Services

Through the Service page, system-wide services can be configured. Please note that not all the services listed below are available for every operating mode.

SSH

SSH Server can be enabled/disabled through this page.
  • Enable SSH enables SSH access to the Bitlomat unit.
  • Enable Login with password is used to authenticate using Administrator credentials in order to grant SSH access to the device. An Authentication Key will be required otherwise.
  • Port is the SSH service TCP/IP port setting.
  • Interface selector can be used to prevent from accessing the unit via SSH through certain interfaces.
  • Key Management can be used to add a Public key file to get SSH access to the unit instead of using an admin password.

1. Services

SHAPER

Traffic shaping for the cabled and wireless interfaces (per SSID) can be set up.

  • Enable Traffic Shaping is used to enable/disable the service.
  • The list of the available interfaces/SSID is reported. For each interface, incoming and outgoing traffic limits in Kb/s can be defined.

2. Services

 

MAC ACL

A MAC address Access Control List to allow or prevent specific MAC addresses from joining the wireless network. For each MAC address it is possible to specify the behavior rule (deny or allow).
3. Services

 

NAT and Port Forwarding

Network Address Translation (NAT) can be enabled for the unit and is implemented using the masquerade type firewall rules. NAT firewall entries are stored in the iptables NAT table.
Port Forwarding creates a transparent tunnel through a firewall/NAT, granting an access from the WAN side to the particular network service running on the LAN side.

4. Services

 

ROUTES

Through the Static Routes page, it is possible to add static routing rules to specify e.g. that a specific target IP address (es) passes through a determined gateway.
For each entry, a valid Target Network IP/Netmask and Gateway IP can be specified. Check the “ON” checkbox, in order to enable this rule.

5. Services

 

FIREWALL

Firewall rules can be configured, enabled or disabled.
Firewall entries can be specified by using the following criteria:
  • Rule Number indicates the priority of the firewall rule. The smaller the number, the higher the priority.
  • Action allows two specific firewall rules: ALLOW or DENY. By enabling “ALLOW”, the packets can pass the firewall unmodified. When choosing “DENY”, the packets are denied passage through the firewall and no response is sent.
  • Input Interface specifies where filtering of the incoming/passing-through packets is processed;
  • Protocol sets which particular L3 protocol type (IP, ICMP, TCP, UDP) should be filtered;
  • Source IP/Netmask is the source IP of the packet (specified within the packet header), usually it is the IP of the host system that sends the packets;
  • Source Port is the source port of the TCP/UDP packet (specified within the packet header), usually it is the port of the host system application that sends the packets;
  • Destination IP/Netmask is the destination IP of the packet (specified within the packet header), usually it is the IP of the system which the packet is addressed to;
  • Destination Port is the destination port of the TCP/UDP packet (specified within the packet header), usually it is the port of the host system application which the packet is addressed to.
  • Not operators can be enabled for inverting the Source IP/mask, Source Port, Destination IP/mask and Destination Port filtering criteria (i.e. if not is enabled for the specified Destination Port value 443, the filtering criteria will be applied to all the packets sent to any Destination Port except the 443, which is commonly used by HTTPS).

6. Services

 

DDNS

Enable Dynamic DNS enables Dynamic DNS service. Dynamic DNS allows real-time notification to the DNS Server of any changes occurring in the device’s IP setting, therefor allowing access to the device through a Domain Name even if the device’s IP address has changed.
  • Service selector is used to point the DDNS Bitlomat unit client to an online DDNS provider.
  • Domain defines the Dynamic DNS Host Name used to access the unit from remote as specified by the online DDNS providers.
  • Username defines the Dynamic DNS Username.
  • Password defines the Dynamic DNS password. Check “show” to display the password.

7. Services

 

NTP

The Network Time Protocol (NTP) is a protocol for synchronizing the clocks of computer systems over packet-switched, variable-latency data networks. It can be used to set the system time of the Bitlomat units.
Enable NTP will enable NTP client.
It is possible to specify the IP address or domain name of a Primary and a Secondary NTP Server.

8. Services

 

SNMP

Simple Network Monitor Protocol (SNMP) is used in network management systems to monitor network devices for conditions that require administrative attention. The SNMP agent allows communication to SNMP manage applications for network provisioning.
  • Enable SNMP control will enable SNMP Agent.
  • SNMP Community specifies SNMP community string. It is required to authenticate access to MIB objects and functions as embedded password. The device supports a Read-only community string that gives read access to authorized management servers to all the objects in the MIB.The default SNMP Community is ”public”.
  • Contact specifies the identity or the contact who should be contacted in case a emergency situation arise.
  • Location specifies the physical location of the device.

9. Services

 

NOTIFIER

Mail notifier can be configured, enabled or disabled.

Notifier entries can be specified by using the following criteria:

  • SMTP Server: ip address of the server
  • Port: server’s port
  • Authentication: authentication method used to access the server
  • Encryption: encryption method
  • Source mail address: is the source mail address that sends the notifications
  • Destination mail address: is the destination mail address that receives the notifications generated by the radio
  • CPE disconnects for more than: sets a time duration for a disconnected radio, when exceeded will be triggered an alarm
  • CPE signal is lower than:sets a threshold of the radio’s signal strength under which an alert will be triggered

10. Services Notifier- da aggiungere testo