Manuals / Motorola / Cell Phone / Cell Phone

Motorola 7000, 3352N, 3342, 2200 manual Putting the parts together, Filtering example #1, 167

Models: 2200 3342 3352N 3352 7000

1 368

Download 368 pages 62.68 Kb

Page 167

Putting the parts together

When you display a ﬁlter set, its ﬁlters are displayed as rows in a table:

The table’s columns correspond to each ﬁlter’s attributes:

•#: The ﬁlter’s priority in the set. Filter number 1, with the highest priority, is ﬁrst in the table.

•Fwd: Shows whether the ﬁlter forwards (Yes) a packet or discards (No) it when there’s a match.

•Src-IP:The packet source IP address to match.

•Src-Mask:The packet source subnet mask to match.

•Dst-IP:The packet destination IP address to match.

•Dst-Mask:The packet destination IP address to match.

•Protocol: The protocol to match. This can be entered as a number (see the table below) or as TCP or UDP if those protocols are used.

Protocol	Number to use	Full name


N/A	0	Ignores protocol type

ICMP	1	Internet Control Message Protocol

TCP	6	Transmission Control Protocol

UDP	17	User Datagram Protocol

•Src Port: The source port to match. This is the port on the sending host that originated the packet.

•Dst Port: The destination port to match. This is the port on the receiving host for which the packet is intended.

•NC: Indicates No Compare, where speciﬁed.

Filtering example #1

Returning to our ﬁltering rule example from above (see page 165), look at how a rule is translated into a ﬁl- ter. Start with the rule, then ﬁll in the ﬁlter’s attributes:

•The rule you want to implement as a ﬁlter is:

“Block all Telnet attempts that originate from the remote host 199.211.211.17.”

167

Image 167

Motorola 7000, 3352N, 3342, 2200 manual Putting the parts together, Filtering example #1, 167

Contents

Administrator’s Handbook Copyright Administrator’s HandbookPage Administrator’s Handbook Table of Contents Breadcrumb Trail Security Basic Troubleshooting Command Line Interface 223 Administrator’s Handbook Glossary Overview of Major Capabilities What’s New IntroductionAdministrator’s Handbook General About Motorola Netopia DocumentationIntended Audience Documentation ConventionsInternal Web Interface Command Line InterfaceWord About Example Screens OrganizationAdministrator’s Handbook Basic Mode Setup Power Supply Installation Important Safety InstructionsBewahren Sie diese Anweisungen auf Wichtige SicherheitshinweiseAchtung Microsoft Windows Setting up the Motorola Netopia GatewayPage Macintosh MacOS 8 or higher or Mac OS MiAVo Vdsl and Ethernet WAN models Quickstart Conﬁguring the Motorola Netopia GatewayYou can skip to Home Page Basic Mode on PPPoE Quickstart Set up the Motorola Netopia Pocket Gateway Page Motorola Netopia Gateway Status Indicator Lights Home Page Basic Mode Down Link Manage My Account Link Status Details Link Enable Remote Management Link Expert Mode Link Update Firmware Link Factory Reset Open the Web Connection Accessing the Expert Web InterfaceAdministrator’s Handbook Field Status and/or Description Home Page Expert ModeHome Page Information Summary InformationNAT VoIPLink Breadcrumb Trail ToolbarNavigating the Web Interface Button Restart RestartLink Alert Symbol Button Help HelpLink Quickstart ConﬁgureButton Conﬁgure Administrator’s Handbook Link LAN Administrator’s Handbook Page Administrator’s Handbook Wireless supported models Privacy Page Advanced About Closed System Mode Administrator’s Handbook WPA Version Allowed Multiple SSIDsExamples Administrator’s Handbook Page WiFi Multimedia Wireless MAC Authorization Administrator’s Handbook Use Radius Server Advanced Network Conﬁguration page appears PPP over Ethernet interface Link WANDHCP/PPPoE/PPPoA Autosensing RIP-1 compatibility, or RIP-2 with MD5 AdvancedEthernet WAN interface Page Other WAN Options AdvancedIP Gateway Available Encapsulation types WAN Ethernet and Vdsl GatewaysAdsl Gateways Administrator’s Handbook Page Sustained Cell Rate SCR Transmit Priority Comments ClassLink Advanced IP Static Route Entry page appears Link IP Static RoutesChanges link Link IP Static ARP Link Pinholes Tips for making Pinhole Entries GatewayPinhole Conﬁguration Procedure. Use the following steps Page Administrator’s Handbook FAQs for the IPMaps Feature Conﬁgure the IPMaps Feature192.168.1.2 IPMaps Block DiagramMotorola Netopia Gateway WAN Interface LAN Interface 192.168.1.1Link Default Server Internet Gateway Page Link Differentiated Services Page QoS Setting TOS Bit Value Behavior Link DNS Link Dhcp Server Link Radius Server Link Snmp Page 100 Link Igmp Internet Group Management ProtocolIgmp Version 3 supports 101 102 Link UPnP103 Link LAN Management104 Link Ethernet Bridge105 Conﬁguring for Bridge Mode106 107 Overview108 Ethernet Switching/Policy Setup109 Vlan Model Combining Bridging and Routing110 111 Vlan Port Conﬁguration screen appears112 113 114 115 116 Example117 118 119 Click the Save and Restart link120 Supported models only121 SIP Line Entry122 Call Features Settings123 124 Link System125 Link Syslog ParametersDSL Log Messages most common Administration Related Log MessagesLog Event Messages System Log Messages127 Access-related Log Messages128 129 Link Internal Servers130 Link Software Hosting131 List of Supported Games and Software132 Rename a UserPC133 Check the Enable Backup Gateway checkboxManual options 134 Automatic options135 136 Link Ethernet MAC Override137 Link Clear Options138 Link Time Zone139 SecurityButton Security 140 Link Passwords141 142 Conﬁguring for a BreakWater SettingLink Firewall Use a Motorola Netopia Firewall143 Tips for making your BreakWater Basic Firewall SelectionBasic Firewall Background 144 BreakWater Setting ClearSailing SilentRunning LANdLocked145 146 Link IPSec147 SafeHarbour IPSec VPN148 Conﬁguring a SafeHarbour VPNParameter Motorola Netopia Peer Gateway 149150 Be sure that you have SafeHarbour VPN enabled151 Parameter DescriptionsField Description Address/Value 152153 154 Stateful Inspection Firewall installation procedureLink Stateful Inspection 155 Exposed Addresses156 157 Open Ports in Default Stateful Inspection InstallationStateful Inspection Options Port Protocol Description LAN Private WAN Public InterfaceBasic protocol types Firewall TutorialGeneral ﬁrewall terms Basic IP packet components159 Example TCP/UDP Ports TCP Port ServiceFirewall design rules Firewall Logic160 Implied rulesExample ﬁlter set Example network Filter basicsExample ﬁlters What it means162 163 Link Packet FilterWhat’s a ﬁlter and what’s a ﬁlter set? 164 How ﬁlter sets workFilter priority Port numbers How individual ﬁlters workﬁltering rule Parts of a ﬁlter166 Port number comparisonsOther ﬁlter attributes 167 Putting the parts togetherFiltering example #1 168 169 Design guidelinesFiltering example #2 170 An approach to using ﬁlters171 Working with IP Filters and Filter SetsAdding a ﬁlter set 172 Adding ﬁlters to a ﬁlter set173 174 Enter the Source Mask for the source IP address175 Deleting a ﬁlter set176 Associating a Filter Set with an Interface177 Policy-based Routing using FiltersetsTOS ﬁeld matching 178 179 Using the Security Monitoring LogLink Security Log TCP 180181 Timestamp Background182 InstallButton Install 183 Link Install SoftwareRequired Files Background184 Install the Motorola Netopia ﬁrmware ImageMotorola Netopia ﬁrmware Image File Conﬁrm Motorola Netopia Firmware Image Files185 Verify the Motorola Netopia Firmware Release186 Procedure Install a New Feature Key File Link Install KeyUse Motorola Netopia Software Feature Keys Obtaining Software Feature Keys188 189 To check your installed features190 Link Install Certiﬁcate191 Administrator’s Handbook 192 193 Basic Troubleshooting194 Status Indicator LightsAction Ethernet195 Model 2241N only196 Ethernet 1, 2, 3197 Wireless198 199 Special patterns200 LAN 1, 2, 3201 Wireless Link202 DSL 1 & 2 ADSL2+Models only Ethernet 1, 2, 3 203 204 LED Function Summary MatrixLink Wireless UnlitActive TrafﬁcFactory Reset Switch 207 Advanced Troubleshooting208 HomeDevice Gateway 209210 Expert ModeButton Troubleshoot 211 Link System Status212 Link Ports Ethernet213 Link Ports DSL214 Link IP Interfaces215 Link DSL Circuit Conﬁguration216 Link System Log Entire217 Link Diagnostics218 Link Network Tools219 220 If Ping is not successful, possible causes are221 Administrator’s Handbook 222 223 Command Line Interface224 Overview225 Command Verbs Status and/or DescriptionKeywords Logging Using the CLI Help FacilitySaving Settings Starting and Ending a CLI Session227 About Shell CommandsShell Command Shortcuts Shell PromptCommon Commands Shell Commands229 License keyLoglevel level 230 NetstatNetstat -r QuitReset crash Reset arpReset atm Reset cdmodeReset wepkeys Reset security-logReset wan-users all ip-address Reset wanShow diffserv Show crashShow dhcp agent Show dhcp server leasesShow ip arp Show featuresShow etheroam ah Show group-mgmtShow ip state-insp Show ip ﬁrewallShow ip lan-discovery Show ip routes236 Show statusShow summary Show vlan237 View conﬁg Show wireless allShow wireless clients MACaddress Upload serveraddress ﬁlename conﬁrmWAN Commands Show ppp stats lcp ipcp About Config CommandsConfig Mode Prompt Navigating the Config Hierarchy241 Entering Commands in Config ModeGuidelines Config Commands Set ip ethernet a ipaddress242 Displaying Current Gateway SettingsStep Mode a CLI Conﬁguration Technique Validating Your ConﬁgurationRemote ATA Conﬁguration Commands Config CommandsSet ata proﬁle 0.. ata-proxy-port port Set ata proﬁle 0.. ata-user-password stringSet ata proﬁle 0.. ata-static-wan-gateway ipaddr Set ata proﬁle 0.. ata-proxy-server ipaddrDSL Commands Set atm vccn pppoe-sessions 1 Bridging SettingsSet atm vcc n vpi 0 Set atm vcc n vci 0Set bridge dhcp-ﬁlterset string Set bridge table-timeout 30Set bridge sys-bridge on off Set bridge concurrent-bridging-routing on offDhcp Settings Set dhcp gen-option option 1 Set dhcp range 2.. start-address ipaddressSet dhcp range 2.. end-address ipaddress Set dhcp gen-option name name250 Option Data Format Data Size Can Bytes Conﬁgure251 Set dhcp gen-option data-type ascii hex dotted-decimalSet dhcp gen-option data data 252 Set dhcp ﬁlterset name string rule n dhcp-option 0Set dhcp ﬁlterset name string rule n match-str matchstring 253 Set dhcp ﬁlterset name string rule n match-pool ipaddressSet dhcp ﬁlterset name string rule n absent-pool ipaddress Set dhcp assigned-ﬁlterset stringDMT Settings Domain Name System Settings 256 257 Igmp SettingsSet igmp query-response-intvl value Set igmp snooping off onSet igmp robustness value Set igmp query-intvl valueIP Settings Set ip dsl vccn auto-sensing off dhcp/pppoe pppoe/pppoa Set ip dsl vccn restrictions admin-disabled noneSet ip dsl vccn netmask netmask Set ip dsl vccn addr-mapping on offSet ip ethernet a address ipaddress Set ip dsl vccn rip-send off v1 v2 v1-compat v2-MD5Set ip dsl vccn rip-receive Off v1 v2 v1-compat v2-MD5 Set ip ethernet a option on offSet ip ethernet a rip-receive off v1 v2 v1-compat v2-MD5 Set ip ethernet a restrictions none admin-disabledSet ip ethernet a netmask netmask Set ip ethernet a rip-send Off v1 v2 v1-compat v2-MD5Set ip gateway interface ip-address ppp-vccn Set ip ethernet a subnet n address ipaddressSet ip ethernet a subnet n netmask netmask Set ip gateway option on offSet ip ip-ppp vccn auto-sensing off dhcp/pppoe pppoe/pppoa Set ip ip-ppp vccn restrictions admin-disabled noneSet ip ip-ppp vccn peer-address ipaddress Set ip ip-ppp vccn addr-mapping on offSet ip ip-ppp vccn unnumbered on off Set ip ip-ppp vccn rip-receive off v1 v2 v1-compat v2-MD5Set ip ip-ppp vccn igmp-null-source-addr on off Set ip ip-ppp vccn mcast-fwd on offSet ip prioritize off on Set ip static-arp ip-addressipaddressSet ip igmp-forwarding off on Set ip ipsec-passthrough off on267 Set diffserv option off onSet diffserv lohi-ratio 60 100 percent 268 Qos off assure expedite network-control269 Set diffserv qos dscp-map default custom270 271 Queue Conﬁguration272 273 Set queue name wfq weight-type bps274 Set queue name priorityqueuename default-inputqueuename275 Rate-limiting weighted fair queue to 100Kbps276 Set ip sip-passthrough on offSet ip ethernet B rtsp-passthrough off on Set ip static-routes destination-networknetaddressSet ip-maps name name external-ip ip address IPMaps SettingsDelete ip static-routes destination-network netaddress Set ip-maps name name internal-ip ip addressNetwork Address Translation NAT Pinhole Settings Network Address Translation NAT Default SettingsPPPoE /PPPoA Settings Set ppp module vccn lcp-echo-requests on off Set ppp module vccn restart-timer integerSet ppp module vccn magic-number on off Set ppp module vccn protocol-compression on offSet ppp module vccn time-out integer Set ppp module vccn port-authentication username usernameSet ppp module vccn port-authentication password password Set ppp module vccn connection-type instant-on always-onSet wan-over-ether ipoe-sessions 1 PPPoE with IPoE SettingsSet wan-over-ether pppoe on off Set wan-over-ether pppoe-with-ipoe on offSet ip ip-ppp vcc1 igmp-null-source-addr off on Ethernet Port SettingsSet atm vcc n encap pppoe-llc Set ip ip-ppp vcc1 mcast-fwd on off802.3ah Ethernet OAM Settings 285 Command Line Interface Preference SettingsSet preference verbose on off Set preference more lines286 Port Renumbering SettingsSet servers web-http 1 Set servers telnet-tcp 1Set security ipsec tunnels name Security SettingsSet security ipsec tunnels name 123 tun-enable on on off Set security ipsec option off on off288 Set security ipsec tunnels name 123 IKE-mode DH-group 1 1 2Set security ipsec tunnels name 123 xauth username username Set security ipsec tunnels name 123 xauth enable off onSet security ipsec tunnels name 123 xauth password password Set security ipsec tunnels name 123 nat-enable on off290 Set security ipsec tunnels name 123 local-id idvalueSet security ipsec tunnels name 123 remote-id idvalue 291 292 Set security state-insp tcp-timeout 30Set security state-insp udp-timeout 30 Set security state-insp dos-detect off on293 Set security state-insp xposed-addr exposed-address# n294 Packet Filtering Settings295 Operator296 Snmp Settings 298 System SettingsSet system name name Set system ftp-server option off on Set system idle-timeout telnet 1...120 http 1Set system username administrator name user name Set system password admin user300 Sleep Contact-email string@domainname location stringSet system zerotouch option on off Syslog 302 Default syslog installation procedureWireless Settings supported models 304 305 Set wireless no-bridging off onSet wireless tx-power full medium fair low minimal 306 Set wireless wmm option off on307 308 Set wireless network-id privacy pre-shared-key stringSet wireless network-id privacy default-keyid 309 Set wireless mac-auth option on offExample 40bit key 02468ACE02 Set radius alt-radius-secret sharedsecret Set radius radius-name servernamestringSet radius radius-secret sharedsecret Set radius alt-radius-name servernamestringVlan Settings 312 Set vlan name name ports port port-pbits 0Set vlan name name ip-interface ipinterface 313 Assign an IP interfaceSet vlan name PPPoE11 id 314Set vlan name Video31 ports eth1 tag on 315VoIP settings Set voip phone 0 1 auth-id string Set voip phone 0 1 sip-user-password passwordSet voip phone 0 1 sip-user-display-name name Set voip phone 0 1 sip-user-name username318 Set voip phone 0 1 codec G72640 priority 1 2 3 4 5 6 7 none319 320 DSL Forum settings UPnP settings322 TR-069Backup IP Gateway Settings 324 Set ip backup-gateway default ipaddress325 Vdsl Settings326 327 Vdsl Parameters Accepted Values328 Parameter329 Accepted Values330 331 Glossary332 333 334 Ethernet crossover cable. See crossover cable335 336 337 338 339 340 341 Administrator’s Handbook 342 343 DescriptionInternational Agency approvalsManufacturer’s Declaration of Conformance North America345 Declaration for Canadian users346 Important Safety InstructionsAustralian Safety Information Telecommunication installation cautions347 CFR Part 68 Information348 Electrical Safety AdvisoryCopyright Acknowledgments 349 350 351 Wide Area Network TerminationPPPoE/PPPoA Point-to-Point Protocol over Ethernet/ATM 352 Simpliﬁed Local Area Network SetupInstant-On PPP Dhcp Dynamic Host Conﬁguration Protocol ServerEmbedded Web Server DiagnosticsManagement DNS Proxy354 Remote Access ControlPassword Protection Network Address Translation NAT355 Motorola Netopia Advanced Features for NATMotorola Netopia Gateway Internal ServersIP-Passthrough Default ServerPinholes Combination NAT Bypass Conﬁguration357 VPN IPSec Pass ThroughVPN IPSec Tunnel Termination 358 Stateful Inspection FirewallSSL Certiﬁcate Support VLANs359 Index360 Config361 362 NAT 264, 278363 PPP364 Shell365 VPN366 367 Administrator’s Handbook 368