set passthrough

Purpose

Configures the IP pass-through feature.

IP pass-through allows a Digi device to provide bridging functionality similar to a cable or DSL modem, where the Digi device device becomes “transparent” to the router or connected device. In this case, the router’s WAN interface believes it is connected directly to the mobile network, and has no knowledge that the Digi device is the mechanism providing that connectivity. The IP pass-through feature works with either cellular or WiMAX as the WAN interface.

A Digi device configured for IP pass-through, such as a ConnectPort WAN or Digi Connect WAN, passes its mobile IP address directly through and to the Ethernet device (router or PC) to which it is connected through the Ethernet port. From the perspective of the connected device, the Digi device essentially becomes transparent (similar to the behavior of a cable or DSL modem) to provide a bridge from the mobile network directly to the end device attached to the Digi device.

Since the mobile network address is effectively “passed-through” to the local device connected to the Ethernet port of the Digi device, all network access to it is bypassed, with some specific exceptions.

A reboot is required for IP pass-through settings to take effect.

Services disabled when IP pass-through is enabled

When you enable IP pass-through, the Digi device effectively disables all router and IP service functionality. Services that are disabled are:

Services available when IP pass-through is enabled

The Digi device is effectively transparent to all IP activity and network access by other devices, with these exceptions:

Using Pinholes to Manage the Digi Cellular Family Device

IP pass-through uses a concept called pinholes. You can configure the Digi device to listen on specific TCP ports, and terminate those connections at the Digi device for purposes of managing it. Those ports are called pinholes, and they are not passed on to the device connected to the Ethernet port of the Digi device. Each pinhole command option specifies whether the network service and port are passed on to the device connected to the Ethernet port of the Digi device, or terminate at the Digi device. Network services or applications and ports that can be configured as pinholes include:

For more information on the network services, see set service.

Remote Manager and Digi SureLink applications are automatically set up as pinholes so that they continue to work with the Digi device.

In addition, the Digi device uses a private address on the Ethernet interface strictly for use in configuration or local access. This allows a user on the local network to gain access to the web interface or a Telnet session to make configuration changes.

Remote Device Management and IP Pass-through

The Digi device allows you to enable pinholes for specific ports to allow remote users to manage the Digi device from the mobile network or open Internet. The Digi device retains its remote management capabilities using a Remote Manager server. The necessary pinholes are automatically defined when the Digi device is configured for IP Pass‑through.This provides administrators with the same remote-management capabilities that exist in Digi remote devices.

Using the “set service” command with IP Pass-through

You can use the set service command to have a network service terminate both at a port on the Digi device and a different port on the connected device. For example, you could have the Digi device terminate the SSH service on port 2222, and the connected device terminate SSH at port 22. To do so, you would issue a set service command to move the SSH server from listening on port 22 to listening on port 222. With such a configuration, both the Digi device and the connected box could respond to SSH.

Required permissions

For Digi products with two or more users, permissions must be set to set permissions s-bridge=read” to display settings, and set permissions s‑bridge=rw to display and configure settings. See set permissions for details on setting user permissions for commands.

Syntax

Configure IP pass-through mode

set passthrough [state={enabled|disabled}]
  [proxyarp={enabled|disabled}]
  [subnetmask=subnet mask]
  [http={pass|terminate}]
  [https={pass|terminate}]
  [telnet={pass|terminate}]
  [ssh={pass|terminate}]
  [snmp={pass|terminate}]
  [dcloud={pass|terminate}]
  [surelink={pass|terminate}]
  [ping={pass|terminate}]
  [ddnsupdate={pass|terminate}]

Display current IP pass-through mode settings

set passthrough

Options

state={enabled|disabled}

Enables or disables IP Pass-through.

proxyarp={enabled|disabled}

Enables or disables ARP proxy.

The existence of an entry in the proxy ARP table means that the Digi device responds to ARP requests for that IP address, as if the IP address were configured for the responding interface. This is generally useful in that the host making the ARP request forwards packets destined for that IP address to the Digi device, which will then forward them as the next routing hop.

For IP pass-through mode, if the “tethered” host connected to the LAN side of the Digi device is using DHCP to get its IP configuration from the Digi Device, it looks as if the Digi device is providing a subnet to that host even though the Digi device is only giving it the use of a single IP address (the WAN interface IP address). There is a possibility that the host must communicate with other hosts that appear to be in that subnet -- perhaps some other mobile device with an IP address in the same nearby address range. In that case, the Digi device must “proxy” the ARP requests that are received from the tethered host, so it sends them to the Digi to then forward to the WAN.

subnetmask=subnet mask

The IP address subnet.

http={pass|terminate}

Specifies whether the HTTP network service is configured to pass to the connected device or terminate at the Digi device for purposes of managing it, known as a pinhole.

https={pass|terminate}

Specifies whether the HTTPS network service is configured to pass to the connected device (pass) or terminate at the Digi device for purposes of managing it, known as a pinhole (terminate).

telnet={pass|terminate}

Specifies whether the Telnet network service is configured to pass to the connected device (pass) or terminate at the Digi device for purposes of managing it, known as a pinhole (terminate).

ssh={pass|terminate}

Specifies whether the SSH network service is configured to pass to the connected device (pass) or terminate at the Digi device for purposes of managing it, known as a pinhole (terminate).

snmp={pass|terminate}

Specifies whether the SNMP network service is configured to pass to the connected device (pass) or terminate at the Digi device for purposes of managing it, known as a pinhole (terminate).

dcloud={pass|terminate} ()

Remote Manager pass or terminate. Specifies whether Remote Manager is configured to pass to the connected device (pass) or terminate at the Digi device for purposes of managing it, known as a pinhole (terminate). The default is terminate.

surelink={pass|terminate}

Specifies whether the SureLink application is configured to pass to the connected device (pass) or terminate at the Digi device for purposes of managing it, known as a pinhole (terminate). The default is terminate.

ping={pass|terminate}

Specifies whether ICMP echo (ping) requests pass to the connected device (pass) or terminate at the Digi device (terminate). The default is “pass.”

ddnsupdate={pass|terminate}

Specifies whether Dynamic DNS (DDNS) requests pass to the connected device (pass) or terminate at the Digi device (terminate). The default is pass.

See also