Security 13-27

LAN IP Filtersets

The Netopia 4753 offers LAN-side filtering on the Ethernet hub. This permits multiple IP addresses or subnets on the Ethernet LAN to be kept separate from one another and operate as virtual independent networks sharing a single Internet connection. Small- to medium-sized offices can benefit by using a single router to connect to the Internet, with multiple businesses within the office using independent subnets on the network. Schools can benefit by separating the administrative network from the student network.

A LAN-side filter is the reverse of a WAN-side filter. When you use a WAN-side filter you are restricting external access to your internal network. The most common type of WAN-side filter is the Basic Firewall that is pre-defined in Netopia routers.

When you create a LAN-side filter you are restricting access from your internal network to the external world, or to other subnets on your internal network.

The main advantage of filtering from the LAN is to limit users (or a set of users on a subnet) from accessing services such as telnet to the router to make configuration changes or accessing the Internet via HTTP.

Companies desiring to limit certain departments from accessing the Internet can use LAN-side filtering, as well as schools desiring to prevent their student network from downloading files via FTP etc.

The WAN filtersets Basic Firewall and NetBIOS Filter should never be applied to your internal LAN because they can cut off access from all of your internal computers to the router itself. Instead, you should create separate new filtersets to be applied to the router’s Ethernet hub to restrict user and subnet access to other subnets or to the Internet.

Filtersets are very powerful access-restriction tools, and for this reason, the LAN-side filterset binding menu is placed in the Advanced Security Options screen.

Before attempting to create and use LAN-side filtersets, you should read and understand fully the information on subnet and filterset creation. For information on creating multiple subnets, see Chapter 10, “IP Setup.”.

After you have created an appropriate filterset, you apply it to the Ethernet hub interface as follows:

To attach a filter set to the Ethernet hub interface, navigate to the Advanced Security Options screen from the Main Menu.

Main

Menu

System

Configuration

Security

Security Options

 

 

Advanced

 

 

Security Options

 

 

 

 

 

 

 

Page 196 Page 198
Page 197
Image 197
Netopia 4753 manual LAN IP Filtersets
Page 196 Page 198
Top Page Image Contents