DMZ Firewall Solution for the Express Router
Filter Function
8Sends all packets generated by the router to the internal LAN (LAN1).
Settings
Dest. port: | > 1023 |
Src. address type: | Host |
Src. address: | 193.84.251.4 |
Src. port: | 119 |
Action: | Pass |
Protocol: | TCP |
TCP flags: | All |
Dest. address type: | All |
Dest. port: | All |
Src. address type: | Host |
Src. address: | <LAN1 IP address> |
Src. port: | All |
Note 1: Some proxy servers, such as Microsoft Proxy* 2.0, do not support FTP proxy using the FTP protocol. For uploading and downloading using a special FTP program, such as WS_FTP*, an additional FTP proxy on DMZ is required. This proxy server normally runs on port 21, and it has to support passive FTP. If downloading from an Internet browser is sufficient, the two filters are not required.
Note 2: The filter is not required when using a News proxy server on DMZ.
4.4.2 LAN2 Filters
4.4.2.1 Receive (Rx) Filters on LAN2
Configure these receive filters for the LAN2 port, shown as they appear in Advanced Setup.
⋅
Filters are defined as follows:
Filter | Function | Settings |
|
— | Pass all packets destined for DMZ | Default Action: | Pass |
1 | Prevents RIP updates from entering the | Action: | Discard |
| DMZ network | Protocol: | UDP |
|
| Dest. address type: | All |
|
| Dest port: | RIP |
Version 1.0 | 21 |