Example | Netopia 4542, 4541 instruction

Security 11-27

Example 4

		Filter Rule:		200.1.1.96		(Source IP Network Address)

				255.255.255.240		(Source IP Mask)

				Forward = No		(What happens on match)

Incoming packet has the source address of 200.1.1.104.

	IP Address		Binary Representation

	200.1.1.104		01101000		(Source address in incoming IP packet)

	AND

	255.255.255.240		11110000		(Perform the logical AND)

			01100000		(Logical AND result)

Since the Source IP Network Address in the Netopia 4541/4542 is 01100000, and the source IP address after the logical AND is 01100000, this rule does match and this packet will not be forwarded.

Example 5

		Filter Rule:		200.1.1.96		(Source IP Network Address)

				255.255.255.255		(Source IP Mask)

				Forward = No		(What happens on match)

Incoming packet has the source address of 200.1.1.96.

	IP Address		Binary Representation

	200.1.1.96		01100000		(Source address in incoming IP packet)

	AND

	255.255.255.255		11111111		(Perform the logical AND)

			01100000		(Logical AND result)

Since the Source IP Network Address in the Netopia 4541/4542 is 01100000, and the source IP address after the logical AND is 01100000, this rule does match and this packet will not be forwarded. This rule masks off a single IP address.

Image 171

Netopia 4542, 4541 manual Example

Contents

Netopia 4541 Adsl Routers Part Number Contents User’s Reference Guide Contents User’s Reference Guide Snmp Limited Warranty and Limitation of Remedies-Revised January Features and capabilities Chapter IntroductionOverview How to use this guide Chapter Making the Physical Connections Find a locationWhat you need Adsl port Ethernet port Identify the connectors and attach the cables Netopia 4541/4542 Adsl Router status lights User’s Reference Guide Conﬁguring TCP/IP on Windows-based Computers Chapter Sharing the Connection Conﬁguration tab Dynamic conﬁguration recommended Static conﬁguration optional Add. Repeat this process for the secondary DNS TCP/IP Conﬁguring TCP/IP on Macintosh Computers TCP/IP or MacTCP Sharing the Connection User’s Reference Guide Readying computers on your local network Chapter Connecting to Your Local Area Network Connecting to an Ethernet network Chapter Console-Based Management Connecting through a Telnet session Filter sets ﬁrewalls. See Security onSnmp Simple Network Management Protocol. See Snmp on Conﬁguring Telnet software Connecting a console cable to your router Mac ANSI, VT-100, or VT-200 Navigating through the console screens Chapter Easy Setup Easy Setup console screensAccessing the Easy Setup console screens Quick Easy Setup connection path Main Menu appears DSL Line Conﬁguration Easy Setup Proﬁle IP Easy Setup Ethernet IP Address 192.168.1.1 Ethernet Subnet Mask Easy Setup Security Conﬁguration User’s Reference Guide WAN conﬁguration Chapter WAN and System ConfigurationConfiguration Setup Adsl Line Conﬁguration screen appears FDM Cancel Creating a new Connection Proﬁle PAP Easy Setup Profile 255.225.255.255 0.0 Default Profile Default Proﬁle screen appears Default proﬁle IP parameters default proﬁle screen Configuration Scheduled ConnectionsScheduled connections Viewing scheduled connections Adding a scheduled connection Set Weekly Schedule Set Once-Only Schedule Modifying a scheduled connection Deleting a scheduled connectionSystem conﬁguration screens Navigating through the system conﬁguration screens System conﬁguration features Date and time IP setupFilter sets ﬁrewalls IP address serving Snmp Simple Network Management Protocol Console conﬁguration Upgrade feature set SecurityLogging Installing the Syslog client User’s Reference Guide Chapter IP Setup IP Address Serving IP Setup IP subnets For example Static routes Viewing static routes Static Routes screen will appear Adding a static route Rules of static route installation Modifying a static routeDeleting a static route Main Menu System Configuration IP Address Serving IP Setup IP Address Serving IP Address Serving Mode IP Address Pools User’s Reference Guide Dhcp NetBIOS Options NetBios Type More Address Serving Options Conﬁguring the IP Address Server options Scroll UP 192.168.1.112 192.168.1.113 Scroll Down Lease Management 192.168.1.101 Dhcp Dhcp Relay Agent Dhcp Relay Agent Connection Proﬁles Easy-PAT List WAN Configuration User’s Reference Guide Chapter Multiple Network Address Translation Features Static mapping Following is a general description of these featuresPort Address Translation Server lists WAN Network Complex maps MultiNAT Conﬁguration Supported trafﬁc Server Lists and Dynamic NAT conﬁguration Easy Setup Proﬁle conﬁguration Select Network Address Translation NAT and press Return NAT rules Network Address Translation screen appears Add NAT Public Range screen appears ADD NAT MAP Select Show/Change NAT Map List screen appears Modifying map lists Change NAT MAP Adding Server Lists ADD NAT Server Port Show/Change NAT Server List screen appears Modifying server lists Change NAT Server Deleting a server IP proﬁle parameters Binding Map Lists and Server Lists +--NAT Map List Name Toggle Address Translation Enabled to Yes IP Parameters WAN Default Proﬁle IP Parameters Default Profile NAT Associations NAT Associations +NAT Map List Name-+ MultiNAT Conﬁguration Example Previous Screen Enter your ISP-supplied values as shown below Change NAT Public Range ADD NAT MAP User’s Reference Guide Chapter Virtual Private Networks VPNs Transit Intern etwork Summary About Pptp Tunnels Pptp conﬁguration Configuration Add Connection Profile Chap User’s Reference Guide Conﬁguration About IPsec Tunnels DES Encryption Key Authentication Type IP Proﬁle Parameters Advanced IP Proﬁle Options Interoperation with other features About Atmp TunnelsAtmp conﬁguration Data Link Options Frame Relay RFC1483 User’s Reference Guide MS-CHAP V2 and 128-bit strong encryption Encryption Support Transparently ATMP/PPTP Default Proﬁle QuickView VPN QuickView Dial-Up Networking for VPN Installing Dial-Up Networking Creating a new Dial-Up Networking proﬁle Conﬁguring a Dial-Up Networking proﬁle Windows 95 VPN installation Installing the VPN Client Windows 98 VPN installation Allowing VPNs through a Firewall Connecting using Dial-Up Networking Filter Sets Display/Change Basic Firewall Pptp example GRE Atmp example Virtual Private Networks VPNs UDP Change Output Filter EnabledYes ForwardYes Source IP Address User’s Reference Guide Chapter Security Suggested security measuresUser accounts Protecting the conﬁguration screens Protecting the Security Options screen Telnet access About ﬁlters and ﬁlter sets What’s a ﬁlter and what’s a ﬁlter set?How ﬁlter sets work Forward Filter priority ﬁltering rule How individual ﬁlters work Who 513 Parts of a ﬁlterPort numbers 161 Aurp AppleTalk 387 Other ﬁlter attributes Port number comparisons User Datagram Protocol Putting the parts togetherInternet Control Message Protocol Transmission Control Protocol Filtering example #2 Filtering example #1 Disadvantages of ﬁlters Design guidelines An approach to using ﬁlters Working with IP ﬁlters and ﬁlter setsAdding a ﬁlter set Naming a new ﬁlter set Netopia Router Adding ﬁlters to a ﬁlter set ANY Modifying ﬁlters Viewing ﬁlters Moving ﬁlters Deleting a ﬁlter setSample ﬁlter set Deleting ﬁlters TCP Icmp UDP Possible modiﬁcations Firewall tutorial General ﬁrewall terms Basic IP packet components Basic protocol typesExample TCP/UDP Ports Firewall Logic UDP Port ServiceFirewall design rules Aurp Logical and function Implied rulesEstablished connections Filter basics Example ﬁlter set screenThis is an example of the Netopia ﬁlter set screen Example ﬁlters Example networkExample Example Example User’s Reference Guide Quick View status overview Chapter Monitoring Tools ATM Adsl WAN General status Status lights Current status Event histories Statistics & Logs Device Event History WAN Event History Device Event History Current Date IP Routing Table General StatisticsMain Menu Statistics & Logs Network Interface Physical Interface Snmp System Information Community strings Snmp Setup screen Snmp traps Deleting IP trap receivers Setting the IP trap receiversViewing IP trap receivers Modifying IP trap receivers Chapter Utilities and Diagnostics Ping Utilities and Diagnostics Time Trace Route Telnet client Telnet client screen appears Factory defaults Updating ﬁrmware Transferring conﬁguration and ﬁrmware ﬁles with Tftp Downloading conﬁguration ﬁles Transferring conﬁguration and ﬁrmware ﬁles with Xmodem Uploading conﬁguration ﬁles Updating ﬁrmware Do you want to send a saved configuration to your Netopia? Restarting the system Conﬁguration problems Appendix a Troubleshooting Network problems Console connection problems Power outages How to reset the router to factory defaults Before contacting Netopia How to reach usNetopia Bulletin Board Service 1 Technical support Online product information Product information can be found in the followingFAX-Back User’s Reference Guide Appendix B Technical Specifications and Safety Information International Regulatory noticesDecember 1 Canada CSA CAN/CSA-C22.2 No FCC Part 15 Class B Declaration for Canadian users Technical Speciﬁcations and Safety Information B-3 Battery Important safety instructionsAustralian Safety Information Telecommunication installation cautions Technical Speciﬁcations and Safety Information B-5 User’s Reference Guide Limited Warranty and Limitation of Remedies-Revised January