Manuals / Brands / Computer Equipment / Network Router / Asus / Computer Equipment / Network Router

Asus RX3141 9.1.3.2ACL Rule and Connection State Tracking, WARNING, 9.1.4Default ACL Rules, Default Self Access Rules, Default Inbound Access Rules

1 102

Download 102 pages, 1.88 Mb

Chapter 9. Configuring Firewall/NAT Settings

RX3141 User’s Manual

the packet is dropped; otherwise, the packet is either dropped or forwarded based on the action defined in the matched ACL rule.

9.1.3.2ACL Rule and Connection State Tracking

The stateful packet inspection engine in the firewall keeps track of the state, or progress, of a network connection. By storing information about each connection in a state table, RX3141 is able to quickly determine if a packet passing through the firewall belongs to an already established connection. If it does, it is passed through the firewall without going through ACL rule evaluation.

For example, an ACL rule allows outbound ICMP packet from 192.168.1.1 to 192.168.2.1. When 192.168.1.1 sends an ICMP echo request (i.e. a ping packet) to 192.168.2.1, 192.168.2.1 will respond with an ICMP echo reply to 192.168.1.1. In the RX3141, you don’t need to create another inbound ACL rule because stateful packet inspection engine tracks the connection state and allows the ICMP echo reply to pass through the firewall

9.1.4Default ACL Rules

The RX3141 supports three types of default access rules:

fInbound Access Rules: for controlling incoming access to your LAN.

fOutbound Access Rules: for controlling outbound access to external networks for hosts on your LAN.

fSelf-Access Rules: for controlling access to the RX3141 itself.

Default Inbound Access Rules

No default inbound access rule is configured. That is, all traffic from external hosts to the internal hosts is denied.

Default Outbound Access Rules

The default outbound access rule allows all the traffic originated from your LAN to be forwarded to the external network using NAT.

Default Self Access Rules

The default self access rules allow http, ping, DNS, DHCP access to the RX3141 router from the LAN.

	It is not necessary to remove the default ACL rule from the ACL
	rule table! It is better to create higher priority ACL rules to override
WARNING	the default rule.
WARNING

48

Contents

Page Table of Contents Quick Start Guide Using the Configuration Manager Router Connection Setup DHCP Server Configuration Configuring Static Routes Configuring DDNS Configuring Firewall/NAT Settings Virtual Sever and Special Application System Management 12IP Addresses, Network Masks, and Subnets Troubleshooting Index List of Figures Page List of Tables Page 1 Introduction 1.1Features 1.2System Requirements 1.3Using this Document 2 Getting to Know RX3141 2.1Parts List 2.2Hardware Features 2.3Software Features 2.3.2.1Stateful Packet Inspection 2.3.2.2Packet Filtering – ACL (Access Control List) 2.3.2.3Defense against DoS Attacks 2.4.1.1Application Level Gateway (ALG) 2.4.1.2Log 2.4Finding Your Way Around 2.4.2Rear Panel Figure 2.2. Rear Panel Connectors Table 2.3. Rear Panel Labels and LEDs Label LAN Ports 2.4.3 Bottom View Wall Mount Slots Magnets 2.5Placement Options Page 3 Quick Start Guide 3.1Part 1 — Connecting the Hardware 3.1.3Step 3. Attach the AC adapter Step 4. Power on RX3141, the ADSL or cable modem and power up your computers Internet Cable or ADSL Modem RX3141i 3.2Part 2 — Configuring Your Computers Protocol <Add Internet Protocol (TCP/IP) Network and Dial-up 3.2.5Windows® NT 4.0 workstations: Protocols <Yes Obtain an IP address from a DHCP server 3.2.6Assigning static IP addresses to your PCs 3.3Part 3 — Quick Configuration of the RX3141 Figure 3.3. System Status Page 3.3.2Testing Your Setup 3.3.3Default Router Settings Table 3.2. Default Settings Summary Option Default Setting Explanation/Instructions 4 Using the Configuration Manager 4.1Log into the Configuration Manager 4.2Functional Layout 4.2.2Commonly Used Buttons and Icons Table 4.1. Description of Commonly Used Buttons and Icons Button/Icon Function Trash 4.3Overview of System Configuration 5 Router Connection Setup 5.1LAN Configuration 5.1.3Configuring the LAN IP Address Figure 5.1. Router Connection Setup Configuration – LAN Configuration 5.2WAN Configuration 5.2.2PPPoE Figure 5.3. WAN – PPPoE Configuration 5.2.2.1WAN PPPoE Configuration Parameters 5.2.2.2Configuring PPPoE for WAN 5.2.2.3Configuring PPPoE Multi-sessionfor WAN Figure 5.5. WAN – PPPoE0 Settings Packets to PPPOE1 Session PPPOE1 Session Page 5.2.3PPPoE Unnumbered Figure 5.11. WAN – PPPoE Unnumbered Configuration 5.2.3.1WAN PPPoE Unnumbered Configuration Parameters 5.2.3.2Configuring PPPoE Unnumbered for WAN 5.2.4.1Configuring Dynamic IP for WAN 5.2.5.1WAN Static IP Configuration Parameters 5.2.5.2Configuring Static IP for WAN 6 DHCP Server Configuration 6.1DHCP (Dynamic Host Control Protocol) Figure 6.1. DHCP Server Configuration Page Table 6.1. DHCP Configuration Parameters Field IP Address Pool Begin/End FieldDescription WINS Server IP Address (optional) 6.1.4Viewing Current DHCP Address Assignments Current DHCP Lease Table Page 7 Configuring Static Routes 7.1Overview of IP Routes 7.2Static Route 7.2.2Adding Static Routes Figure 7.2. Static Route Configuration Static Route Destination IP Address 7.2.3Deleting Static Routes Figure 7.3. Sample Routing Table 7.2.4Viewing the Static Routing Table 8 Configuring DDNS 8.1DDNS Configuration Parameters 8.2Configuring HTTP DDNS Client Page 9 Configuring Firewall/NAT Settings 9.1Firewall Overview 9.1.3.1Priority Order of ACL Rule 9.1.3.2ACL Rule and Connection State Tracking 9.2Router Security Settings 9.2.2.1DoS Protection Configuration Parameters 9.2.2.2Configuring DoS Settings 9.3ACL Rule Configuration Parameters Destination IP destination network Source Port Destination Port ICMP (available only when protocol type is set to ICMP) 9.4Configuring Inbound ACL Rules Figure 9.3. Inbound ACL Configuration Example 9.4.2Figure 9.4. Sample Inbound ACL List TableModify Inbound ACL Rules 9.4.3Delete Inbound ACL Rules 9.5Configuring Outbound ACL Rules Figure 9.6. Outbound ACL Configuration Example Figure 9.7. Sample Outbound ACL List Table 9.5.2Modify Outbound ACL Rules 9.6Configuring Self-AccessACL Rules – (Router Setup Î Self-AccessACL) Figure 9.8. Self-AccessACL Configuration Page 9.6.1Add a Self-AccessRule Self Access ACL Example Figure 9.9. Self-AccessACL Configuration Example 9.7Firewall Log – (Router Setup Î Log) Figure 9.11 Sample Firewall Log 9.7.1Log Format System Security Log Example: Firewall Access Control Log Example: Jan 1 00:03:11 10 Virtual Sever and Special Application 10.1 NAT Overview 10.2 Configure Virtual Server Table 10.1. Virtual Server Configuration Parameters Redirect Port Range To IP Address Table 10.2. Port Numbers for Popular Applications Application Netmeeting or VOIP NEWS PC Anywhere POP3 Powwow Chat 9.4 Configuring Inbound ACL Rules Same as “To IP Address” Same as “Redirect Port Range” Application Name Outgoing (Trigger) Port Range Incoming Incoming Port Range Special Application 9.5 Configuring Outbound ACL Rules Figure 10.6. Special Application Example – Outbound ACL Rule Default Outbound ACL Rule Figure 10.7. Outbound ACL Rule Table 11 System Management 11.1 Login Password and System-WideSettings Router Setup Î Administration 11.2 Viewing System Information 11.3 Setup Date and Time 11.4 Reset to Factory Default Settings 11.5 Firmware Upgrade Figure 11.8. File Manager Figure 11.9. Firmware Upgrade Confirmation Figure 11.10. Firmware Upgrade Status Figure 11.11. Firmware Upgrade Count Down Timer 11.6 System Reboot 11.7 . System Configuration Management Enter desired filename Figure 11.17. System Configuration Backup Page – Save As Dialog Figure 11.18. System Configuration Backup Status 11.7.2 Restore System Configuration System Configuration Backup/Restore Backup/Restore Figure 11.19. System Configuration Restore Page Figure 11.20. System Configuration Restore Page – Choose File Dialog Figure 11.21. System Configuration Restore Status 12 IP Addresses, Network Masks, and Subnets 12.1 IP Addresses 12.2 Network classes 12.3 Subnet masks Page 13 Troubleshooting 13.1 Diagnosing Problem using IP Utilities Figure 13.1. Using the ping Utility 13.1.2 nslookup nslookup Figure 13.2. Using the nslookup Utility exit 14 Index