Netopia R7200 manual filtering rule, Parts of a filter, Port numbers

Page 157

Security 14-7

A filtering rule

The criteria are based on information contained in the packets. A filter is simply a rule that prescribes certain actions based on certain conditions. For example, the following rule qualifies as a filter:

Block all Telnet attempts that originate from the remote host 199.211.211.17.

This rule applies to Telnet packets that come from a host with the IP address 199.211.211.17. If a match occurs, the packet is blocked.

Here is what this rule looks like when implemented as a filter on the Netopia R7200:

+-#--

Source IP Addr--

Dest IP Addr-----

Proto-Src.Port-D.Port--

On?-Fwd-+

+--------------------------------------------------------------------

 

 

+

1

199.211.211.17

0.0.0.0

TCP 23

Yes No

+--------------------------------------------------------------------

 

 

+

To understand this particular filter, look at the parts of a filter.

Parts of a filter

A filter consists of criteria based on packet attributes. A typical filter can match a packet on any one of the following attributes:

The source IP address (where the packet was sent from)

The destination IP address (where the packet is going)

The type of higher-layer Internet protocol the packet is carrying, such as TCP or UDP

Port numbers

A filter can also match a packet’s port number attributes, but only if the filter’s protocol type is set to TCP or UDP, since only those protocols use port numbers. The filter can be configured to match the following:

The source port number (the port on the sending host that originated the packet)

The destination port number (the port on the receiving host that the packet is destined for)

By matching on a port number, a filter can be applied to selected TCP or UDP services, such as Telnet, FTP, and World Wide Web. The following tables show a few common services and their associated port numbers:

Internet service

TCP port

Internet service

TCP port

 

 

 

 

 

 

 

 

FTP

20/21

Finger

79

 

 

 

 

Telnet

23

World Wide Web

80

 

 

 

 

SMTP (mail)

25

News

144

 

 

 

 

Gopher

70

rlogin

513

 

 

 

 

Page 156 Page 158
Image 157
Page 156 Page 158
Contents Netopia R7200 Sdsl Router Part Number Contents Part II Advanced Configuration Contents Aurp Snmp Xmodem Part III Appendixes User’s Reference Guide Part I Getting Started User’s Reference Guide Chapter Introduction Features and capabilitiesOverview How to use this guide Finding an Internet service provider Chapter Setting Up Internet ServicesUnique requirements Setting up a Netopia R7200 account Obtaining an IP addressPricing and support Endorsements Deciding on an ISP accountLocal LAN IP address information to obtain Obtaining information from the ISPWith Network Address Translation Without Network Address TranslationUser’s Reference Guide Find a location Chapter Making the Physical ConnectionsWhat you need Identify the connectors and attach the cablesYour router on Netopia R7200 Sdsl Router back panel portsNetopia R7200 LED front panel Netopia R7200 Sdsl Router status lightsReadying computers on your local network Chapter Connecting to Your Local Area NetworkUser’s Reference Guide Connecting to an Ethernet network 10Base-T Adding an external modem Connecting to a LocalTalk network Chapter Setting up your Router with the SmartStart Wizard Before running SmartStart SmartStart Wizard configuration screens Setting up your Router with the SmartStart WizardEasy option Advanced setupAdvanced option Configuration screen on Configuration tab Dynamic configuration recommendedStatic configuration optional Add. Repeat this process for the secondary DNS TCP/IP Configuring TCP/IP on Macintosh computersTCP/IP or MacTCP Dynamic configuration using MacIP optional Setting up your Router with the SmartStart Wizard User’s Reference Guide Chapter Console-Based Management Connecting through a Telnet session Configuring Telnet software Connecting a console cable to your routerPC ANSI-BBS Navigating through the console screensEasy Setup console screens Chapter Easy SetupAccessing the Easy Setup console screens See Appendix A, Troubleshooting, for more suggestions Quick Easy Setup connection path Main Menu appears Sdsl Line ConfigurationPrevious Screen Next Screen Easy Setup ProfileIP Easy Setup Easy Setup Security Configuration Previous Screen To Main Menu Part II Advanced Configuration User’s Reference Guide WAN configuration Chapter WAN and System ConfigurationATM VPI ATM VCI Creating a new Connection Profile IPX Profile Parameters Remote IPX Network Datalink PPP/MP Options Data Compression Default profile Main Menu Default Profile screen appears IP parameters default profile screen System configuration screens IPX parameters default profile screenNavigating through the system configuration screens System configuration features Filter sets firewalls Network protocols setupIP address serving Date and timeConsole configuration Snmp Simple Network Management Protocol Upgrade feature setSecurity LoggingInstalling the Syslog client User’s Reference Guide Chapter Line Backup Backup Configuration screen appears Atdt Backup Configuration screenIP Setup screen Connection Profiles Using Scheduled Connections with BackupScheduled Connections screen appears Management/Statistics Force Recovery Event Logs QuickViewSnmp Support User’s Reference Guide Network Address Translation features Chapter IP Setup and Network Address TranslationHOW NAT Works Previous Screen Using Network Address TranslationV2 multicast Numbered Sdsl WAN1 Associating port numbers with nodesAdvanced IP/IPX router configuration options Data Link Options IP Setup and Network Address Translation Network Address Translation guidelines IP setup User’s Reference Guide Select Add Export. The Add Exported Service screen appears Select Service. a pop-up menu of services and ports appears IP subnets User’s Reference Guide Static routes Viewing static routes Static Routes screen will appearAdding a static route Modifying a static route Rules of static route installationDeleting a static route Main Menu System Configuration IP Address Serving 176.163.222.10 Dhcp NetBios Options Serve Bootp Clients IP Address Pools IP Setup and Network Address Translation Dhcp NetBIOS Options NetBios Type MacIP KIP forwarding setup You have finished your IP setup User’s Reference Guide IPX features Chapter IPX SetupIPX definitions Internetwork Packet Exchange IPXIPX address Service Advertising Protocol SAPSocket Routing Information Protocol RIPIPX setup screen NetBIOSIPX spoofing Default Gateway Address IPX routing tables User’s Reference Guide AppleTalk networks Chapter AppleTalk SetupAppleTalk protocol AT Routing Table Routers and seeding MacIPInstalling AppleTalk Upgrade Feature Set Configuring AppleTalk EtherTalk setupLocalTalk setup Viewing Aurp partners Aurp setupAurp Free Trade Zone Modifying an Aurp partner Adding an Aurp partnerReceiving Aurp connections Deleting an Aurp partnerConfiguring Aurp Options Aurp Options Tickle Interval Hhmmss User’s Reference Guide Quick View status overview Chapter Monitoring ToolsGeneral status Status lights Current statusGeneral Statistics Statistics & LogsPhysical Interface Event historiesNetwork Interface WAN Event History Device Event History Routing tablesIP routing table IPX Sap Bindery table IPX routing tableAppleTalk routing table Served IP Addresses IP Address Lease Management screen appears Snmp System InformationCommunity strings Snmp Setup screenSnmp traps Viewing IP trap receivers Setting the IP trap receiversModifying IP trap receivers Deleting IP trap receiversWeb-based management pages Event History pages WAN Event History Device Event History User’s Reference Guide Suggested security measures Chapter SecurityUser accounts Protecting the configuration screens Protecting the Security Options screenDial-in console access Telnet access Enable SmartStart/SmartView/Web serverAbout filters and filter sets What’s a filter and what’s a filter set?Filter priority How filter sets workHow individual filters work Parts of a filter filtering rulePort numbers Other filter attributes Port number comparisonsUDP Putting the parts togetherFiltering example #2 Filtering example #1Disadvantages of filters Design guidelinesWorking with IP filters and filter sets An approach to using filtersNaming a new filter set Adding a filter setAdding filters to a filter set Input and output filters-source and destinationADD this Filter NOW Cancel Viewing filters Viewing filter setsModifying filters Deleting filtersDeleting a filter set Modifying filter setsSample IP filter set TCP Icmp UDP Possible modifications User’s Reference Guide IPX filters Viewing and modifying packet filters IPX packet filtersAdding a packet filter Deleting a packet filter IPX packet filter setsViewing and modifying packet filter sets Adding a packet filter setNo Match Deleting a packet filter set IPX SAP filtersViewing and modifying SAP filters Deleting a SAP filter Adding a SAP filterViewing and modifying SAP filter sets IPX SAP filter setsAdding a SAP filter set Deleting a SAP filter set Basic IP packet components Firewall tutorial General firewall termsBasic protocol types Example TCP/UDP Ports Firewall design rulesFirewall Logic Logical and function Binary representationEstablished connections Implied rulesExample IP filter set screen Example network Filter basicsExample Example filtersExample Example Chapter Utilities and Diagnostics Ping Receive return Ping packet Stop Ping Trace RouteTelnet client Disconnect Telnet console session Factory defaultsUpdating firmware Transferring configuration and firmware files with TftpDownloading configuration files Transferring configuration and firmware files with Xmodem Uploading configuration filesIdle Do you want to send a saved configuration to your Netopia? Restarting the system Part III Appendixes User’s Reference Guide Configuration problems Appendix a TroubleshootingNetwork problems Console connection problemsPower outages How to reset the router to factory defaultsTechnical support How to reach usBefore contacting Netopia Environment profileFAX-Back Online product informationUser’s Reference Guide Appendix B Understanding IP Addressing What is IP?About IP addressing Subnets and subnet masks Subnet masks Example Using subnets on a Class C IP internetISP Network Network configurationDistributing IP addresses Example Working with a Class C subnetBackground Technical note on subnet masking Configuration Netopia R7200 Dhcp server characteristicsDhcp address serving Manually distributing IP addresses Using address servingMacIP serving Serve dynamic WAN clientsUnderstanding IP Addressing B-9 Tips and rules for distributing IP addressesDhcp example Internet Nested IP subnets0.0 C.1 WAN 3719 Packet header types BroadcastsUser’s Reference Guide Network configuration Appendix C Understanding Netopia NAT BehaviorBackground User’s Reference Guide Understanding Netopia NAT Behavior C-3 Netopia Router WWW Server ISP Router LAN Understanding Netopia NAT Behavior C-5 Exported servicesImportant notes Understanding Netopia NAT Behavior C-7 Summary Appendix D Binary Conversion Table Decimal Binary Appendix E Further Reading User’s Reference Guide Further Reading E-3 User’s Reference Guide Pinouts for Auxiliary port modem cable Appendix F Technical Specifications and Safety InformationDescription Power requirementsEnvironment Software and protocols Regulatory notices Agency approvalsNorth America InternationalDeclaration for Canadian users Important safety instructionsBattery Telecommunication installation cautionsAppendix G About Sdsl User’s Reference Guide Glossary User’s Reference Guide Glossary User’s Reference Guide Remapping See network number remapping User’s Reference Guide Glossary User’s Reference Guide Numerics IndexIndex-2 Index-3 Index-4 Index-5 Index-6 Limited Warranty and Limitation of Remedies User’s Reference Guide
Top Page Image Contents