Manuals / Netopia / Computer Equipment / Network Router

Netopia R2121 manual TCP Icmp UDP

Models: R2121

1 280

Download 280 pages 14.75 Kb

Page 181

Security 14-19

The ﬁve input ﬁlters and one output ﬁlter that make up Basic Firewall are shown in the table below.

Setting	Input ﬁlter 1	Input ﬁlter 2	Input ﬁlter 3	Input ﬁlter 4		Input ﬁlter 5	Output ﬁlter
Setting	Input ﬁlter 1	Input ﬁlter 2	Input ﬁlter 3	Input ﬁlter 4		Input ﬁlter 5	1
							1


Enabled	Yes	Yes	Yes	Yes		Yes	Yes

Forward	No	No	Yes	Yes		Yes	Yes

Source IP	0.0.0.0	0.0.0.0	0.0.0.0	0.0.0.0		0.0.0.0	0.0.0.0
address

Source IP	0.0.0.0	0.0.0.0	0.0.0.0	0.0.0.0		0.0.0.0	0.0.0.0
address mask

Dest. IP	0.0.0.0	0.0.0.0	0.0.0.0	0.0.0.0		0.0.0.0	0.0.0.0
address

Dest. IP	0.0.0.0	0.0.0.0	0.0.0.0	0.0.0.0		0.0.0.0	0.0.0.0
address mask

Protocol type	TCP	TCP	ICMP	TCP		UDP	0

Source port	No Com-	No Com-	N/A	No Com-		No Com-	N/A
comparison	pare	pare		pare		pare

Source port ID	0	0	N/A	0		0	N/A

Dest. port	Equal	Equal	N/A	Greater		Greater	N/A
comparison				Than		Than

Dest. port ID	2000	6000	N/A	1023		1023	N/A

Basic Firewall’s ﬁlters play the following roles.

Input ﬁlters 1 and 2: These block WAN-originated OpenWindows and X-Windows sessions. Service origination requests for these protocols use ports 2000 and 6000, respectively. Since these are greater than 1023, OpenWindows and X-Windows trafﬁc would otherwise be allowed by input ﬁlter 4. Input ﬁlters 1 and 2 must precede input ﬁlter 4; otherwise they would have no effect as ﬁlter 4 would have already passed OpenWindows and X-Windows trafﬁc.

Input ﬁlter 3: This ﬁlter explicitly passes all WAN-originated ICMP trafﬁc to permit devices on the WAN to ping devices on the LAN. Ping is an Internet service that is useful for diagnostic purposes.

Input ﬁlters 4 and 5: These ﬁlters pass all TCP and UDP trafﬁc, respectively, when the destination port is greater than 1023. This type of trafﬁc generally does not allow a remote host to connect to the LAN using one of the potentially intrusive Internet services, such as Telnet, FTP, and WWW.

Output ﬁlter 1: This ﬁlter passes all outgoing trafﬁc to make sure that no outgoing connections from the LAN are blocked.

Image 181

Netopia R2121 manual TCP Icmp UDP

Contents

Netopia¨ R2121 Dual Analog Router Part Number Contents Part II Advanced Configuration Contents Aurp Snmp Xmodem Part III Appendixes Viii User’s Reference Guide Index Index-1 Limited Warranty and Limitation of Remedies User’s Reference Guide Page Small Ofﬁce connection to the Internet Small Ofﬁce connection to the Internet Direct Connection to a Corporate Ofﬁce Telecommuter Conﬁgured to accept incoming dial-up connections Page Part I Getting Started User’s Reference Guide Chapter Introduction Features and capabilitiesOverview How to use this guide Find a location Chapter Making the Physical ConnectionsWhat you need Ethernet Telco Identify the connectors and attach the cablesTelco Netopia R2121 Dual Analog Router Back Panel Ports Making the Physical Connections Netopia R2121 LED front panel Netopia R2121 Dual Analog Router Status LightsMaking the Physical Connections User’s Reference Guide Before running SmartStart Chapter Setting up your Router with the SmartStart WizardUser’s Reference Guide SmartStart Wizard conﬁguration screens Setting up your Router with the SmartStart WizardEasy option Easy or Advanced setupSetting up your Router with the SmartStart Wizard User’s Reference Guide Setting up your Router with the SmartStart Wizard Advanced option Connection Proﬁle screen on Conﬁguration tab Dynamic conﬁguration recommendedStatic conﬁguration optional Add. Repeat this process for the secondary DNS TCP/IP Conﬁguring TCP/IP on Macintosh computersTCP/IP or MacTCP Dynamic conﬁguration using MacIP optional User’s Reference Guide SmartView overview Chapter Monitoring with SmartViewGeneral Machine Information Navigating SmartViewEvent History pages Connection ProﬁlesWAN Event History Http//routerIPAddress Standard Html Web-based monitoring pagesUser’s Reference Guide Readying computers on your local network Chapter Connecting Your Local Area NetworkUser’s Reference Guide Connecting to an Ethernet network 10Base-T Adding a third modem Connecting to a LocalTalk network Wiring guidelines for PhoneNET cabling User’s Reference Guide Part II Advanced Configuration User’s Reference Guide Chapter Console-based Management Connecting through a Telnet session Conﬁguring Telnet software Connecting a local terminal console cable to your routerPC ANSI-BBS Navigating through the console screensEasy Setup console screens Chapter Easy SetupHow to access the Easy Setup console screens See Appendix A, Troubleshooting, for more suggestions Easy Setup proﬁle Beginning Easy SetupIP Easy Setup Easy Setup Easy Setup Security Chapter WAN and System Configuration Creating a new Connection Proﬁle ADD Profile NOW CancelIPX Profile Parameters Remote IPX Network BAP Telco Options Viewing or editing connection proﬁles Deleting connection proﬁles Navigating through the System Conﬁguration screens System Conﬁguration screensSystem Conﬁguration features PAP Filter Sets Firewalls Network Protocols SetupIP Address Serving Date and TimeConsole Conﬁguration Snmp Simple Network Management Protocol Upgrade Feature SetSecurity LoggingInstalling the Syslog client Following screen shows a sample syslog dump of WAN events User’s Reference Guide Chapter Managing Voice and Data Calls Internal Modem Conﬁguration screen appears Specifying telephone connectionsOFF How the Default Answer Proﬁle works Default Answer Proﬁle for Dial-in ConnectionsCustomizing the default proﬁle User’s Reference Guide Call acceptance scenarios Scheduled connectionsViewing scheduled connections Adding a scheduled connection Set Weekly Schedule Set Once-Only Schedule Modifying a scheduled connection Cost control feature -- call accountingDeleting a scheduled connection Managing Voice and Data Calls Viewing call accounting statistics Display/Change Menu Configuration Connection ProfileCall Accounting Statistics screen appears User’s Reference Guide Network Address Translation features Chapter IP Setup, SmartIP and Network Address TranslationHOW NAT Works Using Network Address Translation ISP Associating port numbers to nodes Using multiple Connection ProﬁlesNetwork Address Translation guidelines IP setup IP Setup, SmartIP and Network Address Translation Select Add Export. The Add Exported Service screen appears IP Setup IP subnets IP Setup, SmartIP and Network Address Translation Static routes Viewing static routes Adding a static route Modifying a static route Rules of static route installationDeleting a static route Main System IP Address Menu Configuration Serving IP Setup, SmartIP and Network Address Translation Dhcp NetBIOS Options IP Setup, SmartIP and Network Address Translation Served IP Addresses screen appears MacIP Kip Forwarding Options User’s Reference Guide IPX Features Chapter IPX SetupIPX Deﬁnitions Internetwork Packet Exchange IPXIPX address Service Advertising Protocol SAPSocket Routing Information Protocol RIPIPX setup NetBIOSIPX Spooﬁng Default Gateway Address IPX in the answer proﬁle Menu Configuration Default Answer ProfileUser’s Reference Guide IPX routing tables User’s Reference Guide AppleTalk networks Chapter AppleTalk SetupAppleTalk protocol Update Routers and seeding MacIPInstalling AppleTalk Upgrade Feature Set Conﬁguring AppleTalk EtherTalk SetupLocalTalk Setup Viewing Aurp partners Aurp setupAurp Free Trade Zone Modifying an Aurp partner Adding an Aurp partnerReceiving Aurp connections Deleting an Aurp partnerConﬁguring Aurp Options AppleTalk Setup User’s Reference Guide Quick View status overview Chapter Monitoring ToolsGeneral Status Status lights Current StatusGeneral Statistics Statistics & LogsGeneral Statistics WAN Connection Statistics Event HistoriesWAN Event History Device Event History Routing Tables IPX routing table IP routing tableIPX Sap Bindery table AppleTalk routing tableUpdate Served IP Addresses IP Address Lease Management screen appears Snmp System InformationCommunity strings Snmp Setup screenSnmp traps Viewing IP trap receivers Setting the IP trap receiversModifying IP trap receivers Deleting IP trap receiversSuggested security measures Chapter SecurityProtecting the Security Options screen User accountsProtecting the conﬁguration screens Dial-in Console Access Telnet access Enable SmartStart/SmartView/Web ServerAbout ﬁlters and ﬁlter sets What’s a ﬁlter and what’s a ﬁlter set?Filter priority How ﬁlter sets workPacket First filter Match? Yes ﬁlter’s actions How individual ﬁlters workﬁltering rule Parts of a ﬁlterPort number comparisons Port numbersPutting the parts together Other ﬁlter attributesFiltering example #1 UDPFiltering example #2 Design guidelinesWorking with IP ﬁlters and ﬁlter sets An approach to using ﬁltersDisadvantages of ﬁlters Adding a ﬁlter set Naming a new ﬁlter set Adding ﬁlters to a ﬁlter set Input and output ﬁlters-source and destinationADD this Filter NOW Cancel Viewing ﬁlters Viewing ﬁlter setsModifying ﬁlters Deleting ﬁltersDeleting a ﬁlter set Modifying ﬁlter setsSample IP ﬁlter set TCP Icmp UDP Possible modiﬁcations Security IPX ﬁlters Viewing and modifying packet ﬁlters IPX packet ﬁltersAdding a packet ﬁlter Deleting a packet ﬁlter IPX packet ﬁlter setsViewing and modifying packet ﬁlter sets Adding a packet ﬁlter setNo Match Deleting a packet ﬁlter set IPX SAP ﬁltersViewing and modifying SAP ﬁlters Adding a SAP ﬁlter Deleting a SAP ﬁlter IPX SAP ﬁlter setsViewing and modifying SAP ﬁlter sets Adding a SAP ﬁlter setDeleting a SAP ﬁlter set Basic IP Packet Components Firewall tutorial General Firewall TermsBasic Protocol Types Example TCP/UDP Ports Firewall design rulesFirewall Logic Logical ANDing Binary RepresentationImplied Rules Established Connections Filter BasicsExample IP Filter Set Screen Example Network Example FiltersExample Example Example Using the SecurID token card Token Security AuthenticationKey Security Authentication Features of the Netopia R2121 Securing network environmentsConﬁguring for security authentication Security authentication componentsEstablishing a dial-on-demand DOD connection call Connecting using security authenticationCurrent Connection Status Establishing a manual connection call User’s Reference Guide Chapter Utilities and Diagnostics Start Ping PingUtilities and Diagnostics Stop Ping Trace RouteTelnet client Telnet client screen appears Secure Authentication MonitorDisconnect Telnet Console Session Factory defaultsTransferring conﬁguration and ﬁrmware ﬁles with Tftp Updating ﬁrmware Downloading conﬁguration ﬁles Transferring conﬁguration and ﬁrmware ﬁles with Xmodem Uploading conﬁguration ﬁlesIdle Downloading conﬁguration ﬁles Restarting the system User’s Reference Guide Part III Appendixes User’s Reference Guide Conﬁguration problems Appendix a TroubleshootingConsole connection problems SmartStart TroubleshootingNetwork problems How to reach us Power outagesTechnical support Before contacting NetopiaFAX-Back Online product informationFinding an Internet service provider Appendix B Setting Up Internet ServicesUnique requirements Setting up a Netopia R2121 accountPricing and support ISP’s Point of presenceLocal LAN IP address information to obtain NAT-disabled Local LAN IP address information to obtain NAT enabledSmartIP Obtaining information from the ISPRemote WAN IP address information to obtain Appendix C Understanding IP Addressing What is IP?About IP addressing Subnets and subnet masks Subnet masks Example Using subnets on a Class C IP internetISP Network Network conﬁgurationDistributing IP addresses Example Working with a Class C subnetBackground Technical note on subnet masking Conﬁguration Netopia R2121 Dhcp Server CharacteristicsDhcp Address Serving Manually distributing IP addresses Using address servingMacIP Serving Serve dynamic WAN clientsUnderstanding IP Addressing C-9 Tips and rules for distributing IP addressesDhcp example Internet Nested IP subnets3719 Management Packet header types BroadcastsUser’s Reference Guide Network Conﬁguration Appendix D Understanding Netopia NAT BehaviorBackground User’s Reference Guide Router Netopia Router Netopia Understanding Netopia NAT Behavior D-5 Exported servicesImportant notes Understanding Netopia NAT Behavior D-7 Summary Appendix E Binary Conversion Table Decimal Binary Appendix F Further Reading User’s Reference Guide Further Reading F-3 User’s Reference Guide Pinouts for Auxiliary Port Modem Cable Appendix G Technical Specifications and Safety InformationDescription Power requirementsEnvironment Agency approvals Software and protocolsRegulatory notices Declaration for Canadian users Telecommunication installation cautions Important safety instructionsBattery User’s Reference Guide Outbound data 33.6K 67.2K Inbound data 56K 112K Appendix H About 56K Line AccessUser’s Reference Guide Bps See bits per second GlossaryUser’s Reference Guide Glossary User’s Reference Guide Glossary Remapping See network number remapping Glossary User’s Reference Guide Numerics IndexIndex-2 Index-3 Index-4 Index-5 Index-6 Limited Warranty and Limitation of Remedies User’s Reference Guide