Static DNS

The static dns page is used to create a local hostname table for the purpose of mapping the hostnames of local network hosts to their IP addresses.

Adding a new host

The following configuration controls are used to add a new host to the local hostname table:

  • IP address - The IP address of the host that will be resolvable from the hostname.
  • Hostname - The textual name of the host that will resolve to its IP address.
  • Comment - A text-field used to assign a helpful message describing the host.
  • Enabled - Determines whether static resolution of the host by the local hostname table is currently active.

Enter appropriate values into each of these configuration controls and click the Add button. The Enabled tick-box must be selected for the host's IP address to be resolvable from its hostname.

Removing hosts

To remove one or more hosts from the local hostname table, select each host to be removed in the Current hosts region and click their adjacent Mark tick-box controls. Click the Remove button.

Editing a host

To edit a particular host in the local hostname table, select the host to be edited within the Current hosts region and select its adjacent Mark tick-box. Click the Edit button to populate the configuration controls in the Add host region with the host's current configuration values. Alter the configuration values as necessary, and click the Add button.

Note - Failure to click the Add button will result in the loss of the host's configuration.

DNS Proxy

The dns proxy page is used to provide a DNS proxy service for local network hosts. In this mode, local network hosts use the SmoothWall system for name resolution services. This allows network hosts to resolve external addresses (if an external connection is available) in addition to addresses defined on the static dns page.

Enabling the DNS proxy

The DNS proxy service is enabled on a per-interface basis. To enable the service for a particular interface, select its appropriate tick-box control in the Interface region and click the Save button.

Intrusion Detection System

The intrusion detection system page is used to enable and configure network activity monitoring using the Intrusion Detection System. IDS passively observes all network traffic, looking for unique patterns of activity that might indicate a potential security problem. The IDS service requires regular subscription-based updates to ensure the rulesets alert against the latest malicious code.

Activating intrusion detection

To activate the IDS, select the Enable tick-box control and click the Save button. Proceed to choose what activities are detected by the IDS (see Choosing what activity to detect below). Log files will be generated by the IDS logs and displayed in the IDS log viewer - see the Logs | ids logs configuration page.

Choosing what activity to detect

IDS rulesets and their descriptions are shown in groups of related activities. The activity signatures that are recognised by each ruleset file can be viewed by clicking on its name. To enable a particular ruleset to be detected by the IDS, select its adjacent tick-box control in the Enable the following IDS rules region. Click the Save button to record any configuration changes made.

Updating IDS rules

To update the IDS rulesets, follow these steps:

  1. Click the Check for updates button
  2. If an update is available, information about it will be displayed. Click the adjacent Download button to download the update.
  3. Once the update has been downloaded, it can be installed by clicking the Install button.

Uploading IDS rules

To install customised IDS rule files, use the Browse... button to locate the rule files using the browser's "File Upload" (or equivalent) dialog. Ensure that the file's name and path have been correctly inserted into the IDS rules text field and click the Upload IDS rules button.

Logging IDS to syslog

The IDS logs can be sent to an appropriately configured remote syslog server. To operate IDS this mode, select the Use syslog for IDS logging tick-box control and click the Save button. All IDS alerts will now be logged via remote syslog program (syslog must first be configured using the Logs | logging options configuration page).

Note - When operating in syslog mode, the IDS log viewer will not receive any log entries.

Dynamic DNS

The dynamic dns page is used to configure access to third-party dynamic DNS service providers. This is useful when using an external connection that does not have a static IP.

The dynamic DNS service will automatically update a leased DNS record by contacting the service provider each time the system's IP address is changed by the ISP. This enables consistent external routing to the system from the Internet.

Supported dynamic DNS providers
The following dynamic DNS service providers are supported:

  • dhs.org
  • dyndns.org
  • dyns.cx
  • hn.org
  • no-ip.com
  • zoneedit.com
  • easydns.com
  • ods.org
  • ez-ip.net
Creating a new dynamic DNS host

The following configuration controls are used to create a new dynamic DNS host:

  • Service - Used to set the dynamic DNS service provider.
  • Behind a proxy - Required if the service provider is 'no-ip.com' and the system is behind a web proxy.
  • Enable wildcards - Used to specify that subdomains of the hostname should resolve to the same IP address (E.g. domain.dyndns.org and sub.domain.dyndns.org will both resolve to the same IP). This option cannot be used with 'no-ip.com', it must be selected from their website.
  • Hostname - Used to set the hostname registered with the dynamic DNS service provider. This is not necessary when using 'dyndns.org' as the service provider.
  • Domain - Used to set the domain registered with the dynamic DNS service provider.
  • Username - Used to set the username registered with the dynamic DNS service provider.
  • Password - Used to set the password registered with the dynamic DNS service provider.
  • Comment - A text-field used to assign a helpful message describing the dynamic DNS host.
  • Enabled - Determines whether the dynamic DNS host is currently active.
Removing dynamic hosts

To remove one or more dynamic hosts, locate each host within the Current hosts list and select their adjacent Mark tick-box controls. Click the Remove button.

Editing a dynamic host rule

To edit a particular dynamic host, locate it within the Current hosts list and select its adjacent Mark tick-box. Click the Edit button to populate the configuration controls in the Add a host region with the host's current configuration values. Alter the configuration values as necessary, and click the Add button.

Note - Failure to click the Add button will result in the loss of the dynamic host.

Forcibly updating dynamic DNS

The dynamic DNS service will update the DNS records for the host whenever the host's IP address changes. In some circumstances, it may be necessary to forcibly update the records. To do this, click the Force update button.

Note - dynamic DNS service providers don't like updating their records when an IP hasn't changed, and may suspend the accounts of users they deem to be abusing their service.