DMZ Firewall Solution for the Express Router

Filter

2

3

4

5

6

7

8

Function

Allows FTP (both active and passive) from the Internet to the HTTP/FTP server on the DMZ.

Three filters are required.

Allows external ping to HTTP/FTP server on the DMZ.

Allows external HTTP from HTTP/FTP proxy on the DMZ.

Allows external FTP from HTTP/FTP proxy server on the DMZ (see note 1).

Two filters are required.

Settings

Src. port:

> 1023

Action:

Pass

Protocol:

TCP

TCP flags:

All

Dest. address type:

Host

Dest. address:

193.84.251.1

dest port:

= 21

Src. address type:

All

Src. port:

> 1023

Action:

Pass

Protocol:

TCP

TCP flags:

ACK

Dest. address type:

Host

Dest. address:

193.84.251.1

dest port:

= 20

Src. address type:

All

Src. port:

> 1023

Action:

Pass

Protocol:

TCP

TCP flags:

All

Dest. address type:

Host

Dest. address:

193.84.251.1

dest port:

>1023

Src. address type:

All

Src. port:

>1023

Action:

Pass

Protocol:

ICMP

Dest. address type:

Host

Dest. address:

193.84.251.1

Src. address type:

All

Action:

Pass

Protocol:

TCP

TCP flags:

ACK

Dest. address type:

Host

Dest. address:

193.84.251.2

Dest. port

> 1023

Src. address type:

All

Src. port:

= 80

Action:

Pass

Protocol:

TCP

TCP flags:

ACK

Dest. address type:

Host

Dest. address:

193.84.251.2

Dest. port

> 1023

Src. address type:

All

Src. port:

> 1023

Action:

Pass

Protocol:

TCP

TCP flags:

ACK

07-12-99

Version 1.0

25

Page 26
Image 26
Intel 9535, 9515, 9525 manual Src. port 1023 Action Pass Protocol