Modifying ﬁlter sets, Deleting a ﬁlter set | Netopia R2020 instruction

Security 14-17

Modifying ﬁlter sets

To modify a ﬁlter set, select Display/Change Filter Set in the Filter Sets screen to display a list of ﬁlter sets.

Select a ﬁlter set from the list and press Return to go to the Change IP Filter Set screen. The items in this screen are the same as the ones in the Add Filter screen (see “Adding ﬁlters to a ﬁlter set” on page 14-14).

Change IP Filter Set

Filter Set Name:

Basic Firewall

Display/Change Input Filter...

Add Input Filter...

Delete Input Filter...

Display/Change Output Filter...

Add Output Filter...

Delete Output Filter...

Deleting a ﬁlter set

Note: If you delete a ﬁlter set, all of the ﬁlters it contains are deleted as well. To reuse any of these ﬁlters in another set, you’ll have to note their conﬁguration before deleting the current ﬁlter set and then recreate them.

To delete a ﬁlter set, select Delete Filter Set in the IP Filter Sets screen to display a list of ﬁlter sets.

Select a ﬁlter set from the list and press Return to delete it. Press the Escape key to exit the list without deleting the ﬁlter set.

A sample IP ﬁlter set

This section contains the settings for a ﬁlter set, called Basic Firewall, which is part of the Netopia R2020’s factory conﬁguration.

Basic Firewall blocks undesirable trafﬁc originating from the WAN (in most cases, the Internet), but passes all trafﬁc originating from the LAN. It follows the conservative “that which is not expressly permitted is prohibited” approach: unless an incoming packet expressly matches one of the constituent input ﬁlters, it will not be forwarded to the LAN.

Image 221

Netopia R2020 manual Modifying ﬁlter sets, Deleting a ﬁlter set, Sample IP ﬁlter set

Contents

Netopia¨ R2020 Dual Analog Router Part Number Contents Part II Advanced Configuration Contents Multiple Network Address Translation and IP Setup Aurp Snmp Contents Part III Appendixes Contents User’s Reference Guide Page Small Ofﬁce connection to the Internet Small Ofﬁce connection to the Internet Direct Connection to a Corporate Ofﬁce Telecommuter Conﬁgured to accept incoming dial-up connections Page Part I Getting Started User’s Reference Guide Overview Features and capabilitiesChapter Introduction How to use this guide What you need Chapter Making the Physical ConnectionsFind a location Ethernet Telco Identify the connectors and attach the cables Telco Line ports Netopia R2020 Dual Analog Router Back Panel Ports Making the Physical Connections Netopia R2020 LED front panel Netopia R2020 Dual Analog Router Status Lights Before running SmartStart Chapter Setting up your Router with the SmartStart WizardInstalled and properly conﬁgured. See User’s Reference Guide SmartStart Wizard conﬁguration screens Setting up your Router with the SmartStart Wizard Easy or Advanced options screen. You can choose either Easy option Setting up your Router with the SmartStart Wizard User’s Reference Guide Setting up your Router with the SmartStart Wizard Advanced option Dynamic conﬁguration recommended Conﬁguration tab Static conﬁguration optional Add. Repeat this process for the secondary DNS TCP/IP Conﬁguring TCP/IP on Macintosh computers TCP/IP or MacTCP Dynamic conﬁguration using MacIP optional User’s Reference Guide Readying computers on your local network Chapter Connecting Your Local Area Network User’s Reference Guide 10Base-T Connecting to an Ethernet network Adding an external modem Connecting to a LocalTalk network Wiring guidelines for PhoneNET cabling Chapter Console-based Management Snmp Simple Network Management Protocol. See Snmp on Connecting through a Telnet session Conﬁguring Telnet software Connecting a local terminal console cable to your router Navigating through the console screens How to access the Easy Setup console screens Chapter Easy SetupEasy Setup console screens Screen similar to the following appears Easy Setup proﬁle Beginning Easy Setup IP Easy Setup Ethernet IP Address 192.168.1.1 Ethernet Subnet Mask Easy Setup Security Part II Advanced Configuration User’s Reference Guide Chapter WAN and System Configuration WAN Creating a new Connection Proﬁle Datalink PPP/MP Options Data Compression IPX Profile Parameters Remote IPX Network Viewing or editing connection proﬁles Change Connection Profile Profile Name System Conﬁguration screens Deleting connection proﬁles Navigating through the System Conﬁguration screens System Conﬁguration features Maximum Packet Size 1500 Channel Usage Dynamic Bandwidth Allocation Filter Sets Firewalls Network Protocols Setup Console Conﬁguration IP Address ServingDate and Time Security Upgrade Feature SetSnmp Simple Network Management Protocol Logging Installing the Syslog client PPP MP Internal Modem Conﬁguration screen appears Chapter Managing Data CallsSpecifying telephone connections Atdt Auxiliary serial port HD-15 female OFF Customizing the default proﬁle Default Answer Proﬁle for Dial-in ConnectionsHow the Default Answer Proﬁle works PAP Call acceptance scenarios Scheduled connections Adding a scheduled connection Viewing scheduled connections ADD Scheduled Connection Cancel Set Once-Only Schedule Set Weekly Schedule Modifying a scheduled connection Deleting a scheduled connection Connection MeteringWeb-based management pages System Information Activity for your Frame relay DLCIs Accounting for switched interfaces only Connection Status Connect/Disconnect Router Budget Configuration Connection Budgets Connection Budget Configuration Budget Statistics WAN Event History Event History pages Device Event History Console-based management screens Connection Budget Setup Name Use Connection Profile Connection Budget Statistics Date and time setting Chapter Virtual Private Networks Tr ans it In tern etw ork Summary About Pptp tunnels on About Atmp Tunnels on About Pptp tunnels Pptp ConfigurationConfiguration Add Connection Profile Chap Local WAN IP Address 0.0 Remote IP Address Encryption support VPN Default Answer Profile QuickView VPN QuickView Dial-Up Networking for VPN Installing Dial-Up Networking Creating a new Dial-Up Networking profile Configuring a Dial-Up Networking profile Virtual Private Networks Windows 98 VPN installation Installing the VPN ClientWindows 95 VPN installation Connecting using Dial-Up Networking About Atmp Tunnels Atmp Configuration DES Local WAN IP Address 0.0 Remote IP Address Pptp Example Allowing VPNs though a firewall Select Display/Change Input Filter Change Output Filter EnabledYes ForwardYes Source IP Address Atmp Example Source Port ID Dest. Port Compare Change Output Filter EnabledYes ForwardYes Source IP Address Chapter Multiple Network Address Translation and IP Setup User’s Reference Guide Supported traffic Features NAT conﬁguration Easy Setup Profile IP setup 255.255.255.0 NAT rules ADD NAT MAP Add NAT Map mymap Modifying map lists Show/Change NAT Map List screen appears Change NAT Map screen appears Moving maps Adding server lists ADD NAT Server Modifying server lists Show/Change NAT Server List screen appears Deleting a server IP profile parameters Binding Map Lists and Server Lists +--NAT Map List Name Configuration Default Answer Profile Default Answer Profile Default Answer Proﬁle screen appears Associations NAT Associations NAT Associations +NAT Map List Name-+ MultiNAT Configuration Example Previous Screen Enter your ISP-supplied values as shown below Change NAT Public Range ADD NAT MAP Firmware upgrades and NAT IP subnets For example Static routes Viewing static routes Adding a static route Deleting a static route Rules of static route installationModifying a static route Main Menu System Configuration IP Address Serving Client Default Gateway Dhcp NetBIOS Options NetBios Type To release these addresses, select Lease Management Served IP Addresses screen appears Dhcp Relay Agent MacIP Kip Forwarding Options You have ﬁnished your IP Setup IPX Features Chapter IPX SetupIPX Deﬁnitions Internetwork Packet Exchange IPX IPX address Service Advertising Protocol SAPSocket Routing Information Protocol RIP IPX Spooﬁng NetBIOSIPX setup Default Gateway Address IPX in the answer proﬁle Menu Configuration Default Answer Profile Off Main Menu Statistics & Logs IPX routing tables User’s Reference Guide AppleTalk protocol Chapter AppleTalk SetupAppleTalk networks AT Routing Table Routers and seeding MacIP Installing AppleTalk Upgrade Feature Set Conﬁguring AppleTalk EtherTalk Setup LocalTalk Setup Aurp Free Trade Zone Aurp setupViewing Aurp partners Modifying an Aurp partner Adding an Aurp partner Conﬁguring Aurp Options Deleting an Aurp partnerReceiving Aurp connections AppleTalk Setup User’s Reference Guide Quick View status overview Chapter Monitoring Tools General Status Status lights Current Status General Statistics Statistics & LogsGeneral Statistics WAN Connection Statistics Event Histories WAN Event History Current Date Routing Tables IPX routing table IP routing table AppleTalk routing table IPX Sap Bindery table Served IP Addresses IP Address Lease Management screen appears Snmp Community strings Snmp Setup screen Snmp traps Viewing IP trap receivers Setting the IP trap receiversModifying IP trap receivers Deleting IP trap receivers User’s Reference Guide Suggested security measures Chapter Security Protecting the conﬁguration screens User accountsProtecting the Security Options screen Dial-in Console Access Telnet access Enable SmartStart/Web ServerAbout ﬁlters and ﬁlter sets What’s a ﬁlter and what’s a ﬁlter set? Filter priority How ﬁlter sets work Packet First filter Match? Yes ﬁlter’s actions How individual ﬁlters workﬁltering rule Parts of a ﬁlter 161 Aurp AppleTalk 387 Internet service TCP portWho 513 Port number comparisons Internet Control Message Protocol Putting the parts togetherTransmission Control Protocol User Datagram Protocol Filtering example #2 Filtering example #1 Disadvantages of ﬁlters Design guidelines Working with IP ﬁlters and ﬁlter sets An approach to using ﬁlters Naming a new ﬁlter set Adding a ﬁlter set Adding ﬁlters to a ﬁlter set Input and output ﬁlters-source and destinationNetopia R-series Router ADD this Filter NOW Cancel Viewing ﬁlters Viewing ﬁlter setsModifying ﬁlters Deleting ﬁlters Sample IP ﬁlter set Modifying ﬁlter setsDeleting a ﬁlter set TCP Icmp UDP Possible modiﬁcations User’s Reference Guide IPX ﬁlters Main Menu System Configuration Filter Sets Firewalls Adding a packet ﬁlter IPX packet ﬁltersViewing and modifying packet ﬁlters Deleting a packet ﬁlter IPX packet ﬁlter setsViewing and modifying packet ﬁlter sets Adding a packet ﬁlter set ADD Filter SET NOW Cancel Viewing and modifying SAP ﬁlters IPX SAP ﬁltersDeleting a packet ﬁlter set Adding a SAP ﬁlter Deleting a SAP ﬁlter IPX SAP ﬁlter setsViewing and modifying SAP ﬁlter sets Adding a SAP ﬁlter set Deleting a SAP ﬁlter set Firewall tutorial General Firewall Terms Example TCP/UDP Ports Basic IP Packet ComponentsBasic Protocol Types Binary Representation Firewall design rulesFirewall Logic Established Connections Logical ANDingImplied Rules This is an example of the Netopia IP ﬁlter set screen Filter BasicsExample IP Filter Set Screen Example Example FiltersExample Network Example Example Using the SecurID token card Token Security AuthenticationKey Security Authentication Features of the Netopia R2020 Securing network environments Conﬁguring for security authentication Security authentication components Establishing a dial-on-demand DOD connection call Connecting using security authentication Current Connection Status Establishing a manual connection call Chapter Utilities and Diagnostics Start Ping Ping Utilities and Diagnostics Stop Ping Time Trace Route Telnet client Secure Authentication Monitor Transferring conﬁguration and ﬁrmware ﬁles with Tftp Factory defaultsDisconnect Telnet Console Session Updating ﬁrmware Downloading conﬁguration ﬁles Transferring conﬁguration and ﬁrmware ﬁles with Xmodem Uploading conﬁguration ﬁles Idle Do you want to send a saved configuration to your Netopia? Restarting the system User’s Reference Guide Part III Appendixes User’s Reference Guide Conﬁguration problems Appendix a Troubleshooting Network problems SmartStart TroubleshootingConsole connection problems How to reach us Power outagesTechnical support Before contacting Netopia Online product information Netopia Bulletin Board Service 1Product information can be found in the following FAX-Back Finding an Internet service provider Appendix B Setting Up Internet Services Unique requirements Setting up a Netopia R2020 accountPricing and support ISP’s Point of presence Local LAN IP address information to obtain NAT-disabled Local LAN IP address information to obtain NAT enabledSmartIP Obtaining information from the ISP Remote WAN IP address information to obtain About IP addressing What is IP?Appendix C Understanding IP Addressing Subnets and subnet masks Subnet masks Example Using subnets on a Class C IP internet ISP Network Network conﬁguration Background Example Working with a Class C subnetDistributing IP addresses 255.255.255.224 Technical note on subnet masking Dhcp Address Serving Netopia R2020 Dhcp Server CharacteristicsConﬁguration Manually distributing IP addresses Using address servingMacIP Serving Serve dynamic WAN clients Understanding IP Addressing C-9 Tips and rules for distributing IP addresses Dhcp example Internet Nested IP subnets 0.0 C.1 WAN Packet header types Broadcasts User’s Reference Guide Appendix D Binary Conversion Table Decimal Binary Appendix E Further Reading User’s Reference Guide Further Reading E-3 User’s Reference Guide Pinouts for Auxiliary Port Modem Cable Appendix F Technical Specifications and Safety Information Description Power requirementsEnvironment VDC input Amps Regulatory notices Software and protocolsAgency approvals Declaration for Canadian users Battery Important safety instructionsTelecommunication installation cautions User’s Reference Guide Outbound data 33.6K 67.2K Inbound data 56K 112K Appendix G About 56K Line Access User’s Reference Guide Bps See bits per second Glossary User’s Reference Guide Glossary User’s Reference Guide Remapping See network number remapping User’s Reference Guide Glossary User’s Reference Guide Numerics Index Index-2 Index-3 Index-4 Index-5 Index-6 Limited Warranty and Limitation of Remedies User’s Reference Guide