DMZ Firewall Solution for the Express Router
Filters are defined as follows:
Filter Function
—Prohibit users on the secure network access to the Internet
Settings
Default Action: | Discard |
1
2
3
4
Allows access to the HTTP /FTP proxy server on the DMZ.
Allows access to the SMTP server on the DMZ.
Allows access to News (proxy) server on the DMZ.
Allows access to the router from the private LAN.
Action: | Pass |
Protocol: | All |
Dest. address type: | Host |
Dest. address: | 10.2.0.2 |
Src. address type: | All |
Action: | Pass |
Protocol: | All |
Dest. address type: | Host |
Dest. address: | 10.2.0.3 |
Src. address type: | All |
Action: | Pass |
Protocol: | All |
Dest. address type: | Host |
Dest. address: | 10.2.0.4 |
Src. address type: | All |
Action: | Pass |
Protocol: | All |
Dest. port address: | Host |
Dest. address: | <LAN1 IP address> |
Scr. address type: | All |
3.3.1.2 Transmit (Tx) Filters on LAN1
Configure these transmit filters for the LAN1 port, shown as they appear in Advanced Setup.
Filters are defined as follows:
Filter Function
—Prohibit users on the secure network access to the Internet
1Allows HTTP and FTP (read only using HTTP) from secure LAN to HTTP/FTP proxy server on the DMZ.
Settings
Default Action: | Discard |
|
|
Action: | Pass |
Protocol: | TCP |
TCP flags: | ACK |
Dest. address type: | All |
Dest. port: | >1023 |
Src. address type: | Host |
Version 1.0 | 8 |
