DMZ Firewall Solution for the Express Router
Filter Function
2Allows FTP (only passive connections) from secure LAN to the FTP proxy server on the DMZ (see note 1).
Two filters are required.
3
4Allows incoming mail (SMTP) from DMZ to the secure LAN.
5Allows outgoing mail (SMTP) from secure LAN to the DMZ.
6Allows incoming News (NNTP) from the DMZ to the secure LAN (see note 2).
7Allows outgoing News (NNTP) to DMZ from secure LAN.
Settings
Src. port: | = 80 |
Action: | Pass |
Protocol: | TCP |
TCP flags: | ACK |
Dest. address type: | All |
Dest port: | >1023 |
Src. address type: | Host |
Src. address: | 193.84.251.2 |
Src. port: | = 21 |
Action: | Pass |
Protocol: | TCP |
TCP flags: | ACK |
Dest. address type: | All |
Dest. port: | > 1023 |
Src. address type: | Host |
Src. address: | 193.84.251.2 |
Src. port: | > 1023 |
Action: | Pass |
Protocol: | TCP |
TCP flags: | All |
Dest. address type: | Host |
Dest. address: | 10.1.0.1 |
Dest. port: | 25 |
Src. address type: | Host |
Src. address: | 193.84.251.3 |
Src. port: | > 1023 |
Action: | Pass |
Protocol: | TCP |
TCP flags: | ACK |
Dest. address type: | Host |
Dest. address: | 10.1.0.1 |
Dest. port: | > 1023 |
Src. address type: | Host |
Src. address: | 193.84.251.3 |
Src. port: | 25 |
Action: | Pass |
Protocol: | TCP |
TCP flags: | All |
Dest. address type: | Host |
Dest. address: | 10.1.0.2 |
Dest. port: | 119 |
Src. address type: | Host |
Src. address: | 193.84.251.4 |
Src. port: | > 1023 |
Action: | Pass |
Protocol: | TCP |
TCP flags: | ACK |
Dest. address type: | Host |
Dest. address: | 10.1.0.2 |
Version 1.0 | 20 |