ePipe logohomeabout ePipeproductssolutionssupportinformation centercontact usDocumentation banner, 8K

ePipe VPN and Security Products:
Connecting to the Internet


Introduction

This section introduces you to the concepts you will need to understand in order to connect your ePipe to the Internet. You should be familiar with the Key Networking Concepts included in this documentation and the Setup and Configuration of the ePipe (i.e. you should be able to connect power and network cabling to your ePipe, and configure your ePipe with a valid Internet Protocol (IP) address for the (first) Ethernet port).

Bundles, Dialers, and Scalable Bandwidth

ePipe allows you to connect to the internet using any combination of network technologies:-

Furthermore, ePipe allows you to aggregate more than one connection to provide faster access to the Internet. Different types of outgoing connection can be aggregated using the Intelligent Internet Bonding (I2B) feature of ePipe.

A group of Internet connections over which network data is shared is called a "Bundle". Bundles may be permanently connected, or if analogue modems are used, can be dialled on-demand, whenever network traffic needs to be sent. Bundles can have all connections activated at once, or start with a single connection and dial extra connections if network traffic increases ("Bandwidth On Demand").

Bundles and Dialers

A bundle can dynamically connect or disconnect an arbitrary amount of links based on bandwidth and network demand (refer Permanent Connections and Dial-on Demand sections below). A link can create a connection across a phone-line or broadband medium (refer Broadband section below) to an Internet Service Provider's (ISP's) Point of Presence (PoP) . These concepts and their application are explored in-depth in Key Networking Concepts included in this documentation.

Configuring Shared Internet Access (SIA) will involve setting up at least one bundle of links with the specifics of each connection. The Shared Internet Access Configuration Wizard steps through the process of creating a bundle and the links it will control. The context help available for each page from the ePipe Management Assistant describes in detail what each entry field refers to.

Permanent Connections

A permanent connection refers to a specific type of ISP Account which can potentially stay up all the time. This account may require a fixed IP address which is allocated for the duration of the account.

A permanent account should be specified at the link level of configuration. Due to the nature of a permanent connection, it should be marked as static so the bundle knows not to disconnect it when demand is low. It is an ideal default route for traffic, useful for serving incoming clients such as PPTP and HTTP requests.

Dial-on-Demand

Dial-on-Demand is a service which can dynamically bring connections up or down depending on specific events. It may be practical to disconnect an analogue modem ISP account if it hasn't been used for a specified amount of time. The connection could just as easily be brought up again if new traffic requiring that connection is sent. This service can be used to save money on ISP accounts which are charged over the time they are active.

Dial-on-Demand is a Dialup Link management issue which is handled by the bundle. A link can be explicitly marked as dynamic if it is used to provide Dial-on-Demand or 'static' if it is only ever to be connected/disconnected manually.

Bandwidth-on-Demand

'Bandwidth' is a term which has evolved to describe a variety of different concepts. For the purposes of Bandwidth-on-Demand, 'Bandwidth' refers to data-rate (speed) of a network link.

Bandwidth-on-Demand describes the ability to be able to bring connections up or down depending on the current load of traffic. A typical scenario would involve one static Dialup Link which would be connected for the duration of a session. Performance of this link will decrease as it becomes more heavily used. At a specified point another link can be connected to spread the network load over multiple connections, providing more bandwidth and improving performance.

The Bandwidth of a connection can be measured as a percentage of the connections potential maximum. It is therefore possible to implement a system where if one ISP connection has been at over 60% usage for a minute then another ISP connection is established to share the load. Similarly if a line drops below 20% usage for a minute it can be disconnected in an effort to gain consistent performance.

The Bundle controls Bandwidth-on-Demand for both the bundle in general as well as variables regarding each of it's allocated links.

Time-Based Links

Bandwidth may be increased or decreased using time-based links. Time-based links will connect and disconnect at predetermined times of day. This feature is particularly useful when there is a desire to disconnect links during specific times in order to reduce costs. When used in conjunction with filter rules on bundles, this feature provides the ability to limit bandwidth available for certain activities (e.g., Web browsing) during specified times of day.

Time of day links are configured in the Bandwidth Setting section of the User Interface. At the bottom of the Bandwidth Settings Screen you may enter the times that the link will be available. Please note that the time must be entered in 24-hour time format.

Backup Links

Back-up links have been implemented in ePipe ServerWare and ePipe firmware as of version 2.0. When thinking about back-up links, it is best to think of links as being either Primary or Back-up links. The Primary links are those that you would have configured normally, or all links that arenít configured as back-up links within a bundle. Back-up links are those links in a bundle that will be used when all primary links are disconnected or fail to connect.

When all of the primary links are down and start their second retry, the backup links will begin to connect. Once connected, the back-up links will stay connected until one of the primary links gets reconnected. Note that primary links attempt to connect based on the maximum number of retries and once they have tried to connect that number of times unsuccessfully, they are disabled.

To set a link as a backup link, simply go to the Connection Bundle Manager, by clicking on Bundle in the Advanced section of the ePipe Management Assistant. Select the bundle you wish to reconfigure, then click on the Link Bandwidth hyperlink for the link you wish to make a backup link. You will see a screen similar to the screen below.


To make this link a backup link:

Note: 

Backup links state can also be set to either static or dynamic. If the state is set to dynamic, links will only dial when bandwidth thresholds are met. Please refer to the Bundles, Diallers and Scalable Bandwidth section for more information.

Broadband

Broadband refers to a telecommunication system that provides multiple channels of data over a single communications medium. Due to the large amount of processing involved in high-speed broadband connections, special devices are required such as ISDN Terminal Adapters, Cable/DSL Routers or Bridges. Broadband connections are characteristically 'always up'.

Cable/DSL Routers are one form of broadband delivery. A single cable connects many locations, and individual network connections share the cable. The hardware involved (particularly the "cable modem", although they are not really "modems", i.e. modulator-demodulators) hides the shared nature of the cable network. From the user's point of view, a cable modem is just a fast network connection that is usually permanently "connected". The process of "dialling" a cable modem usually means requesting a network address from the "head-end" server. Some cable networks require a "log-on" process, because they bill users for data transmitted. This protects users from having their accounts exploited by someone without permission.

ePipe Links which deal specifically with broadband technologies include, IP over Ethernet Links , PPP over Ethernet Links, and Dialup Links which can be used to control B-ISDN Terminal Adapters (See Key Networking Concepts for further information).

Back to Top


Getting Started with Shared Internet Access (SIA) using I2B

I2B Transparent Link Sharing

ePipe's Intelligent Internet Bonding (I2B) provides faster Internet access using inexpensive dial-up connections. By enabling the I2B service on each link in an ePipe bundle, outgoing WWW connections are routed down whichever link is least busy. I2B can also be used to provide faster access for other stream protocols, such as e-mail (SMTP), Usenet news, or POP downloads.

By default, I2B only acts on HTTP connections (TCP port 80). You can configure I2B to act on other protocols using the ePipe Management Assistant GUI or via the Command Line Interface (CLI).

I2B will be enabled by default for each link you create. By default I2B acts on the HTTP protocol (connections to TCP port 80). You can learn how to configure I2B to act on additional protocols below.

ePipe Management Assistant GUI Configuration (Recommended)

To use the ePipe I2B configuration wizard, go to the Setup section and choose the SIA setup wizard. Then select "Enable I2B for protocols".

To add support for most common protocols to the I2B service, check the "Add Protocol to I2B" radio button, select the protocol from the pull-down menu, and click the "Add Port" button.

To add support for a protocol that is not listed in the menu, select the "Add custom TCP port" radio button, enter the port number, and click the "Add Port" button.

When finished adding ports, click the "Configure>" button.

Currently configured ports are shown beneath "I2B Enabled Protocol/Port List". You can delete a configured port by clicking the red X at the right of each entry (you must click "Configure>" for any changes to take effect).

Once the "Configure>" button is clicked, any changes will take effect for all new outgoing connections.

Command Line Configuration (For advanced users)

To modify I2B behaviour using the command line interface, enter:

 

CHANGE INTERNET I2B PORTS <portlist> ENABLED

For example:

CHANGE INTERNET I2B PORTS 25,110 ENABLED

To view which ports are currently intercepted:

SHOW INTERNET I2B

To delete entries from the list of intercepted ports:

CHANGE INTERNET I2B PORTS <portlist> DISABLED

To reset to the default (port 80 only) configuration:

CHANGE INTERNET I2B PORTS DEFAULT

Back to Top


Configuring the ePipe Firewall

The ePipe protects your private network from external attack via the use of the ePipe firewall. The ePipe firewall consists of two components:

Packet Filtering Firewall

The ePipe has a built-in packet filtering firewall that protects your network from attack or being accessed from the Internet and simultaneously allows you to control what types of services your LAN users can access on the Internet.  A packet filtering firewall does this by rejecting any traffic that does not meet the policy set by the user.  This means that specific types of traffic (or network protocols and/or ports) will be allowed or disallowed through the ePipe, in either direction.  Some examples of traffic types or protocols that you may want to filter on include:

The ePipe Management Assistant (web-based graphical user interface) offers you the option of creating a Traffic Filter during the SIA (Shared Internet Access) setup wizard.  A Traffic Filter is a collection of filter rules.  Each rule will accept, reject or discard different traffic types or protocols that are being received or sent by an interface (port or modem or Ethernet).  In the ePipe Management Assistant these options have been combined into the following actions (for each traffic type):

Action Description
Rejected Traffic is NOT allowed through the ePipe interface and any appropriate control messages are sent.
Discarded Traffic is NOT allowed through the ePipe interface and NO control messages are sent.  Traffic is rejected silently.
Allowed into internal network Traffic is allowed to pass through the ePipe interface but only for connections originating from the external network of this traffic type.
Allowed out of internal network Traffic is allowed to pass through the ePipe interface but only for connections originating from the internal network of this traffic type.
Allowed into/out of internal network Traffic is allowed to pass through the ePipe interface in either direction for connections of this traffic type.

For example, if you wish to allow LAN users to browse the Web then you would allow the HTTP and DNS protocols to be "Allowed out of internal network".

NOTE:  All other traffic is discarded.  You do not need to explicitly reject or discard other traffic types to prevent them going through the ePipe.

Filter Design

In general terms, when designing an effective filter you need to do the following:

  1. Decide which protocols or traffic types you need to allow through the ePipe.
  2. Decide in which direction these traffic types will be allowed through, either out of the internal network or into the internal network.
  3. Select an appropriate timeout for each rule which specifies the idle timeout for bringing down inactive links (bandwidth-on-demand).

Idle Timeouts

In the Add Rule and Advanced Rule screens in the Traffic Filter Details screen, you have the option for specifying a value for how long this traffic type will maintain a link (or dialler).  This value specifies how long a filter will keep a link connected after not seeing this type of traffic.  For example, if you set the value to 300 seconds (5 minutes) for HTTP then a link that does not receive or transmit any HTTP traffic for 5 minutes will be disconnected, unless another filter rule is maintaining the link or bandwidth-on-demand is maintaining the link for other reasons.

Also, if a filter rule has a non-zero value for the idle timeout, then that filter rule can initiate a new link in a bundle if the bundle's upper threshold has been met.  See Bundles, Dialers, and Scalable Bandwidth for more information.

A value of zero (0) will prevent a new link from being initiated for this type of traffic but will still allow this traffic through on any existing links in the bundle.

Time based Filters

Time based filters are filtering rules that can be configured to apply at certain times of the day and/or on particular days of the week. The filters can be used to increase security if some facilities are only needed at particular times or to block certain types of traffic during or outside of office hours.

User Interface

This section describes how to set up time based filter rules. The lower section of the 'Traffic Filtering Rules' screen (figure 1.1) is used to configure time based rules. Once the other parameters for a rule have been set up (as described above), you can select the times/days for which the rule will be effective.

Days of the Week

To create rules which change on days of the week select the check box at 1 in figure 1.1, and select the start and end day of the time you want the rule to work.

Time of Day

Time of Day conditions work much the same way as the day of week conditions. These are enabled by selecting the checkbox at 2 in figure 1.1 and selecting the start and end times for the rule.

Advanced

The time based filter rules can be appended to an existing filter rule as follows. A standard rule to allow all http traffic looks like:

tcp tx tcp_dport=http accept 0
tcp rx tcp_sport=http accept 0

If the rule was to be changed so that it only applied in between the hours of 9:00am and 5:00pm it would become:

tcp tx tcp_dport=http time>=9:00 time<=17:00 accept 0
tcp rx tcp_sport=http time>=9:00 time<=17:00 accept 0

NOTE: All time is represented in 24 hour notation.

Similarly if the above rule was only applicable between Monday and Friday during the week the following would be added to each rule:

day>=monday time<=friday

NOTE: sunday = 0, monday = 1, tuesday = 2, wednesday = 3, thursday = 4, friday = 5, saturday = 6.

The rule is used if all conditions in the rule are met by an arriving packet.

If a time period runs over a boundary (i.e. overnight, or past the end of a week to the next), more than one rule must be specified. If for example a rule was needed to accept HTTP traffic between Friday and Tuesday each week, (Friday, Saturday, Sunday, Monday, Tuesday) the above rule would look like:

tcp tx tcp_dport=http day>=friday accept 0
tcp tx tcp_dport=http day<=tuesday accept 0
tcp rx tcp_sport=http day>=friday accept 0
tcp rx tcp_sport=http day<=tuesday accept 0

This would be similar for a rule that ran between one day and the next (overnight).

Creating a New Traffic Filter

You can create a new traffic filter in either of two ways:

  1. Creating a filter in the SIA setup wizard
    After creating dialers you will be given the opportunity of creating a traffic links filter for the bundle you are creating.  Other options include using an existing filter or using no filter.
  2. Creating a filter through Advanced
    In Advanced options you can create stand-alone filters and set a bundle to use a chosen filter.

Creating a filter in the SIA setup wizard

The SIA (Shared Internet Access) setup wizard leads you through the complete process of connecting an ePipe to the Internet, including the creation of new or use of existing filters.  After the creation and selection of your Links (sometimes called Dialers), you will be presented with the following options (on the screen titled "Specify the Traffic Filter for the Bundle"):

  • Create new Traffic Filter
    Takes you to the Filter creation wizard.
  • Use an existing Traffic Filter
    Allows you to select from any existing filters.
  • Don't use a Traffic Filter
    No filter will be used, allowing any and all traffic to go through the ePipe.

WARNING:

Operating without a Traffic Filter is NOT recommended as the ePipe will allow all traffic to pass through, potentially allowing unwanted access or intrusion onto your LAN and the computers connected to that LAN.  If NAT is enabled (by default NAT is enabled) then your LAN has a basic level of protection, however the ePipe itself is still exposed to the Internet on several ports (including HTTP, DNS, RIP and Telnet).  

For more information on setting up the filter see the on-line help on each screen while using the setup wizard.

Creating a filter through ePipe Management Assistant Advanced Option

You can create a new filter at any time by following these steps:

  1. Browse to the ePipe using a web browser and select the Advanced option.
  2. Start the Filter Manager by selecting Filter.
  3. Create a new filter by selecting the New Traffic Filter button.
  4. Name the filter using a name that suits the filter's purpose, e.g. "Internet Filter 1".  Select Next when ready to continue.
  5. Add rules to the filter using the Add Rule and Advanced Rule buttons.  When finished select the Configure button to save the filter. Your changes are not saved until you click Configure.

For more information on setting up the filter see the on-line help on each screen while using the setup wizard.

Changing the Traffic Filter on a Bundle

You can change the filter on a bundle at any time to another filter or to no filter by following these steps:

  1. Browse to the ePipe using a web browser and select the Advanced option.
  2. Start the Connection Bundle Manager by selecting Bundle.
  3. Select the bundle you wish to change by selecting the name of the bundle in the left-hand column.
  4. Change the filter on this bundle by selecting a filter in the Filter drop-down list.  
  5. Select the Configure button when you wish to save the change to the bundle.

WARNING:

Operating without a Traffic Filter is NOT recommended as the ePipe will allow all traffic to pass through, potentially allowing unwanted access or intrusion onto your LAN and the computers connected to that LAN.  If NAT is enabled (by default NAT is enabled) then your LAN has a basic level of protection, however the ePipe itself is still exposed to the Internet on several ports (including HTTP, DNS, RIP and Telnet).  

There is more information on setting up filters in the application note "Configuring the ePipe Firewall: Basic Filters".

Back to Top


Network Address Translation (NAT)

Most Internet Service Providers (ISPs) only allocate one IP address to each customer (which is all that is needed for a single client PC). However if you are connecting a Local Area Network (LAN) to the Internet, each computer normally needs its own address.

Network Address Translation (NAT) is one widely accepted way of avoiding this problem---when a network request is relayed from a computer on your LAN, the ePipe modifies the return address to be that of the ePipe. When a response is received, the ePipe forwards it to the originating computer. There are special ranges of "private" IP addresses reserved for computers that are not directly connected to the Internet (eg. via a NAT device such as ePipe)---there is no registration or payment required to use these addresses.

NAT gives you two benefits:

NAT Rules

For most networks, you will not need to know how to write NAT rules; simply select "NAT enabled" when creating your dialout links (see "NAT for outgoing connections" below). You can probably skip this section if you haven't tried the default NAT configuration yet.

Network Address Translation is controlled by a table of "NAT Rules" that are maintained by the ePipe's operating system.

The contents of the active NAT rule table can be shown using the ePipe Command Line Interface (CLI):

SHOW INTERNET NAT STATUS

For more detailed information on syntax of NAT refer to "Syntax of Net Address Translation (NAT)" in the Advanced Section.


NAT for Outgoing Connections (Mapping)

The simplest way to use NAT is also the default.

When you create a modem dialer using the ePipe Management Assistant, the NAT flag is turned on by default. The Command Line equivalent is "CHANGE DIALER dialername NAT ENABLED").

When the dialer is activated and connects to the Internet, two NAT rules are installed which will re-map most outgoing connections. (The outgoing traffic is still subject to filter rules, if any). The first rule maps general TCP connections (eg. web and mail access). The second is a special case needed for correct mapping of outgoing FTP connections. This default configuration will very probably suit your needs.

If you want more complicated mappings (perhaps for UDP protocols), you should create a table of NAT rules (CHANGE INTERNET NAT ruleset ENTRY number RULE "natrule"), and configure the bundle to use the new rule table (CHANGE INTERNET DOD bundlename NAT ruleset). See also the Command Line Interface (CLI) Help for the IPNAT advanced interface (HELP IPNAT).

NAT for Incoming Connections (NAT Redirect)

Traditional Internet firewall installations generally use one of the following arrangements:

ePipe allows a third, less complicated arrangement. The ePipe acts as a filter/firewall. From the outside world, it *appears* to act as WWW and mail server, but actually redirects incoming connections to servers on your secure internal network.

This arrangement has several advantages:

You can configure redirected access to your servers using the ePipe Management Assistant. Go to the "Advanced" section of the ePipe WWW configuration system and select NAT.

If you have an existing NAT ruleset defined, select the ruleset, otherwise follow the prompts to create a new set.

To provide worldwide access to an internal server, click the "add rule" button, select the protocol type, and enter the IP address of the internal server.

The ePipe Management Assistant does not provide a way to manage mapping (outgoing) rules. Refer to "Mapping Rules" in the Advanced section for information on how to add mapping rules to a rule-set using the CLI.

There is more information on setting up NAT in the application note "Implementing Network Address Translation and Port Redirection in ePipe".  

Back to Top


Integrating ePipe into Existing Networks

If you have an existing network and/or Internet connection, there are several ways in which you can use the ePipe with your existing network infrastructure.  In general terms, this section is designed to help you make the right decisions when using the ePipe with an existing infrastructure.

Connecting a LAN to the Internet

There are many ways in which a network of computers can be connected to the Internet.  The method you choose usually depends on factors such as bandwidth needs, security requirements, the ISP you select, your geographical location, etc.  However there are some common methods for connecting to the Internet and these include:

  • Direct connection using a single Internet access device or router.  This device can, of course, be an ePipe, some other router or a host acting as a router or proxy server.
  • Using a DMZ (De-Militarised Zone).  This can be done in two different ways:
    • Placing the DMZ between the LAN and the Internet
    • Connecting the DMZ and LAN to the Internet access device or router.

There are other ways of connecting LANs to the Internet but most involve variations on these methods.

ePipe Behind a Router

If a network has an existing Internet Router then an ePipe can be placed on the internal LAN or in the DMZ to provide:

  • SRA (Secure Remote Access) using PPTP (with RADIUS support where required).  For more information see Secure Remote Access.
  • SSV (Site-to-Site Virtual Private Networks) using IPSec and E2B.  For more information see Site-to-Site VPNs.
  • DCS (Direct Connection Services) for direct dial-in remote access (PPP), RADIUS authentication and terminal server features.  For more information see Direct Connection Services.

If your Internet access device uses NAT (Network Address Translation) then you will need to configure NAT in the router to allow the appropriate connections through or redirect these connections to the ePipe for the termination of VPN tunnels.  See the above sections for more information.

Configuring ePipe for DNS 

If your network has an existing DNS server for local network name resolution, you can configure the ePipe to resolve names against this name server.  To do this follow these steps:

  1. Browse to the ePipe and select the Setup option.
  2. Select any of the available setup wizards.
  3. Select the link Domain Name Servers for the ePipe.
  4. Add the name and IP address of each DNS server you have on your network.
  5. Select Configure when you wish to save the changes.

You will also need to configure the ePipe with your domain name.  Your domain name is allocated to you by a domain name registration authority in your region.  This can usually be organized by your ISP.  Your domain name will look something like "yourcompany.com" or "my_business.net" and may also have a country identifier on the end.  To configure the ePipe with your domain name follow these steps:

  1. Browse to the ePipe and select the Setup option.
  2. Select any of the available setup wizards.
  3. Select the link General ePipe Settings.
  4. Type your domain name in the Domain Name field.
  5. Select Configure when you wish to save the changes.

Routing Issues

Your existing network may already be using routers to connect different sites together using various local and wide area networking technologies.  If you have more than one (1) IP network (that is you have a network subnetted into multiple IP subnets) then you will have existing routers and may be using routing protocols so that these routers have a complete view of the network.  Some common routing protocols include RIP, OSPF and BGP.  If you are not using any routing protocols then you are most likely using static routes in each router so that the routers know where to send packets going to other subnets.  UNIX and Windows NT/2000 hosts can also participate in the routing process as these operating systems support RIP and well as other routing protocols.

The ePipe can inter-operate in a network using the RIP protocol (RIP version 1 and 2).  ePipe listens for both version 1 and 2 RIP route updates on the LAN and will broadcast RIP version 1 updates by default.  This behaviour can be modified in the following ways:

  • The broadcast of routing information using the RIP protocol can be enabled or disabled.
  • The reception of routing information using the RIP protocol can be enabled or disabled.
  • The type of RIP information broadcast by the ePipe can be set to RIP version 1, RIP version 2 broadcast or RIP version 2 multicast.

The ePipe can also be configured with static routes to other networks by adding specific routes to the ePipe routing table.  You can look at the contents of the ePipe routing table by running the following command using the CLI (Command Line Interface):

SHOW INTERNET GATEWAY

If you wish to add a static route then you can use the following command to add it using the CLI:

CHANGE INTERNET GATEWAY gateway NETWORK net_address

Where gateway is the IP address of the router to which packets destined for the network, specified by net_address, should be sent.

If you wish to add a default route then use the command:

CHANGE INTERNET GATEWAY gateway NETWORK ANY

Back to Top


Configuring Client Computers

This section discusses how the client computers on your internal network should be configured to take best advantage of ePipe.

Client Routing Configuration

If you are using I2B or NAT (or both) to provide Internet access for your internal PCs, the only configuration needed for client PCs is to ensure that their "default gateway" setting contains the address of the ePipe.

Do not configure client computers to use the ePipe as a WWW proxy server. If you have an internal caching proxy (see below) use that host as your proxy server. If you have no caching proxy, configure your client computers for "Direct Connection to the Internet"---as long as the clients are configured to use the ePipe as the default gateway, outgoing connections will be transparently proxied by either the I2B or NAT services on the ePipe.

Client DNS Configuration

If you have a local Domain Name System (DNS) server, configure your clients to use this as your name server.

Your network DNS server, can either use the root name servers, or use the ePipe as it's "parent" server; the ePipe will then relay name lookups to the ISP's name servers.

If you have no local DNS server, configure your clients to use the ePipe as their DNS server. ePipe has a "DNS Proxy" service, which will relay name-server lookups to the ISP's name-server (which will have been discovered as part of the login process when ePipe connected to the Internet).

Caching Proxy Servers

If you have a caching proxy server on your internal network, you can still use this in combination with I2B. Using a caching proxy server in combination with I2B's transparent link sharing will provide the fastest possible WWW access for your users.

WWW access will then be via the proxy server, which will fetch pages on behalf of the client. The proxy server's requests will be intercepted by the ePipe, and redirected out the best available Internet link.

Using the ePipe DHCP Server

Both default gateways and DNS servers can be set by the ePipe's DHCP server, so any PCs getting DHCP addresses from the ePipe will be set up automatically.  For details on how to do this, see the documentation on ePipe's DHCP server here

Choosing IP Addresses from the Private Range

Several ranges of IP addresses have been set aside for "free-for-all" use in networks that do not need globally unique Internet addresses (either the network is not to be connected to the Internet at all, or its addresses will be translated into valid ones using NAT).

The Internet standard document RFC1918 describes the reserved addresses in detail. The ranges it lists as reserved are:-

10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

The most appropriate range for a small network is the 192.168.xx.xx range.

For example, choose your network address as "192.168.1", and number the hosts.

ePipe = 192.168.1.1
PCs 192.168.1.2 and onward

If you anticipate connecting two networks, use different network addresses (eg. 192.168.1.x for one site, and 192.168.2.x for another). Two networks that have same network address will not be able to be easily connected to each other (even via a VPN tunnel), so try to use a different address for each network if you have more than one.

Back to Top

about ePipe | products | solutions | support | information center | contact us

Copyright © 2002 ePipe Pty. Ltd. All rights reserved.