SmallNetBuilder

Firewall - more

In addition to creating rules for filtering traffic in both the outbound and inbound directions, rules can be created for port forwarding. Port forwarding applies when using Network Address Translation, or NAT. With IP Forwarding enabled on a WAN interface, port forwarding isn't an option.

Configuring port forwarding on the Balance 30 is standard. Traffic flows from the WAN side of the router destined for the Balance 30 can be mapped by WAN interface, by port or protocol, to the IP address of specific devices on the LAN. For example, I've configured port forwarding in Figure 10 to direct inbound FTP traffic to an FTP server at 192.168.1.22 on my LAN.

Figure 10: Port forwarding of FTP traffic

Management

Effectively managing multiple WAN links requires clear utilization data. Visibility into WAN utilization is available in the Balance 30 Status menu, and historical data collection can be enabled via the PePLink website. These two features complement the Balance 30's multi-WAN capability, giving network administrators information needed to tune their load balancing configurations.

The Balance 30's Link Usage menu provides totals of inbound and outbound data transfers by WAN interface collected since the last device reboot. Further, the Link Usage menu reports a summary of data transferred by common protocol types, including HTTP, HTTPS, IMAP, POP3, SMTP, and "Others."

To track data utilization by time period, the Balance 30 can be configured to post data to the PePLink reporting server. Setting up historical reporting involves creating a username and password on the PePLink site, with the link conveniently located in the Balance 30 menu. Once a username and password is completed and the function enabled, reports such as the simple report in Figure 11 showing inbound and outbound daily utilization on the WAN1 interface are available. Additional reports by interface, day, week, and month are also available as the data is generated and collected. (Note: the report below shows erratic utilization reflecting my lab testing environment. Production reports will likely be more consistent.)

Figure 11: Inbound and outbound daily utilization report

Other reporting tools include basic logging, writing log data to a syslog server, SNMP support, and email notifications. The Balance 30 Status menu has a basic log, showing time-stamped entries recording events as they occur on the router. Firewall rules can have logging enabled, which will create entries showing when each rule was triggered.

To maintain historical log data, syslog messages can be sent to a Syslog server by enabling this option and configuring the Balance 30 with the IP address of the Syslog server. Further, SNMP polling can be enabled for SNMP versions 1–3.

Email notification can be configured so the Balance 30 will send notifications when there is a status change on a WAN interface, or when there is a firmware upgrade available. The menu only allows for configuring a single email recipient, so you may want to set up an email alias to ensure the message is sent to multiple destinations.

Remote configuration of the Balance 30 can be enabled for HTTP and/or HTTPS access, and can be limited by WAN interface. Specific source subnets can be specified to further restrict external access.