Services such as SSH are used to provide remote access to the Opengear device itself and attached managed devices, e.g. serial consoles. To configure services, log in to the Opengear web UI as root or an admin user.
System -> Services -> Service Settings controls the network services that are running on the Opengear device, e.g. enables and disables their associated daemon processes.
Here you may set SSH, Telnet and HTTPS to listen on alternative ports, you may also configure alternative per-service base ports for serial/USB console access using the base port + port number convention.
Note: Any changes to default service ports under Service Settings are automatically taken into account by Service Access.
Network access to services
System -> Services -> Service Access controls inbound access through the firewall to the above services, on a per-interface basis. If required, more granular network access controls can be implemented using custom firewall rules.
Rows list service/sub-services and columns list interfaces types, to form a complete network access policy matrix. By default, only encrypted and authenticated services are allowed through the firewall.
You may also disable the ping "service" from responding of ICMP Echo Requests.
Note: The Dialout/Cellular interface type covers both v.92 PPP and cellular IP connections, and VPN interface type covers IPsec, OpenVPN and PPTP.
User access to services
Many services, such as SSH and FTP, enforce per-user access controls – these are granted by configuring users & groups.
To create a new local user operator1 with acess to the FTP service on the Management LAN interface:
- Click System -> Services -> Service Settings
- Check Enable FTP Service and click Apply
- Click System -> Services -> Service Access
- Locate the Management LAN column along the top
- Scroll down to the FTP Server row towards the bottom, check the box in the Management LAN column, click Apply
- Click Serial & Network -> Users & Groups -> Add Users
- Enter a Username of operator1, enter and confirm a Password, check Groups: ftp, and click Apply