Echo EN55022 manual Appendix G IP Filter Examples, Source and Destination IP Address

Page 52

APPENDIX G IP FILTER EXAMPLES

If IP filtering is active then all packets received are checked against the filter table before processing by the Router. Packets are also compared to the IP Filter Table when the IP Filter is set to Bridge.

The IP Filter can have 32 lines or entries. An entry does not initially become active until the user exits the menu. Future amendments are acted upon immediately after entry.

It should be noted that the filter table is sequentially searched for any IP packet received until a match is found. A filter table with many entries can impose significant processor loading and a leads to increased latency.

The filter table is made up of three elements:

1.Source and destination IP address.

2.Protocol selection

3.Port or socket selection for TCP and UDP packets.

Each section supports a ‘wildcard’ for a match e.g. to pass only TCP packets you would wildcard the source and destination IP address and wildcard the port numbers.

Each line in the filter table can be configured to PASS or FAIL. By default this value is FAIL. Normal operation would put a number of entries in the filter table that would pass packets if a match occurs. It is possible to use the reverse and define each line so that a match results in failure. You could then enter a last line with wildcards in all three sections to pass.

G.1 Source and Destination IP Address

Each filter table entry consists of an IP address and a mask. The IP address in the packet is combined with the mask and compared with the entry in the table. If the result matches then processing continues along the line. If the result fails then the same operation is performed against the next line entry.

Masks are displayed in hexadecimal format for ease of bit identification. Values can be entered in the normal decimal dot notation or as a single hex number e.g. 255.128.0.0 or FF800000. Any value or order of bits can be entered as the mask. A mask of FFCF0040 is a valid mask.

Echo LANlink Router Option User Manual

Issue 1.0 04 December 1997 Page 52 of 59

Image 52

Contents Page 5SXLANlink Contents Issue 1.0 04 December 1997 Page 4 Glossary Introduction Linking two LANs togetherFunctional Overview Typical ApplicationsRestrictive Firewall Example USE and Configuration Router Configuration Supervisor Terminal RequirementsLogin Default terminal VT 100/220/320/420. OK y or n?Return Falco Sunview WYSE50SUN Supported Terminal TypesRouter Management Router Management Screen General Keyboard ConventionsEntering a Parameter Multiplexer Management Megabit E1 MultiplexerClearing the Configuration back to Factory Default System StatusRemote Alarm Main Link High BIT Error Rate8 D/I Remote Alarm Main Link Carrier LossRouter WAN Link Status Installation Opening the MultiplexerInstalling the Router Option Internal Link LK13Testing Data ConnectionsFront Panel LEDs LED LabelQuick Configuration IPX Configuration Receive IP RIPTransmit IP RIP IP BroadcastReceive IPX RIP Transmit IPX RIPReceive IPX SAP Transmit IPX SAPUnit Status Router Menu OptionsParameter Description Options Traffic Analysis IP Routing TableParameter Description IP ARP TableIPX RIP Table IPX NetworkNode HopsType IPX SAP TableSocket Network Loading Show Traffic DetailsRemote Management Name Server ConfigurationTelnet OUT Name to IP Cache Parameter Description Security Parameter Description OptionsUnit Configuration Snmp Setup Parameter DescriptionService Setup Ethernet Service Setup Parameter Description OptionsIP Broadcast OnesZeros IP FilterWAN Service Setup Parameter Description Options PPP Setup OtherMAC Filters WAN or Ethernet Filter SetupMenu Selection Description IP Filter WAN or Ethernet EditList Parameter Description LineIPX SAP Filter Menu WAN or Ethernet Network Address 32 bitsNode Address 48 bits From SKTALL To SKTIPX Header Filters MAC Node ADR EventsNovell KEEP-ALIVES PPP Events System EventsFlash Programming Timeout Flash Verify Error Installation of Equipment Appendix a WarningsThis Equipment Must be Earthed GroundedWarnung Mise en garde Cet équipement doit être relié a la terre Mise en garde Installation de léquipmentMise en garde Connexion dautres équipements Appendix B Approval Requirements Appendix C EMC Requirements Appendix D Rear Panel Layout Appendix E AUI Port 15-WAYD-TYPE Pinout Appendix F 10BASE-T RJ45 Port Pinout TPTX+Tptx TPRX+Appendix G IP Filter Examples Source and Destination IP AddressProtocol Selection ExamplesSource and Destination Ports Issue 1.0 04 December 1997 Page 54 Appendix H IP Subnets Appendix I Router Maintenance Menu KermitCTRL-A CTRL-BDownload New Firmware using Tftp Download New Firmware using TCP loaderRestore Configuration using Tftp Set Default Gateway Reset PasswordBoot File Using TCP Loader Set New IP AddressBoot File Using Tftp Loader Run Monitor