Accept src-addr=xxx Accept dst-addr=yyy Deny | 3Com 812 specs

6-30CHAPTER 6: MANUAL SETUP

Field	Description

line #	Each rule must have a unique line number from 1-10 plus 999 for the DENY verb.
	You must arrange rules in increasing order.

Verb	This field can be one of the following:
	ACCEPT - Allow the packet access if the condition is met (use with DENY verb to
	indicate reject all other packets).
	REJECT - Do not allow the packet access if the condition is met.
	AND - Logically use the AND condition with condition of the next rule to
	determine if the packet is accepted or rejected. Both defined conditions must be
	met.

Keyword	The keywords for all protocol, descriptions, corresponding operators and values.

Operator	Describes the relationship between the keyword and its value. The operator field
	must be one of the following:
	= Equal
	!= Not equal
	> Greater than
	< Less than
	>= Greater or Equal
	<= Less or Equal
	=> Generic

value	Contains a entity that is appropriate for the keyword.

The OR operation can be implemented by successive rules. For example, to accept a packet if the source address is xxx, or the destination address is yyy, the following rules are used:

IP:

1ACCEPT src-addr=xxx;

2ACCEPT dst-addr=yyy;

999DENY;

(This will only accept packets from the specified address(es); all other packets will be rejected.)

The following table describes the keywords for each protocol section and their legal operators used in the rule syntax. Value ranges are also given where ddd is a decimal between 1 and 255, mask is a decimal between 1 and 32, and xx is a hex number:

Table 6-4Protocol Keywords

Protocol
Section	Keyword	Operators	Description and Value Range

IP	src-addr	=, !=	Source IP Address (ddd.ddd.ddd.ddd/mask)
	dst-addr	=, !=	Destination IP Address (ddd.ddd.ddd.ddd/mask)
	tcp-src-port	all	TCP source port (1 - 65535)
	tcp-dst-port	all	TCP destination port (1 - 65535)
	udp-src-port	all	UDP source port (1-65535)
	udp-dst-port	all	UDP destination port (1-65535)
	protocol	=, !=	IP protocol (UDP, TCP, ICMP)
	generic	=	Generic filter

IP-RIP	network	=, !=	IP network number (ddd.ddd.ddd.ddd/mask)

Image 68

3Com 812 manual Accept src-addr=xxx Accept dst-addr=yyy Deny

Contents

OfficeConnectTM Remote Adsl Router CLI User’s Guide Release Santa Clara, California Contents Quick VC Setup Dhcp IPX Source and Destination Network Filtering Using CLI Officeconnect Remote 812 Sample Configuration Delete B-10 Dial Hangup Paused Commands Resolve Input Counters Show interface interfacename settings Show ip counters Verify TCP SettingsInput Counters Page Page IBM-PC Compatible Computers Macintosh Computers Telnet ipaddress UNIX-Based ComputersFrom Windows 95, you can go to the DOS Window and run Values Add ip network is the commandParameters Stand for ip, iprouting, or ipsourcevalidation Names or StringsNetwork Address Formats Conventions 4CHAPTER 2 CLI Command Conventions and Terminology Configuration Methods Manual Setup Instructions Quick Setup CLI Quick Setup Script Password Protection Which portions of the network do you want to configure?Quick Setup Identification information Quick Setup Management Information Telnet information This completes the section on Snmp management configurationQuick Setup IP information IP setup is completed Quick Setup IPX information Sample Identification Information Quick Setup Bridge InformationThis section contains a sample of possible settings Management Information Telnet ManagementIP Information IP Mask Sample Output Display as Quick Setup Executes 8CHAPTER 4 Quick Setup CLI QuickVC Setup Script Starting QuickVC Setup OCR-DSL quickvc Network Service PPP IP configuration for VC name is now complete RFC1483 IPX Routing Network Service PPP IPX Routing Network Service RFCBridging Review Sample Output Display 6CHAPTER 5 Quick VC Setup Configuration Overview IPX Routing Bridging System Administration List vcs Show vc defaultRemote Site Management Disable vc Internet Set vc Internet sendpassword testpasswordEnable vc Internet Service Information To configure the profile for VBR To configure the profile for CBRSet vc vc name atm categoryofservice constant pcr cell rate IP Routing Enable ip forwarding Disable ip forwardingEnable ip RIP Disable ip RIP Show ip settings Show ip routing settings Delete ip network network name Addressselection negotiate Defaultrouteoption Disable EnableRemoteipaddress ip address/mask Ipsourcevalidation Disable Enable Metric metric Address Translation Set vc vc name natdefaultaddress ip address Privateport port Mode 12CHAPTER 6 Manual Setup Set dhcp mode relay Maxhops count enabled YES noShow dhcp server counters List dhcp server leases Monitoring the Dhcp Enable dns Disable dnsShow dns settings Set dns cachesize size Numberretries number timeout seconds Disable ipx network network name IPX RoutingList dns servers Delete dns server domain name Ipxaddress Ffffffff You can delete a disabled network using the commandDelete ipx network network name To add a Static IPX route over the LAN, use the command Node server node address Ipxnet server network address name service name Set ipx network network name Configure bridging for the remote site connection Bridging To see the current IP Forwarding status use the command Show ip settingsTo disable IP Forwarding use the command Show bridge settings Set bridge agingtime seconds Simultaneous Bridging Routing Administration SystemShow date Set time Add user name password password Set system name name location location contact contactList users Delete user name Exit cli Set command loginrequired yes Set command loginrequired noSet command idletimeout timeout Local or remote users can access Use of a forged IP source address to circumvent a firewallDiscards it Capabilities IPX IP-RIPIPX-SAP IPX-RIP Generic Filters Router CLI User’s GuideFilter File Components Line #filter Protocol Rules BR-ETH Accept src-addr=xxx Accept dst-addr=yyy Deny IP Source and Destination Network Filtering Using CLI IPX IP RIP Packet Filtering Using CLI IP Source and Destination Port Filtering Using CLIIP Protocol Filtering Using CLI IPX RIP Packet Filtering Using CLI IPX Source and Destination Network Filtering Using CLIIPX Source and Destination Host Filtering Using CLI IPX SAP Packet Filtering Using CLI Bridge / Generic Filtering Using CLIUsing CLI Creating Filter Files IP 1 Accept src-addr = Accept dst-addr = Deny CLI commands to use Unit’s Applying a Filter to an Filter List Using CLI Removing a Filter from an Interface Using CLIAdding Filters to VC/Remote Site Profile IPX-RIP IPX-SAP 40CHAPTER 6 Manual Setup Officeconnect Remote 812 Sample Configuration Set dhcp server start 192.168.200.1 end 192.168.200.40 mask Set dhcp mode server2APPENDIX a Officeconnect Remote 812 Sample Configuration Disable bridge spanningtree Add bridge network bridge Set vc Internet nat enable 4APPENDIX a Officeconnect Remote 812 Sample Configuration CLI Commands Add bridge network Enabled yes NetworknameAdd dns host IPaddress Add ip defaultroute Metric 2APPENDIX B CLI Command DescriptionSecondaryaddress ipaddress Vcname vcname Add framedroute vc name Iproute ipaddress Metric number Add ip network networkname Gateway gatewayaddr Metric hopcount 4APPENDIX B CLI Command Description Add ipx service servicenameType servicetype Below is a partial list of the IPX services available Ipxnet ipxaddress Metric hopcount Ticks ticknumberAdds an IPX route for the a user over the WAN Name Hops number 6APPENDIX B CLI Command Description Data string Closeactiveconnections True False Http 8APPENDIX B CLI Command Description Add snmp address IPaddress trapcommunity Name Add user name Enabled yes DefaultIpnameoraddr Parameters for all users Arp output outputfilename ipnameoraddr Delete Delete commands remove anything you previously added10APPENDIX B CLI Command Description Servicename Delete snmpCommunity name Trapcommunity Disable bridge network Disable bridgeDisable icmp Disable interface Connections will be closed when the server is disabled Disable snmpAuthentication traps Output outputfile 14APPENDIX B CLI Command Description Networks Hangup 16APPENDIX B CLI Command Description List Easyfilter.fil Normal 18APPENDIX B CLI Command Description Other Or list snmp TrapcommunitiesList syslog List tcp connections Outputfile exist More or CR Continue printing QuitMore or CR Set adsl reset Set command history numerical rangeResolve name IPhostname Sets console parameters for CLI commands Set dhcp relay server2 Address IPaddress Enabled YES noIdle timout minutes Localprompt string Prompt string YES no Set dns cachesize number CLI Commands B-25 26APPENDIX B CLI Command Description SENDDEFAULT/NOSENDDEFAULT D ACCEPTDEFAULT/NOACCEPTDefault D Flashupdate D/NOFLASHUPDATE 28APPENDIX B CLI Command Description Sets parameters for the specified IPX network Sets parameters for dynamic IPX networks Set network service adminnamePoolmembers number Set system Name name Location location Transmitauthenticationname nameOptions Set time time Modifies user parameters 32APPENDIX B CLI Command Description Specifies parameters for VCs ENABLED, Disabled MTU Sets ATM parameters for VCs Show Show commands display details about system entities34APPENDIX B CLI Command Description Fields Operational Mode either loss of signal or operationalDisplays the current status of the ADSL/ATM link Show bridge network name 36APPENDIX B CLI Command DescriptionAdsl Alcatel chipset firmware release version History Depth Current Prompt OCR-DSL Local Prompt OCR-DSL Counters Settings38APPENDIX B CLI Command Description Format Errors server said invalid request format Problems with Name Server internal server error 40APPENDIX B CLI Command Description Input Counters Counters Input Counters Show ip counters Displays system wide IP network statistics 42APPENDIX B CLI Command Description Show ipx counters Show ipx network networkname counters Total Packets Received sum of IPX packets received Displays information about RIP for IPX 44APPENDIX B CLI Command DescriptionShow ipx rip Vcname settings Show ipx sapDisplays information about SAP for IPX Dynamic Address Pool Begin starting IPX address Name settings 46APPENDIX B CLI Command DescriptionName counters Operational Status not opened or opened Settings for PPP Bundle 1 Compression Remote PPP entity. Default Enabled Entity, PAP is the default 48APPENDIX B CLI Command Description System Contact modify using set system System Name modify using set systemSystem Location modify using set system System Descriptor for example 50APPENDIX B CLI Command Description Total Output Datagrams sum of UDP datagrams sent Commands Help Lists the available commandsTelnet ipnameoraddr Telnet ipnameoraddr TCPport number Pressing control Recall the next command in the history list CLI ExitSetescape string Status Comments 54APPENDIX B CLI Command Description PAT Adsl ATM Ping DNS Overview Proxy Statistics Show dns counters Tftp LANRIP RIP SAP RoutingSAP PPP WANCLI Telnet Delete snmp trapcommunity B-11 WAN PPP 3Com Corporation Limited Warranty FCC Class B Statement