Manuals / NetComm / Computer Equipment / Network Router

NetComm NB712 manual Types of Firewall, Packet Filtering, There are three types of ﬁrewall

Models: NB712

1 117

Download 117 pages 38.86 Kb

Page 9

2.1 Types of Firewall

There are three types of ﬁrewall:

2.1.1 Packet Filtering

In packet ﬁltering, only the protocol and the address information of each packet is examined. Its contents and context (its relation to other packets and to the intended application) are ignored. The ﬁrewall pays no attention to applications on the host or local network and it “knows” nothing about the source of the incoming data. Filtering consists of examining incoming or outgoing packets and allowing or disallowing their transmission on the basis of a set of conﬁgurable rules. Network Address Translation (NAT) routers offer the advantages of packet ﬁltering ﬁrewalls but can also hide the IP addresses of computers behind the ﬁrewall, and offer a level of circuit-based ﬁltering.

Level 5: Application

Protocol

Level 4: TCP		Source/Destination address
		Source/Destination address
Level 3: IP		Source/Destination port
Level 3: IP		IP options
		IP options
Level 2: Data Link		Connection status
Level 2: Data Link
Level 1: Physical
192.168.0.5	172.16.3.4
Firewall
Filter remembers
this information
UDP
SP=3264
SA=192.168.0.5
DP=1525
DA=172.16.3.4
Matches outgoing
so allowed
UDP
SP=1525
SA=172.16.3.4
DP=3264
DA=192.168.0.5
No matches
so disallowed
UDP
SP=1525
SA=172.168.3.4
DP=2049
DA=192.168.0.5
192.100.0.10:1025
		192.120.8.5:2205	Internet
			Internet
		192.120.8.5:2206
Firewall 192.120.8.5
Client IP		Internal Port	External Port
192.100.0.11:4433		1025	2205
192.68.0.10		1025	2205
192.168.0.11		4406	2206
Internal/Protected			External/Unprotected
Network			Network

NB712 /	NB714 User Guide	9
YML829	Rev1

Image 9

NetComm NB712 manual Types of Firewall, Packet Filtering, There are three types of ﬁrewall

Contents

Page Contents NB714 User Guide Features Package ContentsIntroduction Routing SpeciﬁcationBridging SecurityATM QoS IndicatorsAAL5 Encapsulation WAN InterfacePhysical/Electrical ApplicationMemory Product InformationFirewall Types of Firewall Packet FilteringThere are three types of ﬁrewall Denial of Service Attack Circuit GatewayApplication Gateway SYN Flood Ping of deathIcmp Flood UDP FloodFrame Speciﬁcation Vlan Virtual Local Area NetworkVID uniquely identiﬁes the Vlan to which the frame belongs ApplicationsGetting to know the router Front PanelLED status LAN 1,2,3,4 Rear PanelCheck the Terminal Access Program Connecting your G.SHDSL Modem RouterDetermine Connection Setting Check the Ethernet Adapter in PCBridge EoA Route EoA IPoA PPPoA PPPoE Install the Shdsl RouterCross-over Ethernet cables can be used Port router with network topologyConﬁguration via Web Browser Router, which will lose any previous conﬁguration Basic Setup System error or disconnectionClick Basic for basic installation Bridge Mode LAN ParametersEnter Host Name Enter VPI Enter VCI Click LLC Click Next WAN1 ParametersRouting Mode Click Next to setup WAN1 parameters Dhcp ClientLAN IP Type IP type Dhcp ServerIP Address Subnet MaskDNS Server Trigger Dhcp ServiceRelay Dhcp relayAAL5 Encap PPPoE or PPPoAProtocol For more information, refer to the section on NAT/DMZPassword Conﬁrm PasswordUsername Idle TimeEprom Gateway IPoA or EoAEprom Advanced Setup Link Type Annex TypeData rate Data RateMargin range is from 0 to Shdsl SNR marginMargin, the better the line connection Reconnect for better line connectionWAN UBR Unspeciﬁed Bit Rate QoS Quality of ServiceCBR Constant Bit Rate PCR Peak Cell Rate in kbpsBridge Eprom Vlan Packets PvidRoute RIP ModeAuto RIP Summary Press ModifyAuthentication required RIP VersionPoison Reverse NAT/DMZ Multi-NAT Multi-DMZVirtual Start IP Address Count Global Start IP AddressVirtual Server Basic Firewall Security FirewallAutomatic Firewall Security Click Advanced Firewall Security and then press Finish Advanced Firewall SecuritySYN Attack Connections and will be unresponsivePing of death attack attempts to crash your system by Addresses originating from your networkDescription DirectionSrc. IP Address Dest. IP AddressFiltering rule will be conﬁgured as follow Filtering Rule for Smtp connectionFiltering Result Update Filtering RuleWhen the rule is ordered as ABC Rule Order10.0.0.0 172.16.6.0 Permit 10.1.99.0 172.16.0.0 Deny Any IP QoS NB714 User Guide Administration Security NB712 / NB714 User Guide MIB SnmpCommunity Snmp statusVersion Community Click on Time Sync Time SyncSntp service Time ServerTime Zone Utility System Info Backup Conﬁguration Restore Conﬁguration10.2 Conﬁg Tool Lose all the conﬁgured parametersUpgrade To logout the router, press logout LogoutRestart You can monitor the following StatusLAN-to-LAN connection with bridge Mode CO sideLAN Parameters Enter IP 192.168.1.1 Enter Subnet Mask WAN1 ParametersEnter Gateway 192.168.1.1 Enter Host Name Enter VPI Enter VCI EncapCPE Side Host Name Enter SohoVCI32 EncapLLC Dhcp Service LAN to LAN Connection with Routing ModeClick Route and CO Side then press Next IP Address 192.168.20.1 Subnet Mask 255.255.255.0 Host NameWAN Parameters Click Next to setup the IP parametersIP Address 192.168.10.1 Subnet Mask 255.255.255.0 Host Name Click Route and CPE Side then press Next192.168.30.2 Serial Console Useradmin PasswordTelnet Baudrate 9600 Data Bits Parity Check Stop Bits Flow-controlOperation Interface Window structure Menu Driven Interface Commands To choose another parametersCtrl + C To quit the conﬁguring item Ctrl + Q For help Menu Tree 14.7 Conﬁguration Done via utility command Ping Packet internet groper command AdminUtility Exit Quit systemStatus System ShowConﬁg ScriptAdministration RebootWrite PingUser Proﬁle Edit Community Entry List Show SnmpSupervisor Password and ID Sntp Move the cursor to service and press enterMove the cursor to sntp and press enter Move the cursor to timeserver1 and press enterMove the cursor to list and review the setting Utility SetupExit ModeShdsl 14.16.3 WAN After enter add menu, the screen will prompt as follow BridgeMove the cursor to vlan and press enter Vlan14.16.6 802.11Q Vlan Follow the following steps to conﬁgure 802.11q VlanFor each VLAN, Vlan ID is a unique number among 1~4095 You can review the list of RIP parameters via list command Generic command can setup RIP mode and auto summery modeRoute Screen will display the followingIP share 14.16.8 LANYou can conﬁgure NAT parameters in nat menu 14.16.10 NATMapping After key in enter, the screen will prompt as below 14.16.11 PATﬁrewall security level can conﬁgure via level command You can enable the demilitarized zone via active command14.16.12 DMZ FirewallActive DoS Protection IPQoS Dhcp You can view the Dhcp conﬁguration via list commandDefault DNS proxyHost name RJ-45 Network Ports Appendix a Cable Information10Mbps 100MbpsStraight and crossover cable conﬁguration Straight-Through CablingCross-Over Cabling No connection Shdsl Line Connector Console CableRxD O TxDContact Information Appendix B Registration and Warranty InformationProduct Warranty