Net & Mac Address Filter Setup Guide(CDR-882/780/790/990 Cellular Router)

Call Direct

Document version 1.4

Last updated 20 December, 2010

support@call-direct.com.au

Document Description

This document is intended to be used as a step-by-step guide for applying an IP & Mac Address Filter on

to the Call Direct CDM-CDR-NTC series cellular router. The router will need to support the following

application version:-

Application Software Version: 1.58.6

Phone: +61 (02) 9011-7526

Email: support@call-direct.com.au

You will need the following files available to complete this upgrade procedure:

Installer Software: installer.tar.gz (3KB)

Mac Filter: netfilter_mac.tar.gz (4KB)

Upgrading the Cellular Router to Support Mac FilteringUpgrading the Cellular Router to Support Mac Filtering

1. Plug the network (CAT5) cable in to the Ethernet port, followed by the power cable.

2. Log in to the web administration page by opening your web browser and typing in the URL

http://192.168.1.50 with the following credentials:

a. Username: admin

b. Password: password

The above credentials are the the router's initial factory settings.

3. Click on the “Application Load/Save” link in the menu .

4. Click the “Browse” button and select the installer application file, which in this case is

installer.tar.gz and click “Upload”.

Download the file here and save to your computer-

http://media.netcomm.com.au/public/assets/file/0014/62033/installer.tar.gz

5. Click Ok to the next 2 messages:

Once the installer pack upload has completed, you will see the following message:

Installing the Mac & Net FiltersInstalling the Mac & Net Filters

1. Download the net filter upgrade file named netfilter_mac.tar.gz to your computer which isavailable from http://media.netcomm.com.au/public/assets/file/0018/62064/netfilter_mac.tar.gz

2. Click on the 'Application Load/Save' link in the menu bar.

3. Click the 'Browse' button and select the net filter upgrade file, netfilter_mac.tar.gz and click

'Upload'.

4. Click OK to the next two messages:

5. A progress bar will display whilst the net filter upgrade completes. You must wait until the

upgrade finishes before powering off, unplugging cables or restarting the device, or the

firmware will be corrupted and warranty will be void.

6. Once the application upload has finished, you will see the following screen:

You have now completed the cellular router software upgrade. To verify that the upgrade has installed

correctly:

Log in to the package management page by opening your web browser and typing in the URL

http://192.168.1.50/cgi-bin/packages.cgi

The following screen will be displayed if you have installed the packages correctly.

Applying the Mac FilterApplying the Mac Filter

1. To apply the Mac Address filter you will need to run the 'telnet' command to the device.

Click 'Start' button on the desktop, then 'Run' button and type in box “telnet 192.168.1.50”

and then press the enter key on your keyboard or click on the OK button.

You will be prompted for a username and password. Enter 'root' (without quotes) for the username and

'gronk' for the password, both in lower case.

2. Run the command echo "Mac Address" >> /etc/macaddr ( replacing the “Mac

Address” with the Mac Address of the device you require to only be able to access the unit from the

Ethernet port ). Once the unit is rebooted the Mac Address filter will be activated.

Note: If you want more then one device to access the router run the command again with a

different Mac Address.

Example

echo "00-0d-61-53-ff-05" >> /etc/macaddr

This will only allow a device with Mac Address of 00-0d-61-53-ff-05 to access the unit from the

Ethernet port. This command just creates a text file with the line 00-0d-61-53-ff-05 you could create

a text file using a text editor.

Removing / Disabling the Mac Address Filter

Run the command rm /etc/macaddr

Verifying the Mac Filter Verifying the Mac Filter

4. Reboot the unit.

After the unit has been rebooted telnet to the unit and run the command 'iptables –L'

Under the MAC Chain you should see the Mac Address you enter if you have followed the steps

correctly.

The Mac Filter is now active

Applying the Net FilterApplying the Net Filter

1. To apply the Net Address filter you will need to use the telnet command to access the router.This is the same process as the Mac address filter but you will create a different file.

2. Click “Start” button on the desktop, then “Run” button and type in box “telnet

192.168.1.50” . Press the enter key or click on the OK button.

You will be prompted for a username and password. Enter 'root' (without quotes) for the username and

'gronk' for the password, both in lower case.

3. Run the command echo "IP Address" >> /etc/ipfilteraddr

Replace the IP Address with the IP Address of the device you require to only be able to access

the unit from the WAN interface (PPP interface), this allows a single host to access the unit from

the WAN side of the router. If you wish to add a whole subnet instead of a single host run the

command.

echo "IP Address/subnet mask" >> /etc/ipfilteraddr

The subnet mask must be in CIDR notation eg 192.168.1.1/24

Note: If more than one device is required to access the unit run the command again with a

different IP Address.

Example

echo "10.192.1.210" >> /etc/ipfilteraddr & echo "10.0.0.0/24" >> /etc/ipfilteraddr

This will only allow a device with IP Address of 10.192.1.210 and anything with an IP address in the

10.0.0.0/24 range to access the unit from the WAN side. This command just creates a text file with

the line 10.192.1.210. You could create a text file yourself without using the echo command.

Removing/disabling the Net Address Filter

Run the command rm /etc/ipfilteraddr

Verifying the Net FilterVerifying the Net Filter

4. Reboot the unit

After the unit has been rebooted use the telnet command to access the router (eg telnet192.168.1.50) and run the command iptables –L -v

Under the Filter Chain you should see the IP Addresses you entered.

Once the Net Filter is activated everything coming from the WAN interface that is not added will be DROP

by default. Any connections that have already been established from the Ethernet side to an IP address

that is not in the Net Filter will still be ACCEPTED.

This rule accepts IP Address from already established connections made from the Ethernet

The Net filter is confirmed as active.