Versions Compared

Old Version 6

changes.mady.by.user Chris Kite

Saved on

compared with

New Version 7

changes.mady.by.user Chris Kite

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

This page includes the configuration and setup information required for full utilization of the LaundryCard firewall, including credit card processing and remote operator access.

...

Table of Contents
minLevel2

Connection Configurations

There are two general configuration options for the LaundryCard network, as outlined below.  Card Concepts Inc. is not responsible for network configuration beyond the information provided here or the configuration of LaundryCard Firewall devices

...

Connection Configurations

As of LaundryCard Version 9, all updated firewalls communicate and establish a secure connection with the LaundryCard Data Center.

When a Firewall is set up for a Dynamic IP Configuration, communication for store access is done through our LaundryCard Live service at https://live.laundrycard.com. This is typically the case for most LaundryCard Version 9 systems.

When a Firewall is set up for a Static IP Configuration, which is typically found in LaundryCard Version 8 and earlier systems (and some older LaundryCard Version 9 configurations), there are two general configuration options for the LaundryCard network. 

...

Connection via Internet Modem

A The current LaundryCard Firewall is designed to be connected directly to an Internet Service Provider's (ISP) modem. For static configurations, the The ISP connection should provide a static Internet Protocol (IP) address. This provides an IP address that does not change over time. Note that non-static IP addresses normally and most often provided by an ISP may be changed dynamically by the ISP at any time.  Therefore, a static IP is required to provide the store owner with a fixed address to access to the store LaundryCard system.

...

The LaundryCard Firewall has the necessary and sufficient firewall rules for protecting the LaundryCard network from undesirable internet traffic.

...

Connection via Internet Modem and Router (or Modem/Router Combination Device)

The advantage of this configuration is that the owner may decide to interface other internet devices using the same internet connection to reduce his costs.  However, there are several disadvantages to this configuration, including:

...

  1. The router must be set up to have a single ethernet interface for connection to Port 1 of the LaundryCard Firewall.
  2. A single fixed (static) IP address must be designated for use by the LaundryCard Firewall.
  3. Port Forwarding must be enabled and implemented such that traffic received from the internet and destined to the LaundryCard Firewall static IP address will be forwarded as follows:
    1. The router will forward all TCP traffic with several specific TCP ports to the designated Ethernet interface connected to the LaundryCard Firewall.
    2. The router will forward all UDP traffic several specific UDP ports to the designated Ethernet interface connected to the LaundryCard Firewall.
    3. The router will forward all GRE traffic (protocol 47) to the designated Ethernet interface port connected to the LaundryCard Firewall.
    4. The router will forward all IPSEC-ESP traffic (protocol 50) to the designated Ethernet interface port connected to the LaundryCard Firewall.
  4. All traffic from the LaundryCard Firewall must be forwarded by the router to the modem interface on the router.

Port and Protocol Usage

The following is current list of protocols and port usage of the LCRF (LaundryCard Router/Firewall). 


Ui text box
sizemedium
type
Info
  • GRE (protocol 47)  - Required for implementation of VPN using PPTP. It is a separate protocol from TCP/IP. Forwarding of this protocol is often configured from a separate menu from TCP/IP port forwarding.
  • IPSEC-ESP (protocol 50)  -   Required for implementation of VPN using L2TP. It is a separate protocol from TCP/IP. Forwarding of this protocol is often configured from a separate menu from TCP/IP port forwarding. This protocol is required for support of Virtual Private Networking (VPN) from late version of Apple devices . If the router does not forward this protocol properly, VPN using L2TP will not be supported.
Note

With a Dynamic configuration, while exclusively forwarding individual ports is not necessary, it is strongly recommended that users do not block the individual ports/protocols below.


Protocol

Port

Usage

Notes

TCP

80

WWW

Web  Web Access (non-secure Hypertext Transfer Protocol) 
Used by Authorize.Net interface

UDP

123

NTP

Network Time Protocol

TCP

443

SSTP/HTTP

Secure Socket Tunneling Protocol / Secure Hypertext Transfer Protocol 
Used by Authorize.Net interface

UDP

500

IKE

Internet  Internet Key Exchange

UDP

514

Syslog

System  System Logging

UDP

1701

L2TP

Layer  Layer 2 Tunneling Protocol

TCP

1723

PPTP

Point Point-to-Point Tunneling Protocol

UDP

1812

Radius

Remote  Remote Authentication Dial-In User Service

UDP

1813

Radius

Remote  Remote Authentication Dial-In User Service

TCP

2222

Multi-Store

Multistore data requests

UDP

4500

L2TP

Layer  Layer 2 Tunneling Protocol

UDP

5556

Hamachi

Hamachi direct connect requests

UDP

5678

MNDP –

Mikrotik  Mikrotik Network Discovery Protocol

UDP

8291

Winbox

Mikrotik Windows Management interface

TCP

12975

Hamachi

Hamachi Initiator Port

UDP

15252

Cloud Time, DDNS

Mikrotik Cloud Services

TCP

32976

Hamachi

Hamachi Session Port

GRE (47)

PPTP

Point Point-to-Point Tunneling Protocol

IPSEC-ESP (50)

L2TP/IPsec

Layer  Layer 2 Tunneling Protocol / Internet Protocol Security

...