DMZ Firewall Solution for the Express Router
Filter
2
3
4
5
6
7
8
Function
Allows FTP (both active and passive) from the Internet to the HTTP/FTP server on the DMZ.
Three filters are required.
Allows external ping to HTTP/FTP server on the DMZ.
Allows external HTTP from HTTP/FTP proxy on the DMZ.
Allows external FTP from HTTP/FTP proxy server on the DMZ (see note 1).
Two filters are required.
Settings
Src. port: | > 1023 |
Action: | Pass |
Protocol: | TCP |
TCP flags: | All |
Dest. address type: | Host |
Dest. address: | 193.84.251.1 |
dest port: | = 21 |
Src. address type: | All |
Src. port: | > 1023 |
Action: | Pass |
Protocol: | TCP |
TCP flags: | ACK |
Dest. address type: | Host |
Dest. address: | 193.84.251.1 |
dest port: | = 20 |
Src. address type: | All |
Src. port: | > 1023 |
Action: | Pass |
Protocol: | TCP |
TCP flags: | All |
Dest. address type: | Host |
Dest. address: | 193.84.251.1 |
dest port: | >1023 |
Src. address type: | All |
Src. port: | >1023 |
Action: | Pass |
Protocol: | ICMP |
Dest. address type: | Host |
Dest. address: | 193.84.251.1 |
Src. address type: | All |
Action: | Pass |
Protocol: | TCP |
TCP flags: | ACK |
Dest. address type: | Host |
Dest. address: | 193.84.251.2 |
Dest. port | > 1023 |
Src. address type: | All |
Src. port: | = 80 |
Action: | Pass |
Protocol: | TCP |
TCP flags: | ACK |
Dest. address type: | Host |
Dest. address: | 193.84.251.2 |
Dest. port | > 1023 |
Src. address type: | All |
Src. port: | > 1023 |
Action: | Pass |
Protocol: | TCP |
TCP flags: | ACK |
Version 1.0 | 25 |