPN server and more. It is highly recommended to review the MikroTik RouterOS documentation available for viewing online at http://www.mikrotik.com/documentation.html or download in pdf format. ViewBank Rise Networks 2005 www.viewbankrise.net.au 10

Appendix A: Netmask and mask bit length notation Network mask notation generally takes two main forms. Dotted decimal, and bit length. The most common notation for most end user interfaces is the dotted decimal form, where the netmask is represented as four decimal numbers between 0 and 255 separated by a period (.), for example: 255.255.255.0 For many network component configuration systems, however, the netmask is represented by a slash (/) character, followed by the number of binary digits in the mask that are set to 1, for example: /24 As a ready reference, the following table provides a list of some common netmask values as equivalent expressions: dotted decimal Bit length 255.255.255.255 /32 255.255.255.252 /30 255.255.255.248 /29 255.255.255.240 /28 255.255.255.224 /27 255.255.255.196 /26 255.255.255.128 /25 255.255.255.0 /24 255.255.252.0 /22 255.255.248.0 /21 255.255.240.0 /20 255.255.224.0 /19 255.255.196.0 /18 255.255.128.0 /17 255.255.0.0 /16 255.128.0.0 /9 255.0.0.0 /8 ViewBank Rise Networks 2005 www.viewbankrise.net.au 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback