DI-304/DI-304M ISDN Remote Router

from accessing the Internet. Additionally, it can filter out specific packets to trigger the router to place an outgoing connection.

An Overview of the Firewall

The IP Filter/Firewall includes two types of filter: Call Filter and Data Filter. The former is designed to block or allow IP packets that will trigger the router to establish an outgoing connection. The latter is designed to block or allow which kind of IP packets are allowed to pass through the router when the WAN connection has been established. It works like this: when an outgoing packet is routed to the WAN, the IP Filter will decide if the packet should be forwarded to the Call Filter or Data Filter. If the WAN connection has not been established, the packet will enter the Call Filter. If the packet is not allowed to trigger router dialing, it will be dropped. Otherwise, it will initiate a call to establish the WAN connection.

If the WAN connection of the router has been established, the packet will pass through the Data Filter. Packets match the block rule will be dropped and the contrary will be sent to the WAN interface. Alternatively, if an incoming packet enters from the WAN interface, it will pass through the Data Filter directly. If the packets match the block rule, it will be dropped. Otherwise, it will be sent to the internal LAN. The filter architecture is shown as below.

The Following sections will explain more about IP Filter/Firewall Setup using Web Configurator. The Filter has 12 filter sets with 7 filter rules for each set. There are a total of 84 filter rules for the IP Filter/Firewall Setup. By default, the Call Filter rules are defined in filter set 1 and the Data Filter rules are defined in filter set 2.

59

Page 67
Image 67
D-Link DI-304M manual An Overview of the Firewall