Installing NetMAX for use as a Firewall/Router with a dialup connection.

Installation Guidelines

The NIC is going to be connected to your internal network and will be be the default gateway that your network clients will use to reach the external network (your ISP's network and beyond). We refer to this NIC as your "internal NIC", since it's on your internal network. The second interface is going to be an external modem connected to an available serial port on your NetMAX machine. We call this second interface your "external interface", since it's logically sitting on an external network. With this configuration, your NetMAX firewall and router will be between your internal network and the external network (where Internet traffic comes into your network).

Most users who implement the NetMAX do not already have an internal network, or a firewall. So these instructions will help you set up your internal network, and configure your NetMAX to be used as a router between your internal network and your ISP (and the Internet) with the ability to implement firewall rules to protect your internal network from your ISP's network (and the Internet).

Once you have this configuration properly set up, it will allow the client machines on your internal network to reach the Internet through the NetMAX router, so that they are all sharing the Internet connection provided by your ISP's dialup Internet access.

The NetMAX installation procedure in the User Manual and in the Quick Install Guide is only going to configure the first NIC in your machine, and not your modem. You will configure your modem AFTER the installation procedure. You should start with a configuration similar to one of these two diagrams.

If your ISP gave you ANY software (ie. Juno software) that needs to run on your machine in order to connect to their service, more than likely it is not going to be able to run on your NetMAX, and so you will not be able to use the NetMAX to connect to their service.

We recommend using a PCI NIC, as ISA NICs are not supported.

We recommend always using the Remote Install Method described in the Quick Install Guide and not configuring X Windows, unless you absolutely must use the NetMAX as a workstation.

It is very important to click on the question mark (?) when using the NetMAX if you are unsure of what a function or setting does.

1. If you are not sure how to address your network, please use one of the below options for your internal network, which are IP address ranges specifically reserved for internal use. These IP address ranges are often referred to as non-routeable IP addresses, because there is no route to connect to them from the Internet, since they are private and can not reside on the Internet.

   OPTION 1:
   NetMAX IP Address (and netmask): 192.168.0.1/255.255.255.0
   Network Client IP addresses: 192.168.0.2 - 192.168.0.254 (/24 network with 253 assignable IPs)
   

   OPTION 2:
   NetMAX IP Address (and netmask): 10.0.0.1/255.0.0.0
   Network Client IP addresses: 10.0.0.1 - 10.255.255.254 (/8 network with 16581374 assignable IPs)
   

   You will need to specify a domain name for your internal network. If you don't plan on using your NetMAX as a DNS server for a valid domain name that is registered with Internic (or don't even know what that means), then you should specify a "fake" domain name that you will use internally only. We have reserved mynetmax.net for this purpose, and you may enter this as your domain name.

2. After you finish installing your software, you will then want to refer to the "Network Configuration" section of your User Manual, keeping the following in mind:

   When you are prompted for a Primary DNS Server, you are being asked for the nameserver addresses that more than likely your ISP will be providing to you via DHCP. Because this DNS server is going to be given to you via DHCP, you will want to leave this field blank for now, because you can not set it up until you add your external interface later. If you have an internal nameserver, then you can enter it's IP address here

   When you are prompted for a Default Router, you are being asked for the IP address of the gateway/router off of your ISP's network. Because this IP address is also going to reside on your external network (the Internet), and be given to you via DHCP, then you will want to leave this field blank.

   After you set the clock and follow the on-screen message to commit the changes, ensure that you go to Home|Users|Users, click on the pencil next to your admin user and make sure that "Unix Shell Login Enabled" is checked and that the user has a home path. If you do not perform this step when using the Console Install Method, you will not be able to login to the console after you log out.

3. Now that the NetMAX Fire Wall is configured, you will want to plug the serial cable from your external modem into an available serial port on your NetMAX machine, and turn the modem on. You should go to Home|Network|Interfaces and ensure that you plug the modem into one of the serial ports that is listed, which should be one of:

   tty	com port	mem address	IRQ	Supported
   ttyS0	1	03f8	4	YES
   ttyS1	2	02f8	3	YES
   ttyS2	3	03e8	4	YES
   ttyS3	4	02e8	3	YES
   ttyS4	5	03e8	2	NO
   ttyS5	6	02e8	2	NO
   ttyS6	7	03e8	5	NO
   ttyS7	8	02e8	5	NO

   NetMAX does not support internal modems. However, there is one internal modem that is known to work with NetMAX. Please see the article in our knowledge base about the Actiontec PCI56012 Call Waiting Modem.

4. You can now configure the interface by going to Home|Network|Interfaces, and clicking on the pencil next to the serial port that the modem is installed on. If you do not see your serial port listed, please ensure that your serial port is enabled in your computer's BIOS.

5. You first need to configure your modem. You can do this by clicking on the SELECT button for "Current Configuration", placing a checkmark next to the modem type that you are using, and clicking on the SELECT button to return to the configuration page.

   If your modem is not listed, you also have the option of creating a custom modem type by clicking on the CREATE button while on the Modem Setup page.

6. You now need to enable the interface by ensuring that the "Use Dial-out Connection" check box is checked, and then clicking on the CONFIGURE button next to this check box.

7. Enter the phone number of your ISP's dialup modem pool. If you have configured your internal network on non-routeable IP addresses, you will need to "Enable IP Network Address Translation (NAT)" for this interface so that your internal clients will be able to communicate over the Internet.

8. Select your authentication method (PAP is most widely used), enter your username and password for connecting to your ISP, and click on the RETURN button to return to the configuration page.

9. Click on STORE, then COMMIT, and commit your changes.

10. You now need to ensure that your Default Gateway is set properly, so go to Home|Network|Routing and ensure that the "Use an Interface for Default Router" is checked, and that the appropriate serial port is selected in the select box.

11. From Home|Network|DNS, check the box that says "Use the InterNIC".

    Add the IP addresses of any nameservers that your ISP provided to you under "Alternate Domain Name Servers", click on STORE, then COMMIT, and commit the changes.

    Your NetMAX should now be configured. Whenever the NetMAX has a packet destined for an IP address off of the network, it should initiate a dialup connection to your ISP in order to send the packet out through the dialup interface.

12. Configuring your client machines :

    Setting up your client machines correctly is important in order for them to correctly reach outside of your network.

    If you setup the internal NIC of your NetMAX Fire Wall at 192.168.0.1/255.255.255.0, you will need to make sure that your client machines are setup to be in the same network. So, a client machine should have an ethernet NIC with the IP/netmask of 192.168.0.2/255.255.255.0, and another client machine could be setup as 192.168.0.3/255.255.255.0. You will also need to ensure that each client is "physically" connected into the same network (plugged into the same hub or switch as the internal NIC).

    It is also important that your client machines point to the correct router (or gateway) and DNS. Both of these (default router/gateway and DNS) need to be set to the IP address of the internal NIC on your NetMAX Fire Wall.

    When configuring the web browser on your client, set it up to access the Internet directly, and not through a proxy server. By default, the NetMAX is NOT a proxy server; it is a router.

Note: In this setup, the external interface (modem) that is the connection to your provider is the interface that has NAT enabled and any firewall rules set up on it. On the internal NIC, you do not enable NAT and you do not setup firewall rules. Also, make sure that your clients can get out to the Internet before setting up your firewall rules. This will make it easier to determine if it is a firewall rule that is interfering with their ability to access the Internet.

<Back>