DMZ Firewall Solution for the Express Router

Filter Function

2Allows FTP (only passive connections) from secure LAN to the FTP proxy server on the DMZ (see note 1).

Two filters are required.

3

4Allows incoming mail (SMTP) from DMZ to the secure LAN.

5Allows outgoing mail (SMTP) from secure LAN to the DMZ.

6Allows incoming News (NNTP) from the DMZ to the secure LAN (see note 2).

7Allows outgoing News (NNTP) to DMZ from secure LAN.

Settings

Src. port:

= 80

Action:

Pass

Protocol:

TCP

TCP flags:

ACK

Dest. address type:

All

Dest port:

>1023

Src. address type:

Host

Src. address:

193.84.251.2

Src. port:

= 21

Action:

Pass

Protocol:

TCP

TCP flags:

ACK

Dest. address type:

All

Dest. port:

> 1023

Src. address type:

Host

Src. address:

193.84.251.2

Src. port:

> 1023

Action:

Pass

Protocol:

TCP

TCP flags:

All

Dest. address type:

Host

Dest. address:

10.1.0.1

Dest. port:

25

Src. address type:

Host

Src. address:

193.84.251.3

Src. port:

> 1023

Action:

Pass

Protocol:

TCP

TCP flags:

ACK

Dest. address type:

Host

Dest. address:

10.1.0.1

Dest. port:

> 1023

Src. address type:

Host

Src. address:

193.84.251.3

Src. port:

25

Action:

Pass

Protocol:

TCP

TCP flags:

All

Dest. address type:

Host

Dest. address:

10.1.0.2

Dest. port:

119

Src. address type:

Host

Src. address:

193.84.251.4

Src. port:

> 1023

Action:

Pass

Protocol:

TCP

TCP flags:

ACK

Dest. address type:

Host

Dest. address:

10.1.0.2

07-12-99

Version 1.0

20

Page 21
Image 21
Intel 9515, 9525, 9535 manual Src. port Action Pass Protocol