1st filter, 2nd filter | Eicon Networks DIVA LAN ISDN specs

Chapter Nine: Advanced Installations	IP filters 133

When done, the filter stack should look like this:

Allowing incoming traffic only from a specific network

This example shows how to allow the DIVA LAN ISDN Modem to only receive incoming data from a specific network (112.111.212.0) on the Internet. Data from all other networks is dropped. However, outgoing traffic is not affected.

This requires defining two filters. Since these filters are applied against data from the Internet, they are defined for the ISP profile.

1st filter

Define the 1st filter to forward only incoming traffic from 112.111.212.0. Place this filter in the third position in the stack.

2nd filter

Define the 2nd filter to forward all outgoing traffic. The easiest way to do this is to edit the existing filter that is set to “Forward all datagrams being sent from anywhere that contain any protocol.” Change it to “Forward outgoing datagrams being sent from anywhere that contain any protocol.”

Image 133

Eicon Networks DIVA LAN ISDN manual Allowing incoming traffic only from a specific network, 1st filter, 2nd filter

Contents

Diva LAN Isdn Modem User’s Guide First Edition August 206-312-01 Table of Contents Chapter Four Chapter ThreeChapter Five Chapter Seven Chapter SixChapter Eight Chapter Ten Chapter Nine Appendix B Appendix aAppendix C Appendix D Introduction Introducing the Diva LAN Isdn Modem Connecting to the InternetCreating your own LAN for resource sharing Diva LAN Isdn Modem Creating a VPN Connecting to a corporate networkAttaching telephones and fax machines Total network security Connecting more computersCompression for faster throughput Unsupported configurations Advanced diagnosticsBandwidth on-demand Advanced Isdn tariff management Summary of features Administration Contacting customer servicesWorld wide web Getting Started Installation overview Verify your package contents Prepare for installationVerify the configuration of your computers To configure the Diva LAN Isdn Modem To use the advanced configuration optionsTo run the Modem Monitor software Choose a connection protocol Isdn access interfacesImportant Isdn concepts Isdn channel usage PPP Choosing a connection protocolMultilink PPP Multilink PPP + Bacp Multilink PPP + AO/DI Summary120 Order an Isdn Line Information to record when ordering your line Gather X.25 information Gather Internet account informationGather V.120 information Scripting To install the Diva LAN Isdn Modem Install the Diva LAN Isdn Modem Chapter Two Getting Started Install the Diva LAN Isdn Modem To install Modem Monitor Install Modem Monitor Windows 95/98/NT4Page Page Connecting a non-Windows computer to the Diva LAN Isdn Modem Page To configure the Internet connection Configuring the Internet connectionPage Fill in the fields as indicated below Page Page How long will the line stay connected? Using your Diva LAN Isdn ModemRegistering your Diva LAN Isdn Modem What’s next? Using Modem Monitor Start menu program group Starting Modem Monitor Start menu options Buttons Properties dialog box Utilities dialog box Options dialog box Profile table Status ViewerUtilities Web-based Configuration Interface To start the web-based configuration interface Starting the web-based configuration interface Getting help Saving configuration settings General settings General settings and connection profilesConnection profile settings Connection profile types To edit the ISP profile Editing the ISP profilePage To edit the LAN profile Editing LAN settings To save/restore configuration settings Saving and restoring configuration files System status Viewing status informationFront panel display Obtaining statistics Upgrading the Diva LAN Isdn Modem firmware To upgrade the firmware To reset the Diva LAN Isdn Modem to factory defaults Resetting to factory defaults Minimizing Isdn Charges To define Cost Control settings Idle timerTo set the idle timer Cost Control Isdn billing intervals Data call thresholds To configure Bacp Configuring Bacp Chapter Five Minimizing Isdn Charges Configuring Bacp Configuring AO/DI To configure AO/DI On the D-channel To configure X.25 settings Chapter Five Minimizing Isdn Charges Configuring AO/DI To set Isdn active intervals Setting Isdn active intervals To enable spoofing of NetBIOS services Spoofing NetBIOS services Data compression Manual dialing To enable manual dialing To restrict analog calls Restricting analog calls Data over voice To enable data over voice Traffic filtering Security Configuration interfaces Security features To set the system password System passwordTo erase the system password Automatic log out Security benefits Network address translationNAT static mappings How it works Configuring a NAT static mapping for a web server Default NAT serverConfiguring a NAT mapping for an FTP server Running a web or FTP server To create a static NAT mapping Internet Remote management To enable remote management Incoming calls and IP addressing Incoming data calls Enable Answer incoming data calls To enable support for incoming data calls Click Authentication Call screening To set up call screening To set up call authentication Call authentication Callback modes CallbackCallback options Timeout waiting for callback Delay before host calls backTo set up callback Enable Manual dialing only Custom security features Setting up the Phone Ports Setting phone numbers manually Connecting multiple analog devices Connecting modems and fax machinesTo enable support for fax/modem Call bumping To enable call bumpingHow it works Requirements Restricting analog calls To enable supplementary services Supplementary servicesCall Forwarding Call Waiting Service Failure ToneVoiceMail Caller ID Call Transfer Feature Key values Connecting to a Corporate Network Resources Overview Gather information To configure the Corporate profile Configure the Corporate profilePage Page Page NetBIOS name resolution Using the corporate connectionTimeouts Support for Microsoft Network Neighborhood What’s next? Advanced Installations Connection retries To define retry settings To define a backup profile and set the profile restore delay Using Modem Monitor Installing on an existing LANManual installation Uncheck the Dhcp server enabled option If your LAN uses static addressing Adjusting configuration settings on the LANIf your LAN has a Dhcp server If your LAN has a router Third-party Ethernet Hub Connecting more than four computers To create a VPN Creating a virtual private network Connecting to the VPN Page Concurrent Internet and Intranet connections Installation and configuration procedureSelecting a connections protocol Defining routes IP routes Using masksAbout IP addresses Static vs. dynamic addresses External addresses 192.168.1.1 ISP Internet Why routes are neededSingle connection 212.182.22.39 Multiple connections Internet 212.182.22.39 Routing on the local LAN Defining routes for the Diva LAN Isdn Modem Routing Information Protocol RIP Chapter Nine Advanced Installations IP routes How filtering works IP filters What is a datagram? Default filtersTo define a filter Chapter Nine Advanced Installations IP filters Direction ActionSource/Destination Location Dropping incoming traffic from a specific network IP filtering examples 1st filter Allowing incoming traffic only from a specific network2nd filter Blocking web surfing Chapter Nine Advanced Installations Making a V.120 connection To configure the V.120 protocolPage To uninstall the Eicon SecurID Client software To install the Eicon SecurID Client softwareSecurID support To enable SecurID support Other Configuration Tools Local configuration Configuration optionsRemote configuration Remote access Local accessWeb interface Prerequisites Using the command line interface CLI Using Web interfaceTftp interface Enabling Tftp server support Loading new firmware via Tftp Uploading/downloading configuration files Dtmf interface Commands Establishing a Telnet connection via IP Command line interface CLIEstablishing a serial connection To establish a serial connection Using the command line interface Default profiles About configuration contextCommand line reference Connection profiles To load the new firmware TCP/IP Configuration Installing TCP/IP Installing and configuring TCP/IP for Windows 95/98Configuring TCP/IP Select Use Dhcp for Wins Resolution Page Installing TCP/IP Installing TCP/IP for Windows NTConfiguring TCP/IP Configuring TCP/IP on an iMac Technical Information B1, B2 Diva LAN Isdn Modem indicator lightsLink Power FaultE1, E2, E3, E4 Port Description Diva LAN Isdn Modem connectors Resetting operational settings Resetting the Diva LAN Isdn ModemResetting to factory defaults To reset Termination Installing the resistorDetermining termination requirements Single Isdn device Command Line Reference Section uses the following conventions Notational Conventions For information on See Commands Disable Aodi Areacode Enable Aodi AreacodeSET Aodi Txbuffer bytes SET Callback Timeout seconds SET Callback Mode type option number1 number2SET Callback Delay seconds Show Callback Configuration Disable Isdn Screening Enable Isdn ScreeningADD Isdn Screening channel number Delete Isdn Screening channel index Call thresholds Enable Isdn Threshold Disable Isdn ThresholdSET Isdn Threshold intervalDays maxHours maxCalls Show Dhcp Status SET Dhcp Type Server None Stop Dhcp Trace Show Dhcp Configuration Delete Dhcp Staticmap ip Enable Dhcp Staticmap ip Disable Dhcp Staticmap ipShow Dhcp Staticmap Show DNS Configuration Enable DNS Relay Disable DNS RelaySET DNS Domain domain SET DNS Address Primary Secondary dnsaddr Show Ethernet Statistics EthernetShow Ethernet Address Show Ethernet Trace memsize framesize General Validate Enable Display Disable DisplayShow Date Show Time Show System Status Show LED StatusShow Version Show Calls Status Active Last SET Action Drop Forward Enable Filter Disable FilterSET Direction in OUT ANY Show IP Filter SET Type ALL UDP TCP SYN Anyicmp SET IP NAT UDP TCP Default port address Enable IP NAT Disable IP NATShow IP NAT ADD IP NAT UDP TCP port ipaddress ADD IP Route Ipaddr maskLenmetric gwAddr IP routingDelete IP Route Ipaddr SET IP Route Ipaddr maskLen gwAddr Show Icmp Statistics IP variousShow IP Address Show IP Statistics SET IP Services ALL Intelligent Minimal None Show IP ConfigurationEnable IP Spoofing Disable IP Spoofing Enable IP Multicast Disable IP Multicast Enable Isdn Answer Disable Isdn Answer Enable Isdn Teisharing Disable Isdn Teisharing SET Isdn Switch Jate Euro BT TPH China Singapore SET Isdn Switch NI1 5ESS Auto 5ESSPPDetect Isdn Spid Show Isdn Configuration Disable Isdn DELAY56KSET Isdn Calltype Auto 56K DOV Show Isdn Statistics Show Isdn Accesstime Isdn Access TimeEnable Isdn Accesstime Disable Isdn Accesstime Stop Lapd Trace Show Lapd Trace memsize framesize Logging and Mail Trace Disable LOG Output Screen RemoteSET LOG Filter Trace Debug Info Security Warning Stop Mail Trace SET Mlppp Linkdown threshold delay channel SET Mlppp Linkup threshold delay channelSET Mlppp Mode Disable Normal Bacp Aodi Show Mlppp Configuration Enable Phone Callbumping Disable Phone Callbumping Enable Phone Altring channel Disable Phone Altring channelEnable Phone Callerid Disable Phone Callerid Phone Enable Phone Voicemail channel Silent SET Phone Msgindicator refreshDisable Phone Voicemail channel SET Phone Capability channel Speech Data SET Phone Country country Show Phone ConfigurationShow Phone Country Enable PPP Compression Disable PPP Compression Enable PPP Authent Disable PPP AuthentEnable PPP Secureid Disable PPP Secureid SET PPP Authent Encrypted ANY Show PPP Configuration Enable PPP Echorequest Disable PPP Echorequest Show PPP Status Show PPP StatisticsShow PPP Trace portmask memsize framesize Stop PPP Trace port Profiles Show Q931 Trace memsize framesize 931Stop Q931 Trace Disable RIP Merge Enable RIP V1 V2 V2COMPATIBLE MergeShow RIP Configuration Show RIP Statistics Show RIP Reject Delete RIP Reject ipaddr SET Snmp Description name SET Snmp Name nameSET Snmp Contact name SET Snmp Location name Show TCP Trace memsize framesize Show TCP StatisticsStop TCP Trace Tftp Enable Tftp Server Disable Tftp Server Show Timeprotocol Configuration Enable Timeprotocol Disable TimeprotocolTime Protocol SET Timeprotocol Server timeServer Show UDP Trace memsize framesize Show UDP StatisticsStop UDP Trace SET V120 Mode Multiframe Unacknowledged Enable Disable120 Show V120 Configuration SET V120 Idletime IdleDelayShow V120 Trace memsize framesize Stop V120 Trace Scripting ADD Script Line index command argumentDelete Script Line index Show Script index SET X25 CUD callUserData SET X25 Address localX25addrSET X25 Facilities hexstring SET X25 LCN lcnNumber Show X25 Status Show X25 ConfigurationStop X25 Trace Regulatory Information 212 Regulatory Information for the U.S.AFCC Part 68 Notice 213 Regulatory Information for Canada