Overview
This page includes the configuration and setup information required for full utilization of the LaundryCard firewall, including credit card processing and remote operator access.
Card Concepts Inc. is not responsible for network configuration beyond the information provided here or the configuration of LaundryCard Firewall devices.
Connection Configurations
As of LaundryCard Version 9, all updated firewalls communicate and establish a secure connection with the LaundryCard Data Center.
When a Firewall is set up for a Dynamic IP Configuration, communication for store access is done through our LaundryCard Live service at https://live.laundrycard.com. This is typically the case for most LaundryCard Version 9 systems.
When a Firewall is set up for a Static IP Configuration, which is typically found in LaundryCard Version 8 and earlier systems (and some older LaundryCard Version 9 configurations), there are two general configuration options for the LaundryCard network.
Static Connection via Internet Modem
A LaundryCard Firewall is designed to be connected directly to an Internet Service Provider's (ISP) modem. For static configurations, the ISP connection should provide a static Internet Protocol (IP) address. This provides an IP address that does not change over time. Note that non-static IP addresses normally and most often provided by an ISP may be changed dynamically by the ISP at any time. Therefore, a static IP is required to provide the store owner with a fixed address to access to the store LaundryCard system.
A modem does not inspect or act on any of the traffic that goes to and from the internet. The modem provided by the ISP will pass all the traffic coming from the internet and send it to the LaundryCard Firewall. Conversely, all traffic transmitted by the LaundryCard Firewall will be directed out to the internet.
One result of attaching the LaundryCard Firewall directly to an ISP supplied modem is that other devices cannot easily be attached to the same internet connection. Another result is that the security of the LaundryCard Firewall is enhanced, as the LaundryCard Firewall is not accessible to other devices in the store environment.
The LaundryCard Firewall has the necessary and sufficient firewall rules for protecting the LaundryCard network from undesirable internet traffic.
Static Connection via Internet Modem and Router (or Modem/Router Combination Device)
The advantage of this configuration is that the owner may decide to interface other internet devices using the same internet connection to reduce his costs. However, there are several disadvantages to this configuration, including:
- These additional devices will impact, perhaps severely, the throughput available to the LaundryCard Firewall
- These devices may produce traffic at the interface to the LaundryCard Firewall that is best undesirable or at worst debilitating to satisfactory LaundryCard network operation.
- The router device (or router portion of the combined modem/router) will require special configuration by the customer.
There are a large number of routers and modem/routers available commercially. Some routers can be satisfactorily configured to operate in a LaundryCard configuration. However, a number of routers do not have sufficient features or throughput to support LaundryCard Firewall operation.
The following documentation is provided in order to help customers (and their ISPs) with their router configuration.
Router Configuration
If a customer router is to be implemented, it must have – at a minimum – the following features and configuration:
- The router must be set up to have a single ethernet interface for connection to Port 1 of the LaundryCard Firewall.
- A single fixed (static) IP address must be designated for use by the LaundryCard Firewall.
- Port Forwarding must be enabled and implemented such that traffic received from the internet and destined to the LaundryCard Firewall static IP address will be forwarded as follows:
- The router will forward all TCP traffic with several specific TCP ports to the designated Ethernet interface connected to the LaundryCard Firewall.
- The router will forward all UDP traffic several specific UDP ports to the designated Ethernet interface connected to the LaundryCard Firewall.
- The router will forward all GRE traffic (protocol 47) to the designated Ethernet interface port connected to the LaundryCard Firewall.
- The router will forward all IPSEC-ESP traffic (protocol 50) to the designated Ethernet interface port connected to the LaundryCard Firewall.
- All traffic from the LaundryCard Firewall must be forwarded by the router to the modem interface on the router.
Port and Protocol Usage
The following is current list of protocols and port usage of the LCRF (LaundryCard Router/Firewall).
With a Dynamic configuration, while exclusively forwarding individual ports is not necessary, it is strongly recommended that users do not block the individual ports/protocols below.
Protocol | Port | Usage | Notes |
TCP | 80 | WWW | Web Access (non-secure Hypertext Transfer Protocol) |
UDP | 123 | NTP | Network Time Protocol |
TCP | 443 | SSTP/HTTP | Secure Socket Tunneling Protocol / Secure Hypertext Transfer Protocol |
UDP | 500 | IKE | Internet Key Exchange |
UDP | 514 | Syslog | System Logging |
UDP | 1701 | L2TP | Layer 2 Tunneling Protocol |
TCP | 1723 | PPTP | Point-to-Point Tunneling Protocol |
UDP | 1812 | Radius | Remote Authentication Dial-In User Service |
UDP | 1813 | Radius | Remote Authentication Dial-In User Service |
TCP | 2222 | Multi-Store | Multistore data requests |
UDP | 4500 | L2TP | Layer 2 Tunneling Protocol |
UDP | 5556 | — | — |
UDP | 5678 | MNDP – | Mikrotik Network Discovery Protocol |
UDP | 8291 | Winbox | Mikrotik Windows Management interface |
TCP | 12975 | — | — |
UDP | 15252 | Cloud Time, DDNS | Mikrotik Cloud Services |
TCP | 32976 | — | — |
GRE (47) | — | PPTP | Point-to-Point Tunneling Protocol |
IPSEC-ESP (50) | — | L2TP/IPsec | Layer 2 Tunneling Protocol / Internet Protocol Security |