FAQs:
Connecting Using PPP with the
Cisco® 675 or 678 Modem
Q: What are the
PPP port mappings/NAT
(Network Address Translation) settings for different servers and applications
for the Cisco 675 or 678 modem?
A:
The following are the recommended steps to take if you are having issues with
accessing specific services or using specific protocols in
PPP mode:
(Note: The steps are
the same for PC and
Macintosh® users.
PC users will access the servers via
telnet or Hyperterminal, Macintosh users
via Zterm. If Zterm is not already installed on your Macintosh, you can install
it from your Qwest.net CD.)
- To set up the Cisco 675 or 678 modem to use any kind of server or
special services such as IRC (Internet Relay Chat) you will need to map
inside to outside addresses for certain ports. Telnet into the Cisco modem
by entering the following command at the Run prompt (Start ->
Run):
telnet 10.0.0.1
- When you see the cbos> prompt, press the Enter key and then type
this command:
show NAT
This will display the following information:
NAT is currently
enabled
Inside Global Address set to xxx.xxx.xxx.xxx
Inside Local Inside Global Timer Flags Protocol
- xxx.xxx.xxx.xxx is the IP
address assigned to your Cisco 675 or 678 modem by our
DHCP
(Dynamic Host Configuration Protocol) server. This address can change
from time to time, especially if you turn off your router. Now, assuming
that you are running your server or
IRC client on a computer that has been assigned 10.0.0.2 as
its IP address (you can
check this by clicking Start, then Run, type winipcfg,
hit OK, and read the information under the
IP entry), enter the
following commands:
set NAT
entry add 10.0.0.2 20 xxx.xxx.xxx.xxx 20 tcp
set NAT
entry add 10.0.0.2 21 xxx.xxx.xxx.xxx 21 tcp
The address 10.0.0.2 could be 10.0.0.x, where x is a number between 2
and 254 (we are using 10.0.0.2 for this example). Also the numbers 20
and 21 are the ports you want the router to "listen" to. If you want to
"listen" to different ports please choose the appropriate number(s) from
the list below.
| Web |
80
TCP |
|
FTP |
20
TCP, 21
TCP |
|
POP |
110
TCP |
SMTP |
25
TCP |
| Telnet |
23
TCP |
IRC |
194 TCP,
194 UDP |
| Quake |
666
TCP |
DNS |
53
TCP, 53
UDP |
|
SSH |
1022
TCP,
1023 TCP |
NNTP |
119
TCP |
|
IDENT |
113
TCP,
UDP |
ICQ |
2300
TCP,
2311 TCP |
| Real
Player |
7070
UDP |
mIRC |
6667
TCP,
UDP |
|
VNC |
5900
TCP,
5901 TCP |
- Note that in the case of certain applications, such as
mIRC
(Mardam-Bey's Internet Relay Chat), you can specify the port that the
client will use by selecting it in the preferences.
- You may also want to run another type of service that is not listed
above. If this is the case, check the information from
IANA
(Internet Assigned Numbers Authority) for a comprehensive list of
all available ports.
- Finally, if you are trying to connect to a site that uses
Microsoft's DirectX® technology (such as the ezone), please review the
Zone document from
Microsoft's Technical Knowledge Database.
Q: How can I protect my Cisco 675 or 678 modem
and computer from hackers and security risks?
A:
To protect your Cisco 675 or 678 modem from hackers you need to setup an exec
and enable password. Good passwords will contain a combination or
uppercase and lowercase letters, numbers and non-alphanumeric characters.
If you have static
IP addresses and are using them in
your computers, the best way to secure your computers from hackers would be
running your own firewall or proxy server (consult your network administrator in
this matter).
If you are using dynamic
IP addresses in your computer or do
not have static IP addresses on
your Qwest.net account, make sure all the ports on your Cisco 675
or 678 modem are closed. By default all ports on the Cisco 675 and 678 modem are
closed. This secures your computer in the network because they are not visible
to the outside world. In PPP
mode your computers will get an IP
address from the router on the range of 10.0.0.2-10.0.0.255. These
IP addresses are non-routable so no
one can get to your computer. From the Internet, people will only be able to see
the IP address of your Cisco 675 or
678 modem.
Q: How do I know if telnet is enabled or
disabled for my Cisco 675 or 678 modem?
A:
To find out if telnet is enabled or disabled in the Cisco 675 or
678 modem:
- Set up a Hyperterminal (Windows) or ZTERM (Macintosh)
session with your Cisco 675 or 678 modem.
- Enter the following command at the CBOX > prompt and press the Enter
key after the entry:
show telnet
This will tell you if Telnet is enabled or disabled in the
modem.
- To log into the Cisco 675 or 678 modem using telnet, telnet to your
gateway IP address.
- If you are using static IP
addresses, telnet to your reserved gateway
IP address.
- If you are using dynamic IP
addresses, your gateway address will be 10.0.0.1.
Note: If you have the
latest version of the CBOS
Release 2.2.0, you need to have an EXEC password on the Cisco 675 or 678 modem;
if you don't, the modem will refuse the telnet connection.
Q: I am having problems with connectivity
(getting and staying connected). How can I fix this?
A:
If you are having issues with connectivity with the Cisco 675 or 678
modem, follow these instructions.
- Check the cables from your computer to your modem and from your modem to
the wall jack.
- If the cables are all secure, try unplugging the power cable from the
back of the modem and then reconnecting it to reset the modem. If
connectivity does not return, try reconfiguring your router.
- If you are a dynamic IP
customer or if you have a single static IP adress:
After setting up all the cables for a connection through the serial
port, you will need to enter the following commands through the
Hyperterminal session if you are using Microsot® Windows®. If
you are a Macintosh user you will need to use a utility
such as Zterm:
(Note: the commands are the same for Microsoft Windows,
Windows NT® and Macintosh users.)
These are the setup commands to configure the modem. You must have
access to the enable mode of the modem to setup the modem.
cbos> enable
Password:
cbos# set nvram erase
cbos# write
cbos# reboot
Password: (unless you have set an exec password)
cbos> enable
Password: (will bring up cbos# unless you have set an enable
password)
cbos# set ppp wan0-0 ipcp 0.0.0.0
cbos# set ppp wan0-0 dns 0.0.0.0
cbos# set ppp wan0-0 login [ISP USERNAME]
cbos# set ppp wan0-0 password [ISP PASSWORD]
cbos# set int wan0-0 disable
cbos# set int wan0-0 vpi 0 vci 32
(vpi - 1 for cap and 0 for DMT)
(vci - 1 for cap and 32 for DMT or 35 for AOL)
cbos# set int wan0-0 enable
cbos# set ppp restart enable (ONLY for 675)
cbos# set dhcp server enable
cbos# set nat enable
cbos# write
cbos# reboot
- If you have multiple static IP
addressing:
(Note: the commands are the same for Microsoft Windows,
Windows NT and Macintosh users.)
These are the setup commands to configure the modem. You must have
access to the enable mode of the modem to setup the modem.
cbos> enable
Password:
cbos# set nvram erase
cbos# write
cbos# reboot
Password: (unless you have set an exec password)
cbos> enable
Password: (will bring up cbos# unless you have set an enable
password)
cbos# set ppp wan0-0 ipcp 0.0.0.0
cbos# set ppp wan0-0 dns 0.0.0.0
cbos# set ppp wan0-0 login [ISP USERNAME]
cbos# set ppp wan0-0 password [ISP PASSWORD]
cbos# set int wan0-0 disable
cbos# set int wan0-0 vpi 0 vci 32
(vpi - 1 for cap and 0 for DMT)
(vci - 1 for cap and 32 for DMT or 35 for
AOL)
cbos# set int wan0-0 enable
cbos# set ppp restart enable (ONLY for 675)
cbos# set int eth0 address xxx.xxx.xxx.xxx [reserved gateway IP]
cbos# set int eth0 netmask [NETWORK_MASK]
(for /30, NETWORK_MASK = 255.255.255.252 - 4
IP's)
(for /29, NETWORK_MASK = 255.255.255.248 - 8
IP's)
(for /28, NETWORK_MASK = 255.255.255.240 - 16
IP's)
(for /27, NETWORK_MASK = 255.255.255.224 - 32
IP's)
(for /26, NETWORK_MASK = 255.255.255.192 - 64
IP's)
cbos# set dhcp server disabled
cbos# set nat disabled
cbos# write
cbos# reboot
- If you are still having problems once you have confirmed that the Cisco
675 or 678 modem configuration is correct and you are able to maintain a
solid WAN connection on your modem, try forcing your computer to actively
search for the Qwest® DNS
servers:
- Forcing DNS in
Windows 9X:
- Force DNSas
follows:
- Click on the My Computer icon.
- Click on the Control Panel icon.
- Click on the Network icon.
- Highlight the
TCP/IP protocol for your Ethernet card and click
on the Properties button.
- Click on the DNS
Configuration tab and choose the Enable
DNS option.
- Then configure your DNS
in Windows as follows:
- Hostname can be set to anything. You may wish to simply use
your user name.
- Domain should be set to qwest.net.
- Server Search Order numbers should be set to
your primary and secondary
DNS numbers (these are on your welcome letter).
- Restart your computer.
- Forcing DNS in
Mac® OS:
- Go to the open apple in the upper left of your screen and select
the Control Panel. Choose the
TCP /
IP settings. In the
TCP/IP menu:
- Type in qwest.net in the Server search domain field.
- Type in the DNS
numbers from your welcome letter in your server search order
number area.
- Restart your computer.
What are the PPP port
mappings/NAT (Network
Address Translation) settings for different servers and applications?