Bridge the Zoomtown Westell Router

October 29, 2009 at 6:19 PMRampidByter

Assuming that the internet service provider (ISP) is in fact Zoomtown, and the subscriber trying to setup the bridge is using a Westell router provided by Zoomtown. I want it noted that you should only follow these steps if you have the hardware and knowledge needed to both secure and maintain the network setup.

Home Network DiagramThe ideal setup, in my opinion, is having the Westell router provided by Zoomtown going into another router that will be used as the central router used for the home in this case. The internal router should hopefully have intrusion protection, and at very least a firewall built in. If you’re questioning whether your particular network router has those capabilities you may want to skip the step related to disabling the Westell router’s firewall settings. See the diagram on the right for an overview of the network setup I described above.

To begin it’s best to have either the desktop near to or bring the Westell router to close proximity. A laptop is most likely the best solution in this case as you’ll be able to place the Westell router at it’s permanent location.

Step 1: Connect to the Zoomtown Westell router directly.

To do this you’ll need a cat5e network cable that you’ll plug directly into the Westell router’s network port, and the opposite end into either your desktop or preferably laptop. Please note ahead of time that you should have a working virus scanner running and a firewall package enabled on the computer used to connect to this router directly.

Step 2: Log into the Westell router directly.

IP Address: 192.168.200.1

In order to log into the Westell router open the internet browser of your choice. I prefer Internet Explorer, but FireFox works just as well. Enter the IP address listed above into the address bar of the browser and navigate to the internal Westell router configuration interface. If this does not work then identify the IP address the PC you’re using to connect to the Westell router is currently using. Enter the IP exactly as your PC shows except for the last three digits. Change the last three digits to simply 1. So if you have 192.168.500.233 then enter 192.168.500.1 into the browser’s address bar.

Step 3: Change the Administrative password.

People forget to change the administrative password all the time for internet accessible routers. In my neighborhood alone there are six unsecured wireless networks. Each one of them is easily accessible and has a very decent signal strength. Not say I’ve gone into them, but simply that this is often the most overlooked security vulnerability  problem.

Once logged into the Westell router you’ll be greeted with the friendly Westell logo and menu options displayed below:

menu

Mouse over the “Maintenance” option and click on the “Change Password” menu option. You’ll be prompted to enter both a name and password twice for validation. Enter in something you’ll remember like ‘Admin’ for the name and at least a decently hard password to crack using any standard dictionary attack. All in all it’s better than the no user name and password to enter into this setup right?

Step 4: Turn off the Westell firewall settings. (optional)

Keep in mind this step is optional. In my setup there is a Linksys business class router with built in firewall, IPS, and other assorted mechanisms to secure my network. At that level having two routers providing firewall protection is overkill for my needs and most likely is just an added network delay. I also want to just make sure I am in total control of what the firewall blocks and does not block via my own personal router.

To turn off the firewall simply mouse over the “Configuration” menu option and click on the “Firewall Configuration” menu option. From the firewall configuration settings simply click the “None” radio button option. This will disable the internal firewall for the Westell router. The default is most likely set to “Low”, but this step is optional and up to the end user to decide.

firewall

Step 5: Set the virtual connection to bridge mode.

In order to set the virtual connection to bridge simply mouse over the “Configuration” menu option and click on “VC Configuration" menu option. A list of virtual connections will be displayed with the current status, and ability to edit the connections by clicking on the “Edit” button located next to the connection.

Locate and identify the enabled virtual connection, should be the only enabled connection by default. This connection it needs to be set to bridge mode from the default routed bridge mode. To do this again locate the enabled connection, and click the “Edit” button from the same row.

virtualconnect1 

virtualconnect2 A pop-up configuration window will appear with the settings for the virtual connection. The only setting that needs to be changed on this window the drop down box next to “Mode” under Bridge Settings. Locate and click the drop-down menu for “Mode”, and select “Bridge” from the drop-down listing.

Click the “Set VC” button to save the changes and to close the configuration window.

 

Step 6: Turn off Private LAN.

The last step is to disable the private LAN functionality of the Westell router. The private LAN will provide to the internal router an internal IP address making direct forwarding a problem. To receive an external IP address mouse over the “Configuration” menu option, and click the “Private LAN Configuration” menu options.

From the “Private LAN Configuration” settings simply uncheck the “Private LAN DHCP Server Enable” also uncheck the “Private LAN Enable” settings. This will now allow the internal router to receive an external IP address instead of the private LAN IP provided from the Westell router.

Summary

There are many other ways to get the same sort of behavior. The Westell router could be used in combination with a switch as the primary router to divvy out DHCP IPs to connected PCs. The port forwarding and firewall option on the Westell are not bad at all so it should offer itself as a nice router out of the box.

For my purposes I already had a business class VPN router and would prefer to work with the Linksys configuration UI I've acclimated to over the years. So as far as the preference goes it’s in my opinion the best option available. From this point the internal router can be used to forward ports used for remote desktop on 3389, web servers on port 80, or any other general purpose port used externally.

Posted in: How-to

Tags: