DMZ Firewall Solution for the Express Router
Filter Function
2Allows FTP (only passive connections) from secure LAN to the FTP proxy server on the DMZ (see note 1).
Two filters are required.
3
4Allows incoming mail (SMTP) from DMZ to secure LAN.
5Allows outgoing mail (SMTP) from secure LAN to DMZ.
6Allows incoming News (NNTP) from DMZ to secure LAN (see note 2).
7Allows outgoing News (NTTP) to DMZ from secure LAN.
Settings
Src. address: | 10.2.0.2 |
Src. port: | = 80 |
Action: | Pass |
Protocol: | TCP |
TCP flags: | ACK |
Dest. address type: | All |
Dest. port: | >1023 |
Src. address type: | Host |
Src. address: | 10.2.0.2 |
Src. port: | = 21 |
Action: | Pass |
Protocol: | TCP |
TCP flags: | ACK |
Dest. address type: | All |
Dest. port: | >1023 |
Src. address type: | Host |
Src. address: | 10.2.0.2 |
Src. port: | >1023 |
Action: | Pass |
Protocol: | TCP |
TCP flags: | All |
Dest. address type: | Host |
Dest. address: | 10.5.0.1 |
Dest. port: | = 25 |
Src. address type: | Host |
Src. address: | 10.2.0.3 |
Src. port: | > 1023 |
Action: | Pass |
Protocol: | TCP |
TCP flags: | ACK |
Dest. address type: | Host |
Dest. address: | 10.5.0.1 |
Dest. port: | > 1023 |
Src. address type: | Host |
Src. address: | 10.2.0.3 |
Src. port: | = 25 |
Action: | Pass |
Protocol: | TCP |
TCP flags: | All |
Dest. address type: | Host |
Dest. address: | 10.5.0.2 |
Dest. port: | = 119 |
Src. address type: | Host |
Src. address: | 10.2.0.4 |
Src. port: | > 1023 |
Action: | Pass |
Protocol: | TCP |
TCP flags: | ACK |
Dest. address type: | Host |
Version 1.0 | 9 |
