Netopia 4000-Series

Security 10-41

Example network

Example ﬁlters

Example 1

Incoming packet has the source address of 200.1.1.28

Less Than or Equal Any port less than or equal to the port deﬁned

Equal Matches only the port deﬁned

Greater Than or Equal Matches the port or any port greater

Greater Than Matches anything greater than the port deﬁned

Filter Rule: 200.1.1.0 (Source IP Network Address)

255.255.255.128 (Source IP Mask)

Forward = No (What happens on match)

IP Address Binary Representation

200.1.1.28 00011100 (Source address in incoming IP packet)

AND

255.255.255.128 10000000 (Perform the logical AND)

Data

Internet

IP 200.1.1.??

Input Packet

Filter

Contents

Main Page Page Page Page Page Page Page Page Page Whats New in Netopia Firmware Version 5.4 Console-based Management Netopia Console Menus Netopia Models Screen differences Connecting through a Telnet Session Conguring Telnet software Connecting a Console Cable to your Equipment Page Navigating through the Console Screens Page WAN Conguration ADSL Line Conguration screen SDSL/IDSL Conguration screen Page IDSL Line Conguration screen G.SHDSL Line Conguration screen T1 Line Conguration screen Page Note: Frame Relay Conguration Page Frame Relay DLCI conguration Displaying a Frame Relay DLCI conguration table Changing a Frame Relay DLCI conguration Adding a Frame Relay DLCI conguration Deleting a Frame Relay DLCI conguration Multiple ATM Permanent Virtual Circuits Multiple ATM PVC overview Multiple ATM PVC conguration Page Quality of Service (QoS) settings Note: Editing circuits Changing a circuit Monitoring multiple virtual circuits Page Creating a New Connection Prole Multiple Data Link Encapsulation Settings Page Page The Default Prole IP parameters (default prole) screen Scheduled Connections Viewing scheduled connections Adding a scheduled connection Set Weekly Schedule Set Once-Only Schedule Page System Conguration Screens System conguration features IP Setup Filter Sets IP Address Serving Network Address Translation (NAT) Stateful Inspection rewall Stateful Inspection Options Note: Exposed Addresses Page Date and time Note: Console Conguration SNMP (Simple Network Management Protocol) Security Upgrade Feature Set RFC-1483 Transparent Bridging Page Logging Page Page Page Features Port Address Translation Server lists Static mapping Dynamic mapping WAN Network LAN Network Complex maps Supported trafc Support for Microsoft Network (MSN) Messenger Support for AOL Instant Messenger (AIM) File Transfer } MultiNAT Conguration Easy Setup Prole conguration Server Lists and Dynamic NAT conguration IP setup Page NAT rules Page Select Page Modifying map lists Page Adding Server Lists Page Note: 3-18 Firmware User Guide Modifying server lists The Show/Change NAT Server List screen appears. Once a server list exists, you can select it for modication or deletion. Page Deleting a server Binding Map Lists and Server Lists IP prole parameters 3-22 Firmware User Guide will now be bound to this Connection Prole. IP Parameters (WAN Default Prole) IP Parameters 3-24 Firmware User Guide now be bound to the default prole. will now be bound to the default prole. Note: Mask elds visibility are dependent only on the IP Addressing type. NAT Associations the corresponding prole or interface. IP Passthrough Page First Come First Serve Mode Note: Page MultiNAT Conguration Example Page Page Notes on the example Page Page Page Page Note: Summary About PPTP Tunnels PPTP conguration Page Note: About IPsec Tunnels About ATMP Tunnels ATMP conguration Note: Encryption Support MS-CHAP V2 and 128-bit strong encryption ATMP/PPTP Default Prole Page VPN QuickView Dial-Up Networking for VPN Installing Dial-Up Networking Creating a new Dial-Up Networking prole Conguring a Dial-Up Networking prole Installing the VPN Client Windows 95 VPN installation Windows 98 VPN installation Connecting using Dial-Up Networking Allowing VPNs through a Firewall PPTP example Virtual Private Networks (VPNs) 4-21 In the Display/Change Filter Set screen select Display/Change Output Filter. ATMP example Page Page Windows Networking Broadcasts Note: Example: Tunnel 4-26 Firmware User Guide Page Page Page Note: Internet Key Exchange (IKE) Conguration Page Adding an IKE Phase 1 Prole Page Page Note: 5-8 Firmware User Guide Changing an IKE Phase 1 Prole Key Management Page Page Note: Enhanced Dead Peer Detection Page Multiple Network IPsec Page Page Page IPsec WAN Conguration Screens IPsec Manual Key Entry VPN Quickview WAN Event History Error Reporting Page Page IP Setup Page IP subnets Page Static routes Viewing static routes Adding a static route Modifying a static route Deleting a static route Rules of static route installation RIP-2 MD5 Authentication Overview Key management Authentication conguration IP Setup 6-11 The IP Setup screen appears. Page Page Adding a key Changing or deleting a key Connection Proles and Default Prole Power interruptions IP Address Serving Page Note: IP Address Pools Note: DHCP NetBIOS Options Page More Address Serving Options Conguring the IP Address Server options Note: Page Page Page IP Setup 6-29 DHCP Relay Agent Page Connection Proles Page Multicast Forwarding Page Page Page External Dial Backup Support Conguring External Dial Backup WAN Conguration Page Page Backup Conguration screen Note: Connection Proles Using Scheduled Connections with Backup Page Management/Statistics Page QuickView Event Logs SNMP Support Backup Default Gateway Backup Conguration screen Note: IP Setup screen Note: Backup Management/Statistics Page Page Introduction Conguring the Voice Features Page Page Quick View Status Overview General status Current status Status lights Statistics & Logs Event Histories WAN Event History Device Event History Page IP Routing Table General Statistics Physical Interface Network Interface System Information Simple Network Management Protocol (SNMP) - V2c Enterprise-specic SNMP Changes The SNMP Setup screen Community strings SNMP traps Setting the IP trap receivers Viewing IP trap receivers Modifying IP trap receivers Deleting IP trap receivers Page Suggested Security Measures Console Tiered Access Two Password Levels UPnP Support Superuser conguration Limited user conguration Advanced Security Options Page User access password User menu differences Main Menu WAN Conguration screens User Access Level Connection Proles System Conguration menu Note: IP Setup menu Utilities & Diagnostics menu X-Modem File Transfer menu Statistics & Logs menu Page Quick Menus Note: ATM Circuits Conguration menu Note: User Accounts Protecting the Security Options screen Protecting the conguration screens Telnet Access About Filters and Filter Sets Whats a lter and whats a lter set? How lter sets work Filter priority How individual lters work A ltering rule Parts of a lter Port numbers Port number comparisons Other lter attributes Putting the parts together Filtering example #1 Filtering example #2 Note: Design guidelines Disadvantages of lters An approach to using lters Working with IP Filters and Filter Sets Note: Adding a lter set Naming a new lter set Adding lters to a lter set Note: Viewing lters Modifying lters Deleting lters Moving lters Deleting a lter set Note: A sample lter set Page Possible modications Note: Policy-based Routing using Filtersets TOS eld matching Page Firewall Tutorial General rewall terms Basic IP packet components Basic protocol types Example TCP/UDP Ports Firewall design rules Firewall Logic Binary representation Logical AND function Implied rules Established connections Example lter set screen Filter basics Page Example 2 Example 3 Example 4 Example 5 Conguration Management Page Page TFTP and X-Modem Call Filtering Page Page Page Ping Page Trace Route Telnet Client Factory Defaults Note: Transferring Conguration and Firmware Files with TFTP Updating rmware Downloading conguration les Uploading conguration les Transferring Conguration and Firmware Files with XMODEM Note: Updating rmware Downloading conguration les Uploading conguration les Restarting the System T1 Line Statistics and Diagnostics Page Page Conguration Problems Note: Console connection problems Cant see the conguration screens (nothing appears) Junk characters appear on the screen Characters are missing from some of the conguration screens Network problems How to Reset the Router to Factory Defaults Reset Switch Slot Power Outages Technical Support Before contacting Netopia Environment prole How to reach us Online product information What is IP? About IP Addressing Note: Subnets and subnet masks Subnet masks Note: Example: Using subnets on a Class C IP internet B-4 Firmware User Guide Network conguration LAN Customer Site B Internet ISP Network Distributing IP Addresses Technical note on subnet masking Note: Conguration DHCP address serving Netopia Firmware Version 5.4 DHCP server characteristics MacIP serving Manually distributing IP addresses Using address serving Serve dynamic WAN clients Tips and rules for distributing IP addresses A DHCP example Nested IP Subnets Note: Internet Page Broadcasts Packet header types Page C-2 Firmware User Guide Decimal Binary Decimal Binary Decimal Binary Decimal Binary IIIInn eexx ddee nndd xx