Chapter 12. System Services

Table of Contents

12.1. Common settings
12.2. HTTP Server configuration
12.2.1. Access control
12.2.1.1. Trusted addresses
12.3. Telnet Server configuration
12.3.1. Access control
12.4. DNS configuration
12.4.1. Blocking DNS names
12.4.2. Local DNS responses
12.4.3. Auto DHCP DNS
12.5. NTP configuration
12.6. SNMP configuration
12.7. RADIUS configuration
12.7.1. RADIUS server (platform RADIUS)
12.7.2. RADIUS client

A system service provides general functionality, and runs as a separate concurrent process alongside normal traffic handling.

Table 12.1 lists the services that the FB6000 can provide :-

Table 12.1. List of system services

ServiceFunction
SNMP serverprovides clients with access to management information using the Simple Network Management Protocol
NTP clientautomatically synchronises the FB6000's clock with an NTP time server (usually using an Internet public NTP server)
Telnet serverprovides an administration command-line interface accessed over a network connection
HTTP serverserves the web user-interface files to a user's browser on a client machine
DNSrelays DNS requests from either the FB6000 itself, or client machines to one or more DNS resolvers
RADIUS Configuration of RADIUS service for platform RADIUS for L2TP. Configuration of RADIUS client accessing external RADIUS servers.

Services are configured under the "Setup" category, under the heading "General system services", where there is a single services object (XML element : <services>). The services object doesn't have any attributes itself, all configuration is done via child objects, one per service. If a service object is not present, the service is disabled. Clicking on the Edit link next to the services object will take you to the lists of child objects. Where a service object is not present, the table in that section will contain an "Add" link. A maximum of one instance of each service object type can be present.

12.1. Common settings

Most system service have common access control attributes as follows.

Tip

You can verify whether the access control performs as intended using the diagnostic facility described in Section 13.1

Table 12.2. List of system services

AttributeFunction
tableIf specified, then the service only accepts requests/connections on the specified routing table. If not specified then the service works on any routing table. Where the service is also a client then this specifies the routing table to use (default 0).
allowIf specified then this is a list of ranges of IP addresses and ip group names from which connections are allowed. If specified as an empty list then no access is allowed. If omitted then access is allowed from everywhere. Note that if local-only is specified, the allow list allows access from addresses that are not local, if they are in the allow list.
local-onlyThis normally defaults to true, but not in all cases. If true then access is only allowed from machines on IPs on the local subnet[a] (and any addresses in the allow list, if specified).
logThe standard log, log-error, and log-debug settings can be used to specified levels of logging for the service.

[a] A locally-attached subnet is one which can be directly reached via one of the defined interfaces, i.e. is not accessed via a gateway.


Tip

Address ranges in allow can be entered using either <first address>-<last_address> syntax, or using CIDR notation : <start address>/<prefix length>. If a range entered using the first syntax can be expressed using CIDR notation, it will be automatically converted to that format when the configuration is saved. You can also use name(s) of defined IP address group(s) - see Section 3.1 for discussion of address groups.