Manuals / Motorola / Cell Phone / Cell Phone

Motorola 2200, 7000, 3352N, 3342 manual Packet Filtering Settings, 294

Models: 2200 3342 3352N 3352 7000

1 368

Download 368 pages 62.68 Kb

Page 294

Administrator’s Handbook

Packet Filtering Settings

Packet Filtering has two parts:

•Create/Edit/Delete Filter Sets, create/edit/delete rules to a Filter Set.

•Associate a created Filter Set with a WAN or LAN interface

See “Packet Filter” on page 163 for more information.

set security pkt-ﬁlter ﬁlterset ﬁlterset-name[ input_ﬁlter output_ﬁlter ] index forward [ on off ]

Creates or edits a ﬁlter rule, specifying whether packets will be forwarded or not.

☛NOTE:

If this is the ﬁrst rule, it will create the ﬁlter-set called ﬁlterset-name, otherwise it will edit the ﬁlterset.

If the index is not consecutive, the system will select the next consecutive index. If the index does not exist, a rule will be created. If a rule exists, the rule will be edited.

set security pkt-ﬁlter ﬁlterset ﬁlterset-name[ input_ﬁlter output_ﬁlter ] index idle-reset [ on off ]

Turns idle reset on or off for the speciﬁed ﬁlter rule. A match on this rule resets idle-timeout status and keeps the WAN connection alive. The default is off. For idle-resetto be displayed, forward must be enabled on a ﬁlter rule.

set security pkt-ﬁlter ﬁlterset ﬁlterset-name[ input_ﬁlter output_ﬁlter ] index frc-rte [ on off ]

Turns forced routing on or off for the speciﬁed ﬁlter rule. A match on this rule will force a route for packets. The default is off. For frc-rteto be displayed, forward must be enabled on a ﬁlter rule.

set security pkt-ﬁlter ﬁlterset ﬁlterset-name[ input_ﬁlter output_ﬁlter ] index gateway ip_addr

Speciﬁes the gateway IP address for forced routed packets, if forced routing is enabled.

set security pkt-ﬁlter ﬁlterset ﬁlterset-name[ input_ﬁlter output_ﬁlter ] index src-ip ip_addr

Speciﬁes the source IP address to match packets (where the packet was sent from).

set security pkt-ﬁlter ﬁlterset ﬁlterset-name[ input_ﬁlter output_ﬁlter ] index src-mask mask

Speciﬁes the source IP mask to match packets (where the packet was sent from).

294

Image 294

Motorola 2200, 7000, 3352N, 3342 manual Packet Filtering Settings, 294

Contents

Administrator’s Handbook Administrator’s Handbook CopyrightPage Administrator’s Handbook Table of Contents Breadcrumb Trail Security Basic Troubleshooting Command Line Interface 223 Administrator’s Handbook Glossary Overview of Major Capabilities Introduction What’s NewAdministrator’s Handbook Documentation Conventions About Motorola Netopia DocumentationIntended Audience GeneralCommand Line Interface Internal Web InterfaceOrganization Word About Example ScreensAdministrator’s Handbook Basic Mode Setup Important Safety Instructions Power Supply InstallationWichtige Sicherheitshinweise AchtungBewahren Sie diese Anweisungen auf Setting up the Motorola Netopia Gateway Microsoft WindowsPage Macintosh MacOS 8 or higher or Mac OS Conﬁguring the Motorola Netopia Gateway MiAVo Vdsl and Ethernet WAN models QuickstartYou can skip to Home Page Basic Mode on PPPoE Quickstart Set up the Motorola Netopia Pocket Gateway Page Motorola Netopia Gateway Status Indicator Lights Home Page Basic Mode Down Link Manage My Account Link Status Details Link Enable Remote Management Link Expert Mode Link Update Firmware Link Factory Reset Accessing the Expert Web Interface Open the Web ConnectionAdministrator’s Handbook Summary Information Home Page Expert ModeHome Page Information Field Status and/or DescriptionVoIP NATToolbar Navigating the Web InterfaceLink Breadcrumb Trail Restart Button RestartLink Alert Symbol Help Button HelpConﬁgure Button ConﬁgureLink Quickstart Administrator’s Handbook Link LAN Administrator’s Handbook Page Administrator’s Handbook Wireless supported models Privacy Page Advanced About Closed System Mode Administrator’s Handbook Multiple SSIDs ExamplesWPA Version Allowed Administrator’s Handbook Page WiFi Multimedia Wireless MAC Authorization Administrator’s Handbook Use Radius Server Advanced Network Conﬁguration page appears Link WAN PPP over Ethernet interfaceDHCP/PPPoE/PPPoA Autosensing Advanced RIP-1 compatibility, or RIP-2 with MD5Ethernet WAN interface Page Advanced IP GatewayOther WAN Options WAN Ethernet and Vdsl Gateways Adsl GatewaysAvailable Encapsulation types Administrator’s Handbook Page Sustained Cell Rate SCR Class Transmit Priority CommentsLink Advanced Link IP Static Routes IP Static Route Entry page appearsChanges link Link IP Static ARP Link Pinholes Gateway Tips for making Pinhole EntriesPinhole Conﬁguration Procedure. Use the following steps Page Administrator’s Handbook Conﬁgure the IPMaps Feature FAQs for the IPMaps Feature192.168.1.1 IPMaps Block DiagramMotorola Netopia Gateway WAN Interface LAN Interface 192.168.1.2Link Default Server Internet Gateway Page Link Differentiated Services Page QoS Setting TOS Bit Value Behavior Link DNS Link Dhcp Server Link Radius Server Link Snmp Page Link Igmp Internet Group Management Protocol Igmp Version 3 supports100 101 Link UPnP 102Link LAN Management 103Link Ethernet Bridge 104Conﬁguring for Bridge Mode 105106 Overview 107Ethernet Switching/Policy Setup 108Vlan Model Combining Bridging and Routing 109110 Vlan Port Conﬁguration screen appears 111112 113 114 115 Example 116117 118 Click the Save and Restart link 119Supported models only 120SIP Line Entry 121Call Features Settings 122123 Link System 124Link Syslog Parameters 125System Log Messages Administration Related Log MessagesLog Event Messages DSL Log Messages most commonAccess-related Log Messages 127128 Link Internal Servers 129Link Software Hosting 130List of Supported Games and Software 131Rename a UserPC 132Check the Enable Backup Gateway checkbox Manual options133 Automatic options 134135 Link Ethernet MAC Override 136Link Clear Options 137Link Time Zone 138Security Button Security139 Link Passwords 140141 Use a Motorola Netopia Firewall Conﬁguring for a BreakWater SettingLink Firewall 142Tips for making your BreakWater Basic Firewall Selection Basic Firewall Background143 BreakWater Setting ClearSailing SilentRunning LANdLocked 144145 Link IPSec 146SafeHarbour IPSec VPN 147Conﬁguring a SafeHarbour VPN 148149 Parameter Motorola Netopia Peer GatewayBe sure that you have SafeHarbour VPN enabled 150Parameter Descriptions Field Description151 152 Address/Value153 Stateful Inspection Firewall installation procedure Link Stateful Inspection154 Exposed Addresses 155156 Port Protocol Description LAN Private WAN Public Interface Open Ports in Default Stateful Inspection InstallationStateful Inspection Options 157Basic IP packet components Firewall TutorialGeneral ﬁrewall terms Basic protocol typesFirewall Logic Example TCP/UDP Ports TCP Port ServiceFirewall design rules 159Implied rules Example ﬁlter set160 What it means Filter basicsExample ﬁlters Example network162 Link Packet Filter What’s a ﬁlter and what’s a ﬁlter set?163 How ﬁlter sets work Filter priority164 Parts of a ﬁlter How individual ﬁlters workﬁltering rule Port numbersPort number comparisons Other ﬁlter attributes166 Putting the parts together Filtering example #1167 168 Design guidelines Filtering example #2169 An approach to using ﬁlters 170Working with IP Filters and Filter Sets Adding a ﬁlter set171 Adding ﬁlters to a ﬁlter set 172173 Enter the Source Mask for the source IP address 174Deleting a ﬁlter set 175Associating a Filter Set with an Interface 176Policy-based Routing using Filtersets TOS ﬁeld matching177 178 Using the Security Monitoring Log Link Security Log179 180 TCPTimestamp Background 181Install Button Install182 Background Link Install SoftwareRequired Files 183Conﬁrm Motorola Netopia Firmware Image Files Install the Motorola Netopia ﬁrmware ImageMotorola Netopia ﬁrmware Image File 184Verify the Motorola Netopia Firmware Release 185186 Obtaining Software Feature Keys Link Install KeyUse Motorola Netopia Software Feature Keys Procedure Install a New Feature Key File188 To check your installed features 189Link Install Certiﬁcate 190191 Administrator’s Handbook 192 Basic Troubleshooting 193Ethernet Status Indicator LightsAction 194Model 2241N only 195Ethernet 1, 2, 3 196Wireless 197198 Special patterns 199LAN 1, 2, 3 200Wireless Link 201DSL 1 & 2 ADSL2+ Models only Ethernet 1, 2, 3202 203 LED Function Summary Matrix 204Trafﬁc Wireless UnlitActive LinkFactory Reset Switch Advanced Troubleshooting 207Home 208209 Device GatewayExpert Mode Button Troubleshoot210 Link System Status 211Link Ports Ethernet 212Link Ports DSL 213Link IP Interfaces 214Link DSL Circuit Conﬁguration 215Link System Log Entire 216Link Diagnostics 217Link Network Tools 218219 If Ping is not successful, possible causes are 220221 Administrator’s Handbook 222 Command Line Interface 223Overview 224Command Verbs Status and/or Description Keywords225 Starting and Ending a CLI Session Using the CLI Help FacilitySaving Settings LoggingShell Prompt About Shell CommandsShell Command Shortcuts 227Shell Commands Common CommandsLicense key Loglevel level229 Quit NetstatNetstat -r 230Reset cdmode Reset arpReset atm Reset crashReset wan Reset security-logReset wan-users all ip-address Reset wepkeysShow dhcp server leases Show crashShow dhcp agent Show diffservShow group-mgmt Show featuresShow etheroam ah Show ip arpShow ip routes Show ip ﬁrewallShow ip lan-discovery Show ip state-inspShow vlan Show statusShow summary 236237 Upload serveraddress ﬁlename conﬁrm Show wireless allShow wireless clients MACaddress View conﬁgWAN Commands Navigating the Config Hierarchy About Config CommandsConfig Mode Prompt Show ppp stats lcp ipcpSet ip ethernet a ipaddress Entering Commands in Config ModeGuidelines Config Commands 241Validating Your Conﬁguration Displaying Current Gateway SettingsStep Mode a CLI Conﬁguration Technique 242Config Commands Remote ATA Conﬁguration CommandsSet ata proﬁle 0.. ata-proxy-server ipaddr Set ata proﬁle 0.. ata-user-password stringSet ata proﬁle 0.. ata-static-wan-gateway ipaddr Set ata proﬁle 0.. ata-proxy-port portDSL Commands Set atm vcc n vci 0 Bridging SettingsSet atm vcc n vpi 0 Set atm vccn pppoe-sessions 1Set bridge concurrent-bridging-routing on off Set bridge table-timeout 30Set bridge sys-bridge on off Set bridge dhcp-ﬁlterset stringDhcp Settings Set dhcp gen-option name name Set dhcp range 2.. start-address ipaddressSet dhcp range 2.. end-address ipaddress Set dhcp gen-option option 1Option Data Format Data Size Can Bytes Conﬁgure 250Set dhcp gen-option data-type ascii hex dotted-decimal Set dhcp gen-option data data251 Set dhcp ﬁlterset name string rule n dhcp-option 0 Set dhcp ﬁlterset name string rule n match-str matchstring252 Set dhcp assigned-ﬁlterset string Set dhcp ﬁlterset name string rule n match-pool ipaddressSet dhcp ﬁlterset name string rule n absent-pool ipaddress 253DMT Settings Domain Name System Settings 256 Igmp Settings 257Set igmp query-intvl value Set igmp snooping off onSet igmp robustness value Set igmp query-response-intvl valueIP Settings Set ip dsl vccn addr-mapping on off Set ip dsl vccn restrictions admin-disabled noneSet ip dsl vccn netmask netmask Set ip dsl vccn auto-sensing off dhcp/pppoe pppoe/pppoaSet ip ethernet a option on off Set ip dsl vccn rip-send off v1 v2 v1-compat v2-MD5Set ip dsl vccn rip-receive Off v1 v2 v1-compat v2-MD5 Set ip ethernet a address ipaddressSet ip ethernet a rip-send Off v1 v2 v1-compat v2-MD5 Set ip ethernet a restrictions none admin-disabledSet ip ethernet a netmask netmask Set ip ethernet a rip-receive off v1 v2 v1-compat v2-MD5Set ip gateway option on off Set ip ethernet a subnet n address ipaddressSet ip ethernet a subnet n netmask netmask Set ip gateway interface ip-address ppp-vccnSet ip ip-ppp vccn addr-mapping on off Set ip ip-ppp vccn restrictions admin-disabled noneSet ip ip-ppp vccn peer-address ipaddress Set ip ip-ppp vccn auto-sensing off dhcp/pppoe pppoe/pppoaSet ip ip-ppp vccn mcast-fwd on off Set ip ip-ppp vccn rip-receive off v1 v2 v1-compat v2-MD5Set ip ip-ppp vccn igmp-null-source-addr on off Set ip ip-ppp vccn unnumbered on offSet ip ipsec-passthrough off on Set ip static-arp ip-addressipaddressSet ip igmp-forwarding off on Set ip prioritize off onSet diffserv option off on Set diffserv lohi-ratio 60 100 percent267 Qos off assure expedite network-control 268Set diffserv qos dscp-map default custom 269270 Queue Conﬁguration 271272 Set queue name wfq weight-type bps 273Set queue name priorityqueuename default-inputqueuename 274Rate-limiting weighted fair queue to 100Kbps 275Set ip static-routes destination-networknetaddress Set ip sip-passthrough on offSet ip ethernet B rtsp-passthrough off on 276Set ip-maps name name internal-ip ip address IPMaps SettingsDelete ip static-routes destination-network netaddress Set ip-maps name name external-ip ip addressNetwork Address Translation NAT Default Settings Network Address Translation NAT Pinhole SettingsPPPoE /PPPoA Settings Set ppp module vccn protocol-compression on off Set ppp module vccn restart-timer integerSet ppp module vccn magic-number on off Set ppp module vccn lcp-echo-requests on offSet ppp module vccn connection-type instant-on always-on Set ppp module vccn port-authentication username usernameSet ppp module vccn port-authentication password password Set ppp module vccn time-out integerSet wan-over-ether pppoe-with-ipoe on off PPPoE with IPoE SettingsSet wan-over-ether pppoe on off Set wan-over-ether ipoe-sessions 1Set ip ip-ppp vcc1 mcast-fwd on off Ethernet Port SettingsSet atm vcc n encap pppoe-llc Set ip ip-ppp vcc1 igmp-null-source-addr off on802.3ah Ethernet OAM Settings Set preference more lines Command Line Interface Preference SettingsSet preference verbose on off 285Set servers telnet-tcp 1 Port Renumbering SettingsSet servers web-http 1 286Set security ipsec option off on off Security SettingsSet security ipsec tunnels name 123 tun-enable on on off Set security ipsec tunnels nameSet security ipsec tunnels name 123 IKE-mode DH-group 1 1 2 288Set security ipsec tunnels name 123 nat-enable on off Set security ipsec tunnels name 123 xauth enable off onSet security ipsec tunnels name 123 xauth password password Set security ipsec tunnels name 123 xauth username usernameSet security ipsec tunnels name 123 local-id idvalue Set security ipsec tunnels name 123 remote-id idvalue290 291 Set security state-insp dos-detect off on Set security state-insp tcp-timeout 30Set security state-insp udp-timeout 30 292Set security state-insp xposed-addr exposed-address# n 293Packet Filtering Settings 294Operator 295296 Snmp Settings System Settings Set system name name298 Set system password admin user Set system idle-timeout telnet 1...120 http 1Set system username administrator name user name Set system ftp-server option off onSleep Contact-email string@domainname location string Set system zerotouch option on off300 Syslog Default syslog installation procedure 302Wireless Settings supported models 304 Set wireless no-bridging off on Set wireless tx-power full medium fair low minimal305 Set wireless wmm option off on 306307 Set wireless network-id privacy pre-shared-key string Set wireless network-id privacy default-keyid308 Set wireless mac-auth option on off Example 40bit key 02468ACE02309 Set radius alt-radius-name servernamestring Set radius radius-name servernamestringSet radius radius-secret sharedsecret Set radius alt-radius-secret sharedsecretVlan Settings Set vlan name name ports port port-pbits 0 Set vlan name name ip-interface ipinterface312 Assign an IP interface 313314 Set vlan name PPPoE11 id315 Set vlan name Video31 ports eth1 tag onVoIP settings Set voip phone 0 1 sip-user-name username Set voip phone 0 1 sip-user-password passwordSet voip phone 0 1 sip-user-display-name name Set voip phone 0 1 auth-id stringSet voip phone 0 1 codec G72640 priority 1 2 3 4 5 6 7 none 318319 320 UPnP settings DSL Forum settingsTR-069 322Backup IP Gateway Settings Set ip backup-gateway default ipaddress 324Vdsl Settings 325326 Vdsl Parameters Accepted Values 327Parameter 328Accepted Values 329330 Glossary 331332 333 Ethernet crossover cable. See crossover cable 334335 336 337 338 339 340 341 Administrator’s Handbook 342 Description 343North America Agency approvalsManufacturer’s Declaration of Conformance InternationalDeclaration for Canadian users 345Telecommunication installation cautions Important Safety InstructionsAustralian Safety Information 346CFR Part 68 Information 347Electrical Safety Advisory Copyright Acknowledgments348 349 350 Wide Area Network Termination PPPoE/PPPoA Point-to-Point Protocol over Ethernet/ATM351 Dhcp Dynamic Host Conﬁguration Protocol Server Simpliﬁed Local Area Network SetupInstant-On PPP 352DNS Proxy DiagnosticsManagement Embedded Web ServerNetwork Address Translation NAT Remote Access ControlPassword Protection 354Internal Servers Motorola Netopia Advanced Features for NATMotorola Netopia Gateway 355Combination NAT Bypass Conﬁguration Default ServerPinholes IP-PassthroughVPN IPSec Pass Through VPN IPSec Tunnel Termination357 VLANs Stateful Inspection FirewallSSL Certiﬁcate Support 358Index 359Config 360361 NAT 264, 278 362PPP 363Shell 364VPN 365366 367 Administrator’s Handbook 368