DMZ Firewall Solution for the Express Router

Filter

14

15

16

Function

Allows outgoing mail (SMTP) to any host on the Internet from the DMZ.

Allows incoming News (NNTP) from a specified external News server to the DMZ (see note 2).

Allows outgoing News (NNTP) to a specified external News server from the DMZ.

Settings

Action:

Pass

Protocol:

TCP

TCP flags:

ACK

Dest. address type:

Host

Dest. address:

193.84.251.3

Dest. port

> 1023

Src. address type:

All

Src. port:

= 25

Action:

Pass

Protocol:

TCP

TCP flags:

All

Dest. address type:

Host

Dest. address:

193.84.251.4

Dest. port:

= 119

Src. address type:

Host

Src. address:

196.24.5.8

Src. port:

> 1023

Action:

Pass

Protocol:

TCP

TCP flags:

ACK

Dest. address type:

Host

Dest. address:

193.84.251.4

Dest. port:

> 1023

Src. address type:

Host

Src. address:

196.24.5.8

Src. port:

= 119

Note 1: Only passive FTP connections are supported. The HTTP/FTP proxy must be configured to use a passive FTP connection.

Note 2: The filter is not required when using a News proxy server on DMZ.

4.4.3.2 Transmit (Tx) Filters on the Connection to the Internet

Set the default action to Pass. No individual filters are required.

07-12-99

Version 1.0

27

Page 28
Image 28
Intel 9525, 9515, 9535 manual Transmit Tx Filters on the Connection to the Internet