Difference between revisions of "Training:Router"

From IPitomy Wiki
Jump to navigation Jump to search
 
(17 intermediate revisions by 3 users not shown)
Line 1: Line 1:
Router
+
=== Introduction to Routers ===
 +
A router serves as the essential gateway in a network, functioning like a digital traffic controller. It manages the flow of data between your local network (LAN) and the vast expanse of the Internet. Routers perform this complex job using features like Network Address Translation (NAT), Port Forwarding, and Dynamic Host Configuration Protocol (DHCP). These functionalities ensure that your data travels efficiently, securely, and seamlessly from your devices to the web and back.
  
 
+
==== Network Address Translation (NAT) ====
 
+
In digital communication, IP addresses are finite. It's impractical for every device connected to the Internet to have a unique public IP address. Instead, your local network uses a private range of IP addresses, represented on the Internet by a single public IP. NAT plays a critical role here. It assigns a unique port number to each device on your network seeking Internet access. The router 'remembers' this assignment, allowing it to correctly route incoming data to the right device. Problems with NAT, like inconsistent configurations, can lead to issues such as unreachable remote phones or call reception problems.
The router is your gateway to the internet.  It is responsible for routing packets from devices on your LAN to the internet, and ensuring that packets from the internet are routed to the correct devices on the LAN.  This is accomplished through Network Address Translation (NAT) and port forwarding.  The router is also typically responsible for assigning IP addresses to devices on the network via DHCP when not using a separate DHCP server.
 
 
 
 
 
  
*Network Address Translation – Since there are a limited number of IP addresses it is not feasible for every device that communicates to the internet to have its own public IP address.  Because of this your network will have its own private subnet of IP addresses and a single public IP.  When a device communicates out to the internet, the router will NAT a certain port for that device so that it knows where to send responding packets. 
+
==== Dynamic Host Configuration Protocol (DHCP) ====
 +
Routers often double as DHCP servers, dynamically assigning IP addresses to devices on your network. In some setups, a separate server might handle DHCP. Understanding the DHCP configuration is crucial to prevent IP address conflicts. Key aspects to consider include the management of DHCP, the range of IP addresses it can assign, and the allocation of static IP addresses for critical devices like PBX systems.
  
 
 
 
 
  
Inconsistent NAT is the number one reason we see remote phones failing.  Symptoms would be showing as unreachable on the Monitoring page in the PBX, unable to receive calls, but able to make calls.
+
=== Port Forwarding in Routers ===
 +
Port forwarding is a crucial function in routers, guiding incoming internet traffic to the appropriate device within your local area network (LAN). This mechanism is especially significant in VOIP and SIP configurations. For example, remote VOIP phones often connect to your network through specific ports like 5060. To facilitate this, the router must be configured to route the traffic to the appropriate internal IP address of your PBX system.
  
*Eg: You have a remote phone with a local IP address of 192.168.1.112 at your house.  The public IP at your house is 78.16.54.98.  If you look at the monitoring page in the PBX, it shows the remote phone registered with the 78.16.54.98 IP address.  When the PBX sends packets to your phone, it sends them [[|to <78.16.54.98:Port#>. ]]When your home router receives the packets, it knows that the Port# was reserved for the local IP 192.168.1.112 and therefore routes the packets to your phone, allowing you to communicate. 
+
There are three primary methods of port forwarding:
  
 
+
==== Single Port Forwarding ====
 
+
This method directs all incoming traffic on a specific WAN (wide area network) port to a designated LAN IP address on the same port. For example, traffic on external port 5060 can be forwarded to the PBX system at port 5060.
*Dynamic Host Configuration Protocol (DHCP) – In most installs the router will serve the function of DHCP, meaning the router is responsible for handing out IP addresses to devices on the network.  In a few instances the user will have a server onsite that handles DHCP instead of the router.  During your site survey it is important to find out how DHCP will be handled, what the DHCP range is, and a list of unused static IP addresses so you can set the PBX (and possibly other devices) to a static IP and not have to worry about an IP conflict.  Unless the network has advanced configuration (vLAN) there should only be one device handing out DHCP.
 
 
 
 
 
 
 
*Port Forwarding – This is how the router ensures that inbound packets to particular ports are routed to the right device on the LAN.  For example, remote phones always initiate their communication by sending packets to port 5060.  Because of this, you must forward port 5060 in the router to the internal static IP address of the PBX.  If this port forwarding is not configured, the router will not know what to do with a packet received on 5060 and a remote phone will not register.
 
 
 
 
 
 
 
*Single Port Forwarding: This instructs the router to take all WAN traffic to a certain port and route those packets to a LAN IP via that single port. Eg: forward port 5080 externally to the PBX IP on port 5060.
 
*Port Range Forwarding: This instructs the router to take all WAN traffic to a range of ports and route those packets to a LAN IP via that range of ports.  Eg: forward ports 10000 thru 20000 externally to the PBX IP on ports 10000 thru 20000.
 
 
 
 
 
 
 
*1 to 1 NAT: This instructs the router to take all WAN traffic to a certain port and route those packets to a LAN IP via a different port.  This would typically be used when the port needed is already being used.  Eg:  The end user hosts their own webpage and 80 is used, so instead you can forward port 8080 externally to the PBX IP on port 80.
 
 
 
 
 
  
 
Table 1: Single Port Forwarding
 
Table 1: Single Port Forwarding
 
+
{| class="wikitable"
{| border="1" cellpadding="0" cellspacing="0"
+
!Application Name
|-
+
!Port
|
+
!Protocol
Application Name
+
!To IP Address
 
 
|
 
Port
 
 
 
|
 
Protocol
 
 
 
|
 
To IP Address
 
 
 
 
|-
 
|-
|  
+
|Remote Administration
Remote Administration
+
|80
 
+
|TCP
|  
+
|PBX Internal IP
80
 
 
 
|  
 
TCP
 
 
 
|  
 
PBX Internal IP
 
 
 
 
|-
 
|-
|  
+
|SSH Support
SSH Support
+
|22
 
+
|TCP
|  
+
|PBX Internal IP
22
 
 
 
|  
 
TCP
 
 
 
|  
 
PBX Internal IP
 
 
 
 
|-
 
|-
|  
+
|SIP
SIP
+
|5060
 
+
|UDP
|  
+
|PBX Internal IP
5060
 
 
 
|  
 
UDP
 
 
 
|  
 
PBX Internal IP
 
 
 
 
|-
 
|-
|  
+
|Branch Office
Branch Office
+
|4569
 
+
|UDP
|  
+
|PBX Internal IP
4569
 
 
 
|  
 
UDP
 
 
 
|  
 
PBX Internal IP
 
 
 
 
|}
 
|}
  
 
+
==== Port Range Forwarding ====
 +
This type forwards all incoming traffic on a specified range of WAN ports to the corresponding range of ports on a LAN IP address. For instance, external ports 10000-20000 can be forwarded to the PBX system.
  
 
Table 2: Port Range Forwarding
 
Table 2: Port Range Forwarding
 
+
{| class="wikitable"
{| border="1" cellpadding="0" cellspacing="0"
+
!Application Name
 +
!Port Range
 +
!Protocol
 +
!To IP Address
 
|-
 
|-
|  
+
|RTP
Application Name
+
|10000-20000
 
+
|TCP & UDP
|
+
|PBX Internal IP
Port
 
 
 
|
 
Protocol
 
 
 
|
 
To IP Address
 
 
 
|-
 
|
 
RTP
 
 
 
|  
 
10000-20000
 
 
 
|  
 
TCP & UDP
 
 
 
|  
 
PBX Internal IP
 
 
 
 
|}
 
|}
  
 
+
==== 1-to-1 NAT ====
 +
Used when a specific port is already in use. It allows for the redirection of traffic from one WAN port to a different LAN port. For example, if port 80 is used by a web server, external port 8080 can be routed to port 80 on the PBX system.
  
 
Table 3: 1 to 1 NAT
 
Table 3: 1 to 1 NAT
 
+
{| class="wikitable"
{| border="1" cellpadding="0" cellspacing="0"
+
!Application Name
 +
!External Port
 +
!Internal Port
 +
!Protocol
 +
!To IP Address
 
|-
 
|-
|  
+
|Alternate Remote Administration
Application Name
+
|8080
 
+
|80
|
+
|TCP
External Port
+
|PBX Internal IP
 
 
|
 
Internal Port
 
 
 
|
 
Protocol
 
 
 
|
 
To IP Address
 
 
 
|-
 
|
 
Alternate Remote Administration
 
 
 
|  
 
8080
 
 
 
|  
 
80
 
 
 
|  
 
TCP
 
 
 
|  
 
PBX Internal IP
 
 
 
 
|}
 
|}
  
 
+
=== Remote Access in Network Management ===
 
+
Remote access to devices such as the PBX system is a key feature for network administrators or support personnel, enabling them to modify configurations or troubleshoot issues remotely. This capability significantly enhances the efficiency of network management and technical support.
 
 
 
 
*Remote Access – With remote access to the PBX you can make configuration changes from your office.  IPitomy Tech Support will also be able to troubleshoot with you more efficiently.  In order to have the most visibility to the PBX, we recommend you forward port 80 (remote admin) and port 22 (SSH) to the PBX Internal IP address.  Once this has been configured in the router you can enter <publicIPaddress>/ippbx from any PC that is connected to the internet and access the admin login for the PBX.  If the end user is already using port 80 you will have to configure a 1 to 1 NAT of a different port (8080) to port 80 as the web access port on the PBX cannot be changed.
 
 
 
 
 
 
 
*Example Router Forwarding Interface: DDWRT – Below is a screenshot from a router loaded with DDWRT Open Source firmware.  The configuration screen for Port Forwarding is pretty standard.
 
 
 
 
 
 
 
<picture needed>
 
  
 
+
==== Configuring Remote Access to the PBX System ====
 +
For optimal remote accessibility of the PBX system, certain ports need to be configured:
  
 
+
* Port 80 (Remote Admin Access): Forwarding this port allows administrators to access the PBX system's admin page from any web browser.
 +
* Port 22 (Secure Shell or SSH Access): Forwarding this port enables secure command-line access to the PBX system.
  
 
+
Using this setup, administrators can access the PBX admin login page by typing <code>http://<publicIPaddress>/ippbx</code> in a web browser.
  
&nbsp;
+
==== Dealing with Port 80 Conflicts: 1 to 1 NAT Forwarding ====
 +
If port 80 is already in use, the 1 to 1 NAT port forwarding method should be employed. This allows mapping an alternate external port (such as 8080) to the internal port 80 of the PBX system, addressing the issue of the PBX system's fixed web access port.
  
&nbsp;
+
Note: It's essential to maintain strong security practices, including using secure passwords and VPNs, to protect remote access points from unauthorized access.&nbsp;
  
Questions:
+
=== Overview of DDWRT Firmware ===
 +
DDWRT is a well-known open-source firmware that can be installed on a wide range of router models. This firmware is celebrated for its user-friendliness and offers a standardized interface for various networking tasks, including port forwarding.
  
&nbsp;
+
==== Configuring Port Forwarding with DDWRT ====
 +
The port forwarding configuration interface in DDWRT is designed to be intuitive, making it accessible even for those with limited technical background. Here’s how you can set up port forwarding using the DDWRT interface:
  
#What port is used to access the web interface for the PBX? (80, 8080, 5060, 4569)
+
# Accessing the Interface: After installing DDWRT firmware on your router, log in to the router's web interface. This usually involves entering the router’s IP address in a web browser.
 +
# Navigating to Port Forwarding: In the DDWRT interface, navigate to the ‘Port Forwarding’ section. This is typically found under the ‘NAT / QoS’ menu.
 +
# Setting Up Rules: Here, you can add port forwarding rules. This involves specifying the external port (or port range), the protocol (TCP, UDP, or both), the internal IP address to which the traffic should be directed, and the internal port if different from the external one.
 +
# Saving and Applying Settings: After configuring the rules, save and apply the changes. The router may need to restart for the changes to take effect.
  
&nbsp;
+
==== The Importance of Interface Familiarity ====
 +
Understanding how to navigate and configure settings in router interfaces like DDWRT is crucial for effective network management. Whether it's setting up port forwarding, adjusting security settings, or managing DHCP, familiarity with these interfaces ensures that you can maintain a solid and secure network configuration.
  
#What device on your network functions as a gateway to the Internet? (switch, router, PBX, server)
+
==== Enhancing Network Performance and Security ====
 +
Proper setup of features like port forwarding not only facilitates seamless communication between your network devices and the Internet but also significantly boosts the overall performance and security of your network. It's important to regularly review and update these configurations to align with changing network needs and security standards.
  
 
&nbsp;
 
&nbsp;
  
#Which term is used to describe a port forward that routes packets from one external port to a different internal port? (1 to 1 NAT, port triggering, SSH, DHCP)
+
[[File:Router-PortForward.gif|none|Router-PortForward.gif]]
  
&nbsp;
 
  
#How many devices on the network should typically be handing out DHCP? (2, 0, all, 1)
 
 
&nbsp;
 
  
#What ports must be forwarded for remote phones to function? (5060 & 10000-20000, 8080 & 22, 4569 & 5048, 5060 and 80)
+
[[File:Router-PortRangeForwarding.gif|none|Router-PortRangeForwarding.gif]]
 +
[[Category:Training]]

Latest revision as of 16:57, 13 November 2023

Introduction to Routers

A router serves as the essential gateway in a network, functioning like a digital traffic controller. It manages the flow of data between your local network (LAN) and the vast expanse of the Internet. Routers perform this complex job using features like Network Address Translation (NAT), Port Forwarding, and Dynamic Host Configuration Protocol (DHCP). These functionalities ensure that your data travels efficiently, securely, and seamlessly from your devices to the web and back.

Network Address Translation (NAT)

In digital communication, IP addresses are finite. It's impractical for every device connected to the Internet to have a unique public IP address. Instead, your local network uses a private range of IP addresses, represented on the Internet by a single public IP. NAT plays a critical role here. It assigns a unique port number to each device on your network seeking Internet access. The router 'remembers' this assignment, allowing it to correctly route incoming data to the right device. Problems with NAT, like inconsistent configurations, can lead to issues such as unreachable remote phones or call reception problems.

Dynamic Host Configuration Protocol (DHCP)

Routers often double as DHCP servers, dynamically assigning IP addresses to devices on your network. In some setups, a separate server might handle DHCP. Understanding the DHCP configuration is crucial to prevent IP address conflicts. Key aspects to consider include the management of DHCP, the range of IP addresses it can assign, and the allocation of static IP addresses for critical devices like PBX systems.

 

Port Forwarding in Routers

Port forwarding is a crucial function in routers, guiding incoming internet traffic to the appropriate device within your local area network (LAN). This mechanism is especially significant in VOIP and SIP configurations. For example, remote VOIP phones often connect to your network through specific ports like 5060. To facilitate this, the router must be configured to route the traffic to the appropriate internal IP address of your PBX system.

There are three primary methods of port forwarding:

Single Port Forwarding

This method directs all incoming traffic on a specific WAN (wide area network) port to a designated LAN IP address on the same port. For example, traffic on external port 5060 can be forwarded to the PBX system at port 5060.

Table 1: Single Port Forwarding

Application Name Port Protocol To IP Address
Remote Administration 80 TCP PBX Internal IP
SSH Support 22 TCP PBX Internal IP
SIP 5060 UDP PBX Internal IP
Branch Office 4569 UDP PBX Internal IP

Port Range Forwarding

This type forwards all incoming traffic on a specified range of WAN ports to the corresponding range of ports on a LAN IP address. For instance, external ports 10000-20000 can be forwarded to the PBX system.

Table 2: Port Range Forwarding

Application Name Port Range Protocol To IP Address
RTP 10000-20000 TCP & UDP PBX Internal IP

1-to-1 NAT

Used when a specific port is already in use. It allows for the redirection of traffic from one WAN port to a different LAN port. For example, if port 80 is used by a web server, external port 8080 can be routed to port 80 on the PBX system.

Table 3: 1 to 1 NAT

Application Name External Port Internal Port Protocol To IP Address
Alternate Remote Administration 8080 80 TCP PBX Internal IP

Remote Access in Network Management

Remote access to devices such as the PBX system is a key feature for network administrators or support personnel, enabling them to modify configurations or troubleshoot issues remotely. This capability significantly enhances the efficiency of network management and technical support.

Configuring Remote Access to the PBX System

For optimal remote accessibility of the PBX system, certain ports need to be configured:

  • Port 80 (Remote Admin Access): Forwarding this port allows administrators to access the PBX system's admin page from any web browser.
  • Port 22 (Secure Shell or SSH Access): Forwarding this port enables secure command-line access to the PBX system.

Using this setup, administrators can access the PBX admin login page by typing http://<publicIPaddress>/ippbx in a web browser.

Dealing with Port 80 Conflicts: 1 to 1 NAT Forwarding

If port 80 is already in use, the 1 to 1 NAT port forwarding method should be employed. This allows mapping an alternate external port (such as 8080) to the internal port 80 of the PBX system, addressing the issue of the PBX system's fixed web access port.

Note: It's essential to maintain strong security practices, including using secure passwords and VPNs, to protect remote access points from unauthorized access. 

Overview of DDWRT Firmware

DDWRT is a well-known open-source firmware that can be installed on a wide range of router models. This firmware is celebrated for its user-friendliness and offers a standardized interface for various networking tasks, including port forwarding.

Configuring Port Forwarding with DDWRT

The port forwarding configuration interface in DDWRT is designed to be intuitive, making it accessible even for those with limited technical background. Here’s how you can set up port forwarding using the DDWRT interface:

  1. Accessing the Interface: After installing DDWRT firmware on your router, log in to the router's web interface. This usually involves entering the router’s IP address in a web browser.
  2. Navigating to Port Forwarding: In the DDWRT interface, navigate to the ‘Port Forwarding’ section. This is typically found under the ‘NAT / QoS’ menu.
  3. Setting Up Rules: Here, you can add port forwarding rules. This involves specifying the external port (or port range), the protocol (TCP, UDP, or both), the internal IP address to which the traffic should be directed, and the internal port if different from the external one.
  4. Saving and Applying Settings: After configuring the rules, save and apply the changes. The router may need to restart for the changes to take effect.

The Importance of Interface Familiarity

Understanding how to navigate and configure settings in router interfaces like DDWRT is crucial for effective network management. Whether it's setting up port forwarding, adjusting security settings, or managing DHCP, familiarity with these interfaces ensures that you can maintain a solid and secure network configuration.

Enhancing Network Performance and Security

Proper setup of features like port forwarding not only facilitates seamless communication between your network devices and the Internet but also significantly boosts the overall performance and security of your network. It's important to regularly review and update these configurations to align with changing network needs and security standards.

 

Router-PortForward.gif


Router-PortRangeForwarding.gif