Basic working configuration

General mbox is deployed as a gateway appliance with minimum router & firewall functions. So a working mbox must have the following parts configured:

    • Interface IP addresses for both WAN and LAN interfaces (details).
    • Default IP gateway route and name-server (optional if WAN is DHCP) (details)
    • DHCP address assignment for LAN users (details)
    • Basic firewall access rules and address translation rules (details)

CONFIGURATION STEPS

    • enable & configure WAN (eth0) interface IP
    • enable & configure LAN (eth1) interface (assume there’s another LAN switch to connect internal PC)
    • configure default gateway and name-server
    • configure DHCP server to assign IP addresses to internal users
    • configure firewall rules to permit outbound Internet access and Port Address Translation to hide internal private IP addresses

SAMPLE CONFIGURATIONS

-----------------

!hostname HSG1!interface eth0 description "Connection to WAN" enable ip address dhcp!interface eth1 description "Connection to LAN" enable ip address 172.16.0.0/16dhcp-server dns 8.8.8.8 8.8.4.4 range 172.16.0.10 172.16.255.254!interface eth2 description OOB-Mgmt enable ip address 10.10.10.1/24 dhcp-server dns 8.8.8.8 8.8.4.4 range 10.10.10.10 10.10.10.20!interface loopback enable ip address 2.1.2.1/32!ip dhcp-server start!ip name-server 8.8.8.8 8.8.4.4ip host macc.ransnet.com 2.1.2.1 rewriteip host mail 127.0.0.1ip host mysqldb 127.0.0.1ip host splash.ransnet.com 2.1.2.1 rewrite!ip ntp-server 203.211.159.1 62.201.225.9!firewall-input 20 permit all tcp dport 80 src 10.0.0.0/8 admin remark "web mgmt"firewall-input 21 permit all tcp dport 22 src 10.0.0.0/8 remark "SSH from OOB"!firewall-access 10 permit outbound eth0!firewall-snat 10 overload outbound eth0!-------------