NetComm NB712 manual Types of Firewall, Packet Filtering, There are three types of firewall

Page 9

2.1 Types of Firewall

There are three types of firewall:

2.1.1 Packet Filtering

In packet filtering, only the protocol and the address information of each packet is examined. Its contents and context (its relation to other packets and to the intended application) are ignored. The firewall pays no attention to applications on the host or local network and it “knows” nothing about the source of the incoming data. Filtering consists of examining incoming or outgoing packets and allowing or disallowing their transmission on the basis of a set of configurable rules. Network Address Translation (NAT) routers offer the advantages of packet filtering firewalls but can also hide the IP addresses of computers behind the firewall, and offer a level of circuit-based filtering.

Level 5: Application

Protocol

Level 4: TCP

 

Source/Destination address

 

 

Level 3: IP

 

Source/Destination port

 

IP options

 

 

Level 2: Data Link

 

Connection status

 

 

 

Level 1: Physical

 

 

 

192.168.0.5

172.16.3.4

 

Firewall

 

 

 

Filter remembers

 

 

 

this information

 

 

 

UDP

 

 

 

SP=3264

 

 

 

SA=192.168.0.5

 

 

 

DP=1525

 

 

 

DA=172.16.3.4

 

 

 

Matches outgoing

 

 

 

so allowed

 

 

 

UDP

 

 

 

SP=1525

 

 

 

SA=172.16.3.4

 

 

 

DP=3264

 

 

 

DA=192.168.0.5

 

 

 

No matches

 

 

 

so disallowed

 

 

 

UDP

 

 

 

SP=1525

 

 

 

SA=172.168.3.4

 

 

 

DP=2049

 

 

 

DA=192.168.0.5

 

 

 

192.100.0.10:1025

 

 

 

 

 

192.120.8.5:2205

Internet

 

 

 

 

 

192.120.8.5:2206

 

Firewall 192.120.8.5

 

 

 

Client IP

 

Internal Port

External Port

192.100.0.11:4433

 

1025

2205

192.68.0.10

 

192.168.0.11

4406

2206

Internal/Protected

 

 

External/Unprotected

Network

 

 

Network

NB712 /

NB714 User Guide

9

YML829

Rev1

 

Image 9
Contents Page Contents NB714 User Guide Features Package ContentsIntroduction Routing SpecificationBridging SecurityATM QoS IndicatorsAAL5 Encapsulation WAN InterfacePhysical/Electrical ApplicationMemory Product InformationFirewall Types of Firewall Packet FilteringThere are three types of firewall Denial of Service Attack Circuit GatewayApplication Gateway SYN Flood Ping of deathIcmp Flood UDP FloodFrame Specification Vlan Virtual Local Area NetworkVID uniquely identifies the Vlan to which the frame belongs ApplicationsGetting to know the router Front PanelLED status LAN 1,2,3,4 Rear PanelCheck the Terminal Access Program Connecting your G.SHDSL Modem RouterDetermine Connection Setting Check the Ethernet Adapter in PCBridge EoA Route EoA IPoA PPPoA PPPoE Install the Shdsl RouterCross-over Ethernet cables can be used Port router with network topologyConfiguration via Web Browser Router, which will lose any previous configuration Basic Setup System error or disconnectionClick Basic for basic installation Bridge Mode LAN ParametersEnter Host Name Enter VPI Enter VCI Click LLC Click Next WAN1 ParametersRouting Mode Click Next to setup WAN1 parameters Dhcp ClientLAN IP Type IP type Dhcp ServerIP Address Subnet MaskDNS Server Trigger Dhcp ServiceRelay Dhcp relayAAL5 Encap PPPoE or PPPoAProtocol For more information, refer to the section on NAT/DMZPassword Confirm PasswordUsername Idle TimeEprom Gateway IPoA or EoAEprom Advanced Setup Link Type Annex TypeData rate Data RateMargin range is from 0 to Shdsl SNR marginMargin, the better the line connection Reconnect for better line connectionWAN UBR Unspecified Bit Rate QoS Quality of ServiceCBR Constant Bit Rate PCR Peak Cell Rate in kbpsBridge Eprom Vlan Packets PvidRoute RIP ModeAuto RIP Summary Press ModifyAuthentication required RIP VersionPoison Reverse NAT/DMZ Multi-NAT Multi-DMZVirtual Start IP Address Count Global Start IP AddressVirtual Server Basic Firewall Security FirewallAutomatic Firewall Security Click Advanced Firewall Security and then press Finish Advanced Firewall SecuritySYN Attack Connections and will be unresponsivePing of death attack attempts to crash your system by Addresses originating from your networkDescription DirectionSrc. IP Address Dest. IP AddressFiltering rule will be configured as follow Filtering Rule for Smtp connectionFiltering Result Update Filtering RuleWhen the rule is ordered as ABC Rule Order10.0.0.0 172.16.6.0 Permit 10.1.99.0 172.16.0.0 Deny Any IP QoS NB714 User Guide Administration Security NB712 / NB714 User Guide MIB SnmpCommunity Snmp statusVersion Community Click on Time Sync Time SyncSntp service Time ServerTime Zone Utility System Info Backup Configuration Restore Configuration10.2 Config Tool Lose all the configured parametersUpgrade To logout the router, press logout LogoutRestart You can monitor the following StatusLAN-to-LAN connection with bridge Mode CO sideLAN Parameters Enter IP 192.168.1.1 Enter Subnet Mask WAN1 ParametersEnter Gateway 192.168.1.1 Enter Host Name Enter VPI Enter VCI EncapCPE Side Host Name Enter SohoVCI32 EncapLLC Dhcp Service LAN to LAN Connection with Routing ModeClick Route and CO Side then press Next IP Address 192.168.20.1 Subnet Mask 255.255.255.0 Host NameWAN Parameters Click Next to setup the IP parametersIP Address 192.168.10.1 Subnet Mask 255.255.255.0 Host Name Click Route and CPE Side then press Next192.168.30.2 Serial Console Useradmin PasswordTelnet Baudrate 9600 Data Bits Parity Check Stop Bits Flow-controlOperation Interface Window structure Menu Driven Interface Commands To choose another parametersCtrl + C To quit the configuring item Ctrl + Q For help Menu Tree 14.7 Configuration Done via utility command Ping Packet internet groper command AdminUtility Exit Quit systemStatus System ShowConfig ScriptAdministration RebootWrite PingUser Profile Edit Community Entry List Show SnmpSupervisor Password and ID Sntp Move the cursor to service and press enterMove the cursor to sntp and press enter Move the cursor to timeserver1 and press enterMove the cursor to list and review the setting Utility SetupExit ModeShdsl 14.16.3 WAN After enter add menu, the screen will prompt as follow BridgeMove the cursor to vlan and press enter Vlan14.16.6 802.11Q Vlan Follow the following steps to configure 802.11q VlanFor each VLAN, Vlan ID is a unique number among 1~4095 You can review the list of RIP parameters via list command Generic command can setup RIP mode and auto summery modeRoute Screen will display the followingIP share 14.16.8 LANYou can configure NAT parameters in nat menu 14.16.10 NATMapping After key in enter, the screen will prompt as below 14.16.11 PATfirewall security level can configure via level command You can enable the demilitarized zone via active command14.16.12 DMZ FirewallActive DoS Protection IPQoS Dhcp You can view the Dhcp configuration via list commandDefault DNS proxyHost name RJ-45 Network Ports Appendix a Cable Information10Mbps 100MbpsStraight and crossover cable configuration Straight-Through CablingCross-Over Cabling No connection Shdsl Line Connector Console CableRxD O TxDContact Information Appendix B Registration and Warranty InformationProduct Warranty