Interfaces: Difference between revisions
Bcarmichael (talk | contribs) |
|||
(7 intermediate revisions by 3 users not shown) | |||
Line 12: | Line 12: | ||
{{TriScreenshot|config|network|interfaces}} | {{TriScreenshot|config|network|interfaces}} | ||
The are several columns along the top of the grid that show the current interface status and configuration. Some are hidden by default | The are several columns along the top of the grid that show the current interface status and configuration. Some are hidden by default. | ||
'''Columns''' | '''Columns''' | ||
Line 34: | Line 34: | ||
| Device | | Device | ||
| This shows the current network device (physical NIC card or wireless card) mapped to this interface. | | This shows the current network device (physical NIC card or wireless card) mapped to this interface. | ||
|- | |- | ||
Line 60: | Line 48: | ||
|- | |- | ||
| | | Edit | ||
| This column shows an | | This column shows an edit button to edit the configuration of this interface. | ||
|- | |- | ||
| | | Delete | ||
| This column shows an | | This column shows an delete button on VLAN Tagged Interfaces to delete the interface. Physical interfaces cannot be deleted, unless their their physical devices have been removed from the system. | ||
|} | |} | ||
There are also several options | There are also several additional options on this page: | ||
* Remap Interfaces | * Remap Interfaces | ||
** This utility can be used to change the mapping between physical devices and the corresponding interface configurations. This is useful if you want to use certain physical devices for certain | ** This utility can be used to change the mapping between physical devices and the corresponding interface configurations. This is useful if you want to use certain physical devices for certain purposes. | ||
* Refresh Device Status | * Refresh Device Status | ||
** This refreshes the "Connected" column in the interfaces grid. To verify your interface mapping plug/unplug one network card at a time and hit ''Refresh Device Status'' to verify that the expected interface changes the Connected status. | ** This refreshes the "Connected" column in the interfaces grid. To verify your interface mapping plug/unplug one network card at a time and hit ''Refresh Device Status'' to verify that the expected interface changes the Connected status. | ||
* Add VLAN Tagged Interface | * Add VLAN Tagged Interface | ||
** This allows for additional of 802.1q VLAN tagged interfaces. For more information read [[Network Configuration#VLANs]]. | ** This allows for additional of 802.1q VLAN tagged interfaces. For more information read [[Network Configuration#VLANs]]. | ||
== Interface Configuration == | == Interface Configuration == | ||
Line 153: | Line 136: | ||
| Password | | Password | ||
| When encryption is enabled, a password will be required to access the network. | | When encryption is enabled, a password will be required to access the network. | ||
|- | |||
| Regulatory Country | |||
| Choose the country in which this NG Firewall is based. This is required to comply with regulations around Wi-Fi bands & frequencies. | |||
|- | |- | ||
Line 288: | Line 275: | ||
'''DHCP Configuration''' - This configures the DHCP serving options on this | '''DHCP Configuration''' (server) - This configures the DHCP serving options on this interface. DHCP Serving is only available on ''Addressed'' non-WAN interfaces. | ||
{| border="1" cellpadding="2" | {| border="1" cellpadding="2" | ||
Line 295: | Line 282: | ||
|- | |- | ||
| style="width: 20%;" | | | style="width: 20%;" | Server | ||
| If | | If selected, DHCP will be served to this interface so that machines can automatically acquire addresses. | ||
|- | |- | ||
| Range Start | | Range Start | ||
| The start of the DHCP range | | The start of the DHCP range. | ||
|- | |- | ||
| Range end | | Range end | ||
| The end of the DHCP range | | The end of the DHCP range. | ||
|- | |- | ||
Line 313: | Line 299: | ||
|- | |- | ||
| Gateway Override | | Gateway Override | ||
| If set, this value will be provided as the gateway in the DHCP leases. | | If set, this value will be provided as the gateway in the DHCP leases. Otherwise the static IPv4 address of this interface will be provided as the gateway. | ||
|- | |- | ||
| Netmask Override | | Netmask Override | ||
| If set, this value will be provided as the netmask in the DHCP leases. | | If set, this value will be provided as the netmask in the DHCP leases. Otherwise the static IPv4 netmask of this interface will be provided as the netmask. | ||
|- | |- | ||
| DNS Override | | DNS Override | ||
| If set, this value will be provided as the DNS in the DHCP leases. | | If set, this value will be provided as the DNS in the DHCP leases. Otherwise the static IPv4 address of this interface will be provided as the DNS. A single IPv4 address or a comma-separated list of IPv4 addresses is accepted. | ||
|- | |- | ||
| DHCP Options | | DHCP Options | ||
| This is a list of DHCP options for dnsmasq. '''WARNING:''' this option is for advanced users. The specified [http://www.networksorcery.com/enp/protocol/bootp/options.htm DHCP options] will be used on this interface. For example, to specify an NTP server use enabled = true, description = "time server", and value = "42,192.168.1.2". For multiple DNS override servers specify enabled = true, description = "DNS", and value = "6,192.168.1.1,192.168.1.2". The value must be specified in a valid dnsmasq format as described in the [http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html dnsmasq documentation] | | This is a list of DHCP options for dnsmasq. '''WARNING:''' this option is for advanced users. The specified [http://www.networksorcery.com/enp/protocol/bootp/options.htm DHCP options] will be used on this interface. For example, to specify an NTP server use enabled = true, description = "time server", and value = "42,192.168.1.2". For multiple DNS override servers specify enabled = true, description = "DNS", and value = "6,192.168.1.1,192.168.1.2". The value must be specified in a valid dnsmasq format as described in the [http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html dnsmasq documentation] | ||
|} | |||
'''DHCP Configuration''' (relay) - This configures DHCP relay on this interface. | |||
{| border="1" cellpadding="2" | |||
|+ | |||
! Option !! Description | |||
|- | |||
| style="width: 20%;" | Relay | |||
| If selected, DHCP requests received on this interface will be forwarded to a specified DHCP server. | |||
|- | |||
| Relay Host Address | |||
| The IP address of the relay host server. | |||
|} | |} |
Latest revision as of 21:24, 20 April 2023
Interfaces
The Interfaces page configures the network interfaces or the server.
Interfaces Grid
The Interfaces tab shows the current interfaces and the current status and some configuration information.
The are several columns along the top of the grid that show the current interface status and configuration. Some are hidden by default.
Columns
Column | Description |
---|---|
Id | The Id is a unique integer primary key of the interface. All configuration of interfaces will refer to Id. |
Name | This is a name/description of the interface. It is recommended to choose names representative of their purpose. |
Connected | This shows the current "connected" state of the device currently mapped to this interface. This may not display correctly for all network interface cards. |
Device | This shows the current network device (physical NIC card or wireless card) mapped to this interface. |
Config | This shows the current type of configuration for this interface. ADDRESSED, BRIDGED, or DISABLED. |
Current Address | This shows the current address if there is one of the interface. |
is WAN | This shows true if the interface is configured as a WAN, false otherwise. |
Edit | This column shows an edit button to edit the configuration of this interface. |
Delete | This column shows an delete button on VLAN Tagged Interfaces to delete the interface. Physical interfaces cannot be deleted, unless their their physical devices have been removed from the system. |
There are also several additional options on this page:
- Remap Interfaces
- This utility can be used to change the mapping between physical devices and the corresponding interface configurations. This is useful if you want to use certain physical devices for certain purposes.
- Refresh Device Status
- This refreshes the "Connected" column in the interfaces grid. To verify your interface mapping plug/unplug one network card at a time and hit Refresh Device Status to verify that the expected interface changes the Connected status.
- Add VLAN Tagged Interface
- This allows for additional of 802.1q VLAN tagged interfaces. For more information read Network Configuration#VLANs.
Interface Configuration
Clicking the edit button on an interface will open the interface configuration settings for that interface.
An interface can be configured in many ways. Some settings and configuration options are only relevant and/or available in certain configurations. As such, based on an interface's configuration certain options may appear and disappear. For example, when checking 'is WAN' the options available to WAN interfaces will appear. After unchecking 'is WAN' the WAN options will disappear and the options for non-WAN interfaces will appear. Because of this it is suggested to configure your interface from the top of the page downward.
The table below shows the various configuration options and their meanings.
Interface Options
Option | Description |
---|---|
Interface Name | This is a name/description of the interface. It is recommended to choose names representative of their purpose. |
is VLAN (802.1q) Interface | This is true if this a tagged VLAN interface. Otherwise this is not shown |
Parent Interface | This is the parent interface for this tagged VLAN interface. This is only shown for VLAN interfaces. |
802.1q Tag | This is the VLAN tag for this interface. This is only shown for VLAN interfaces. |
Is Wireless Interface | This is available if the interface is detected as a wireless (wlan) interface. Otherwise this is not shown. |
Config Type | This is the basic configuration type of this interfaces. Addressed means this interface has its own address and configuration. Bridged means this interface is bridged to another interface. Disabled means this interface is entirely disabled. |
is WAN Interface | This should be checked if this is a WAN (Wide Area Network) interface. This means it is connected to your ISP or an internet connection. This should be unchecked if this interface is connected to a private/local network. |
Wireless Configuration - This section configures the wireless settings for wireless interfaces. This is only shown for wireless interfaces.
Option | Description |
---|---|
SSID | The broadcasted Service Set Identifier (SSID) for the wireless network. |
Mode | AP (Access Point) or Client. |
Visibility | Select whether to advertise or hide the SSID. |
Encryption | Encryption method used for the wireless signal. WPA2 is recommended. |
Password | When encryption is enabled, a password will be required to access the network. |
Regulatory Country | Choose the country in which this NG Firewall is based. This is required to comply with regulations around Wi-Fi bands & frequencies. |
Channel | Choose from the available channels available and 2.4GHz or 5GHz frequencies. The options available here are dependent on your wireless card. WARNING: Many chips/drivers do not correctly implement "Automatic" (ACS or Automatic Channel Survey) so it may not work depending on your card. NOTICE: Automatic channel selection has been removed from modern builds due to lack of support and usability issues. |
IPv4 Options - This section configures the IPv4 (Internet Protocol v4) settings of this interface.
Option | Description |
---|---|
Config Type | This is the IPv4 configuration type. Static means this interface has a static IPv4 address. Auto (DHCP) means this interface will use DHCP to automatically acquire an address. PPPoE means this interface will use PPPoE to acquire an address. This option is only available for WAN interfaces because non-WANs can only be statically configured. |
Address | This is the IPv4 static address. It is only shown if Config Type is Static |
Netmask | This is the IPv4 static netmask. It is only shown if Config Type is Static |
Gateway | This is the IPv4 static gateway. It is only shown if Config Type is Static |
Primary DNS | This is the primary DNS used for DNS resolution. It is only shown if Config Type is Static |
Secondary DNS | This is the secondary DNS used for DNS resolution. It is only shown if Config Type is Static |
Address Override | If set, this address will be used instead of the one in the offered DHCP lease. It is only shown if Config Type is Auto (DHCP) |
Netmask Override | If set, this netmask will be used instead of the one in the offered DHCP lease. It is only shown if Config Type is Auto (DHCP) |
Gateway Override | If set, this gateway will be used instead of the one in the offered DHCP lease. It is only shown if Config Type is Auto (DHCP) |
Primary DNS Override | If set, this will be used instead of the one in the offered DHCP lease. It is only shown if Config Type is Auto (DHCP) |
Secondary DNS Override | If set, this will be used instead of the one in the offered DHCP lease. It is only shown if Config Type is Auto (DHCP) |
Username | This is the PPPoE username. It is only shown in Config Type PPPoE |
Password | This is the PPPoE password. It is only shown in Config Type PPPoE |
Use Peer DNS | If checked the server will use the DNS provided by the PPPoE server for DNS resolution. It is only shown in Config Type PPPoE |
Primary DNS | The primary DNS to be used for DNS resolution. It is only shown in Config Type PPPoE and Use Peer DNS is unchecked. |
Secondary DNS | The secondary DNS to be used for DNS resolution. It is only shown in Config Type PPPoE and Use Peer DNS is unchecked. |
IPv4 Aliases | This is a list of alias addresses. This is an additional list of addresses that this interface will have along with their associated netmasks. |
IPv4 Options - NAT traffic exiting this interface (and bridged peers) | This option is only available on WAN Interfaces and defaults to checked. If checked all traffic exiting this interface and interfaces bridged to it will be NATd, and all incoming sessions from this interface will be blocked unless they are forwarded via a port forward or destined to the local server. |
IPv4 Options - NAT traffic coming from this interface (and bridged peers) | This option is only available on non-WAN Interfaces and defaults to unchecked. If checked all traffic coming from this interface and interfaces bridged to it will be NATd, and all incoming sessions to this interface will be blocked unless they are forwarded via a port forward. |
IPv6 Options - This section configures the IPv6 (Internet Protocol v6) settings of this interface.
Option | Description |
---|---|
Config Type | This is the IPv6 configuration type. Disabled means the interface has no IPv6 configuration. Static means this interface has a static IPv6 address. Auto (SLAAC/RA) means this interface will use SLAAC to automatically acquired an address. This option is only available for WAN interfaces because non-WANs can only be statically configured. |
Address | This is the IPv6 static address. Blank is allowed and means no IPv6 address will be given. It is only shown if Config Type is Static |
Prefix | This is the IPv6 static prefix. It is only shown if Config Type is Static |
Gateway | This is the IPv6 static gateway. It is only shown if Config Type is Static |
Primary DNS | This is the primary DNS used for DNS resolution. It is only shown if Config Type is Static |
Secondary DNS | This is the secondary DNS used for DNS resolution. It is only shown if Config Type is Static |
IPv6 Aliases | This is a list of alias addressed. This is an additional list of addresses that this interface will have along with their associated netmasks. This is only available on non-WAN interfaces. |
IPv6 Options - Send Router Advertisements | If checked route advertisements are sent on this interface. This is only available on non-WAN interfaces. |
DHCP Configuration (server) - This configures the DHCP serving options on this interface. DHCP Serving is only available on Addressed non-WAN interfaces.
Option | Description |
---|---|
Server | If selected, DHCP will be served to this interface so that machines can automatically acquire addresses. |
Range Start | The start of the DHCP range. |
Range end | The end of the DHCP range. |
Lease duration | The duration of the provided DHCP leases in seconds. |
Gateway Override | If set, this value will be provided as the gateway in the DHCP leases. Otherwise the static IPv4 address of this interface will be provided as the gateway. |
Netmask Override | If set, this value will be provided as the netmask in the DHCP leases. Otherwise the static IPv4 netmask of this interface will be provided as the netmask. |
DNS Override | If set, this value will be provided as the DNS in the DHCP leases. Otherwise the static IPv4 address of this interface will be provided as the DNS. A single IPv4 address or a comma-separated list of IPv4 addresses is accepted. |
DHCP Options | This is a list of DHCP options for dnsmasq. WARNING: this option is for advanced users. The specified DHCP options will be used on this interface. For example, to specify an NTP server use enabled = true, description = "time server", and value = "42,192.168.1.2". For multiple DNS override servers specify enabled = true, description = "DNS", and value = "6,192.168.1.1,192.168.1.2". The value must be specified in a valid dnsmasq format as described in the dnsmasq documentation |
DHCP Configuration (relay) - This configures DHCP relay on this interface.
Option | Description |
---|---|
Relay | If selected, DHCP requests received on this interface will be forwarded to a specified DHCP server. |
Relay Host Address | The IP address of the relay host server. |
Redundancy (VRRP) Configuration - This configures the VRRP redundancy options for this interface. VRRP is only available on statically assigned interfaces. VRRP documentation is here.
Option | Description |
---|---|
Enable VRRP | If checked, VRRP is enabled on this interface. |
VRRP ID | The VRRP (group) ID of this server. Must match the VRRP ID of peers, but must be unique on the server. |
VRRP Priority | The VRRP Priority of this server. Higher value is a higher priority. (1-255) |
VRRP Aliases | The list of VRRP Virtual Addresses. This list should be the same on all VRRP peers. |
Interface Status
The status button on the interface brings up a window showing some of the statistics about the interface. This includes statistics, the ARP table, and the connected clients if its a wireless interface.