Skip to main content

LAN Configuration

The RockREMOTE can have a number of Local Devices connected to its Local Area Network (LAN). For example:

  • A single device plugged into the wired ethernet port
  • Multiple devices plugged into a network switch, which is plugged into the wired ethernet port
  • Multiple devices connected to the wireless network (this requires optional hardware and antenna to be fitted), see the Wireless section below

The LAN page configures the RockREMOTE's IP address and DHCP server.

The LAN > Global page configures global outbound rules which will apply to all connected LAN devices.

The LAN > Local Devices page shows the connected Local Devices and configures outbound and inbound firewall rules per device.

Network Address Translation (NAT) is used to allow multiple Local Devices to share the currently active WAN connection (Iridium or Cellular).

important

To protect against unintended data transfer, new Local Devices cannot send traffic over any WAN interface until outbound rules have been created for that device.

LAN Settings

LAN

Router IP: The IP address of the RockREMOTE as it appears to local devices. This will be the default gateway for these devices. The default is 192.168.250.1

Subnet: The subnet mask of the LAN. The default is 255.255.255.0

When changing the IP address you will need to re-login to the web interface on the new IP address. DHCP clients may need to be manually reconnected.

Be careful not to choose a subnet that overlaps with the WAN interfaces. Some subnets will be rejected because they are used internally. For example the Iridium WAN interfaces uses 192.168.2.0/24 internally, which means the LAN IP range of 192.168.2.0/24 can not bet used.

DHCP: Assign IP addresses automatically to Local Devices. Devices can also be configured with static IP addresses.

LAN > Global

Global Rules Devices Allow Local DNS: Allows all local devices to use the RockREMOTE as a local DNS server.

The local DNS server forwards queries to the upstream DNS servers configured in the WAN page, which will consume data. It is configured with a generous cache and TTL.

Since version v1.9.0 or greater this does not need to enabled for domain name firewall rules.

Outbound Rules

Allows outbound connections (MO) from all devices. When a device makes a connection, the RockREMOTE creates a temporary mapping to allow the response (known as connection tracking), therefore no corresponding inbound rules are needed.

Multiple outbound rules can be created. These can be for a specific IP address, or a CIDR range or hostnames.

LAN > Local Devices

New Local Devices will usually be added to this list automatically. If this does not happen, or you are not yet able to plug it in, you can manually click on Add Device.

Click on the device name to edit it.

Local Devices

Local Device configuration

Name: This can be anything

IP Address (required): The local IP address of the device.

MAC Address: You must specify this if the device is configured to use DHCP. This ensures it will always be issued the correct IP address.

Port Forwards

Allows inbound connections (MT) to be established.

Select either Iridium or LTE (Cellular) or both. Remember that the RockREMOTE is only connected to one of these at a time.

Outbound Rules

As per the global rules above but only applies to a local LAN device.

Protocol: TCP, UDP or ICMP

Destination: Allow only when connected to Iridium, LTE (Cellular), or both.

Host Range: The IP address or range of the destination.

Port Range: The port or range of ports of the destination.

info

Enabling ICMP can often help fix connection issues, especially on Cellular where MTU path discovery can be needed.

Using ping from a local device requires ICMP.

Local Devices

1:1 NAT

As an alternative to Port Forwards and Outbound Rules, one Local Device can be setup in 1:1 NAT mode on the WAN page. When in this mode, all inbound (MT) traffic* will be forwarded to the device, and all outbound traffic will be allowed.

*Note: 1:1 NAT forwards all inbound traffic except for Port Forwards configured for other Local Devices, as well as connection tracking rules for all devices.

A newly discovered Local Device must be opened then saved before being chosen as the 1:1 NAT device.

Wireless

The RockREMOTE can be configured as a wireless access point. This is an optional feature that must be specified when ordering.

Ensure an antenna is plugged into the wireless SMA connector before enabling.

Wireless clients are bridged to the Wired LAN. They share the same IP subnet and firewall rules are configured in the same way using the Local Devices page.

You can configure the wireless setup on the LAN page; these will only appear if the wireless hardware has been fitted to the RockREMOTE.

Only the 2.4GHz band is supported (802.11n).

Wireless Configuration