DMZ Firewall Solution for the Express Router
Filter
2
3
4
5
6
7
8
Function
Allows FTP (both active and passive) from the Internet to the HTTP/FTP server on the DMZ.
Three filters are required.
Allows external ping to HTTP/FTP server on the DMZ.
Allows external HTTP from HTTP/FTP proxy on the DMZ.
Allows external FTP from the HTTP/FTP proxy server on the DMZ (see note 1).
Two filters are required.
Settings
Action: | Pass |
Protocol: | TCP |
TCP flags: | All |
Dest. address type: | Host |
Dest. address: | 10.2.0.1 |
Dest. port: | = 21 |
Src. address type: | All |
Src. port: | > 1023 |
Action: | Pass |
Protocol: | TCP |
TCP flags: | ACK |
Dest. address type: | Host |
Dest. address: | 10.2.0.1 |
Dest. port: | = 20 |
Src. address type: | All |
Src. port: | > 1023 |
Action: | Pass |
Protocol: | TCP |
TCP flags: | All |
Dest. address type: | Host |
Dest. address: | 10.2.0.1 |
Dest. port: | >1023 |
Src. address type: | All |
Src. port: | >1023 |
Action: | Pass |
Protocol: | ICMP |
Dest. address type: | Host |
Dest. address: | 10.2.0.1 |
Src. address type: | All |
Action: | Pass |
Protocol: | TCP |
TCP flags: | ACK |
Dest. address type: | Host |
Dest. address: | 10.2.0.2 |
Dest. port | > 1023 |
Src. address type: | All |
Src. port: | = 80 |
Action: | Pass |
Protocol: | TCP |
TCP flags: | ACK |
Dest. address type: | Host |
Dest. address: | 10.2.0.2 |
Dest. port | > 1023 |
Src. address type: | All |
Src. port: | = 21 |
Action: | Pass |
Protocol: | TCP |
TCP flags: | ACK |
Dest. address type: | Host |
Version 1.0 | 14 |