Manuals / Netopia / Computer Equipment / Network Router

Netopia R3100 manual How individual ﬁlters work, ﬁlter’s actions, ﬁltering rule, Parts of a ﬁlter

Models: R3100

1 320

Download 320 pages 53.76 Kb

Page 185

Security 15-7

How individual ﬁlters work

As described above, a ﬁlter applies criteria to an IP packet and then takes one of three actions:

A ﬁlter’s actions

■Passes the packet to the local or remote network

■Blocks (discards) the packet

■Ignores the packet

A ﬁlter passes or blocks a packet only if it ﬁnds a match after applying its criteria. When no match occurs, the ﬁlter ignores the packet.

The criteria are based on information contained in the packets. A ﬁlter is simply a rule that prescribes certain actions based on certain conditions. For example, the following rule qualiﬁes as a ﬁlter:

A ﬁltering rule

Block all Telnet attempts that originate from the remote host 199.211.211.17.

This rule applies to Telnet packets that come from a host with the IP address 199.211.211.17. If a match occurs, the packet is blocked.

Here is what this rule looks like when implemented as a ﬁlter on the Netopia R3100:

+-#--	Source IP Addr--	Dest IP Addr-----	Proto-Src.Port-D.Port--	On?-Fwd-+
+--------------------------------------------------------------------				+
1	199.211.211.17	0.0.0.0	TCP 23	Yes No
+--------------------------------------------------------------------				+

To understand this particular ﬁlter, look at the parts of a ﬁlter.

Parts of a ﬁlter

A ﬁlter consists of criteria based on packet attributes. A typical ﬁlter can match a packet on any one of the following attributes:

■The source IP address (where the packet was sent from)

■The destination IP address (where the packet is going)

■The type of higher-layer Internet protocol the packet is carrying, such as TCP or UDP

Image 185

Netopia R3100 manual How individual ﬁlters work, ﬁlter’s actions, ﬁltering rule, Parts of a ﬁlter

Contents

Netopia R3100 Isdn Routers Part Number Contents Ii User’s Reference Guide Part II Advanced Configuration Iv User’s Reference Guide Aurp Vi User’s Reference Guide Part III Appendixes Viii User’s Reference Guide Contents User’s Reference Guide Conﬁguration options for your Netopia R3100 Isdn Router Small Ofﬁce connection to the Internet Small Ofﬁce connection to the Internet Direct Connection to a Corporate Ofﬁce Telecommuter Conﬁgured to accept incoming dial-up connections Conﬁgured for Idsl Part I Getting Started User’s Reference Guide Chapter Introduction Features and capabilitiesOverview IntroductionHow to use this guide Find a location Chapter Making the Physical ConnectionsWhat you need Making the Physical ConnectionsIdentify the connectors and attach the cables Netopia R3100 Isdn Router Back Panel Ports Cable to your router on Services on Netopia R3100 LED front panel Netopia R3100 Isdn Router Status LightsSetting up your Router with the SmartStart Wizard Chapter Setting up your Router with the SmartStart WizardBefore running SmartStart SmartStart Wizard conﬁguration screens Setting up your Router with the SmartStart WizardEasy option Easy or Advanced setupSetting up your Router with the SmartStart Wizard User’s Reference Guide Setting up your Router with the SmartStart Wizard User’s Reference Guide Advanced option Connection Proﬁle screen on Conﬁguration tab Dynamic conﬁguration recommendedStatic conﬁguration optional Add. Repeat this process for the secondary DNS TCP/IP Conﬁguring TCP/IP on Macintosh computersTCP/IP or MacTCP Dynamic conﬁguration using MacIP optional Setting up your Router with the SmartStart Wizard User’s Reference Guide Connecting Your Local Area Network Chapter Connecting Your Local Area NetworkReadying computers on your local network 10Base-T Connecting to an Ethernet network10BASE-T Remote console Connecting to a LocalTalk network Wiring guidelines for PhoneNET cabling User’s Reference Guide SmartView Chapter SmartViewSmartView overview General Machine information Navigating SmartViewEvent history pages Connection ProﬁlesDevice Event History WAN Event History Standard Html web-based monitoring pages User’s Reference Guide Console-based Management Chapter Console-based ManagementAbout Console-based Management Connecting through a Telnet session Conﬁguring Telnet software Connecting a local terminal console cable to your routerPC ANSI-BBS Navigating through the console screens User’s Reference Guide Easy Setup console screens Chapter Easy SetupHow to access the Easy Setup console screens Easy SetupSee Appendix A, Troubleshooting, for more suggestions Isdn Easy Setup Beginning Easy SetupPPP Cancel Idsl Easy Setup Previous Screen Easy Setup ProﬁleUser’s Reference Guide Previous Screen Next Screen IP Easy SetupEasy Setup Security Conﬁguring Frame Relay Isdn Easy Setup Frame Relay screensWAN Conﬁguration Frame Relay screens Setup Isdn Line ConfigurationFrame Relay conﬁguration Easy Setup Frame Relay Dlci conﬁguration Displaying a Frame Relay Dlci conﬁguration table Changing a Frame Relay Dlci conﬁguration Adding a Frame Relay Dlci conﬁguration ADD Dlci NOW CancelDeleting a Frame Relay Dlci conﬁguration Part II Advanced Configuration User’s Reference Guide WAN and System Conﬁguration Chapter WAN and System ConfigurationCreating a new Connection Proﬁle Add Connection Proﬁle screen appears IPX Profile Parameters Remote IPX Network BAP Telco Options Initiate Data Service 64 kb/sec Dial Default Proﬁle How the default proﬁle works Configuration Default Profile Customizing the Default ProﬁleIP parameters default proﬁle screen WAN and System Conﬁguration Auxiliary Port Conﬁguration IPX parameters default proﬁle screenSystem Conﬁguration screens System Conﬁguration features PAP Filter Sets Firewalls Network Protocols SetupIP Address Serving Date and TimeMM/DD/YY Console Conﬁguration Upgrade Feature SetSnmp Simple Network Management Protocol SecurityLogging Telephone setupNov Specifying telephone connections Chapter Using SmartPhone for Telephone ServicesUsing SmartPhone for Telephone Services Inbound Directory Number Using SmartPhone for Telephone Services Preview Ring Deﬁning priority ringingLine provisioning Advanced calling featuresConﬁguring supplementary services Call Accounting and Default Answer Proﬁle Chapter Call Accounting and Default Answer ProfileCost control feature -- call accounting Viewing call accounting statistics Call Accounting Statistics screen appears Scheduled connections Viewing scheduled connections Adding a scheduled connection Set Weekly Schedule Set Once-Only Schedule How the Default Answer Proﬁle works Default Answer ProﬁleModifying a scheduled connection Deleting a scheduled connectionCustomizing the default proﬁle Call Accounting and Default Answer Proﬁle Call acceptance scenarios IP Setup and Network Address Translation Chapter IP Setup and Network Address TranslationNetwork Address Translation features HOW NAT Works Using Network Address Translation ISP Network Address Translation guidelines Using multiple Connection ProﬁlesAssociating port numbers to nodes IP setup IP Setup and Network Address Translation Select Add Export. The Add Exported Service screen appears IP Setup IP subnets IP Setup and Network Address Translation Static routes Viewing static routes Adding a static route Deleting a static route Rules of static route installationModifying a static route Main System IP Address Menu Configuration Serving 163.176.56.90 Dhcp NetBIOS Options MacIP Kip Forwarding Options You have ﬁnished your IP Setup IPX Features Chapter IPX SetupIPX Setup IPX DeﬁnitionsIPX address Service Advertising Protocol SAPSocket Routing Information Protocol RIPIPX Spooﬁng NetBIOSIPX setup Default Gateway Address IPX routing tables User’s Reference Guide AppleTalk Setup Chapter AppleTalk SetupInstalling AppleTalk AppleTalk protocol AppleTalk networksAppleTalk Setup Aurp MacIPRouters and seeding Conﬁguring AppleTalk EtherTalk Setup LocalTalk Setup Aurp Free Trade Zone Aurp setupViewing Aurp partners Modifying an Aurp partner Adding an Aurp partnerConﬁguring Aurp Options Deleting an Aurp partnerReceiving Aurp connections User’s Reference Guide Monitoring Tools Chapter Monitoring ToolsQuick View status overview General status Status lights Current statusGeneral Statistics Statistics & LogsNetwork Interface Event historiesPhysical Interface Request from our DN WAN Event HistoryDevice Event History Routing tablesIP routing table AppleTalk routing table IPX routing tableIPX Sap Bindery table Served IP Addresses IP Address Lease Management screen appears Snmp System InformationCommunity strings Snmp Setup screenSnmp traps Viewing IP trap receivers Setting the IP trap receiversModifying IP trap receivers Deleting IP trap receiversUser’s Reference Guide Security Chapter SecuritySuggested security measures Protecting the conﬁguration screens User accountsProtecting the Security Options screen Dial-in Console Access Telnet access Enable SmartStart/SmartView/Web ServerAbout ﬁlters and ﬁlter sets What’s a ﬁlter and what’s a ﬁlter set?Filter priority How ﬁlter sets workPacket First filter Match? Yes ﬁlter’s actions How individual ﬁlters workﬁltering rule Parts of a ﬁlterPort number comparisons Port numbersPutting the parts together Other ﬁlter attributesFiltering example #1 UDPFiltering example #2 Design guidelinesDisadvantages of ﬁlters An approach to using ﬁltersWorking with IP ﬁlters and ﬁlter sets Adding a ﬁlter set Input and output ﬁlters-source and destination Naming a new ﬁlter setAdding ﬁlters to a ﬁlter set Netopia R-series RouterADD this Filter NOW Cancel Viewing ﬁlters Viewing ﬁlter setsModifying ﬁlters Deleting ﬁltersSample IP ﬁlter set Modifying ﬁlter setsDeleting a ﬁlter set TCP Icmp UDP Possible modiﬁcations Security IPX ﬁlters Adding a packet ﬁlter IPX packet ﬁltersViewing and modifying packet ﬁlters Deleting a packet ﬁlter IPX packet ﬁlter setsViewing and modifying packet ﬁlter sets Adding a packet ﬁlter setADD Filter SET NOW Cancel Viewing and modifying SAP ﬁlters IPX SAP ﬁltersDeleting a packet ﬁlter set Adding a SAP ﬁlter Deleting a SAP ﬁlter IPX SAP ﬁlter setsViewing and modifying SAP ﬁlter sets Adding a SAP ﬁlter setDeleting a SAP ﬁlter set Basic Protocol Types Firewall tutorial General Firewall TermsBasic IP Packet Components Firewall Logic Firewall design rulesExample TCP/UDP Ports Implied Rules Binary RepresentationLogical ANDing Example IP Filter Set Screen Filter BasicsEstablished Connections Example Example FiltersExample Network Example Example Using the SecurID token card Token Security AuthenticationKey Security Authentication Features of the Netopia R3100 Securing network environmentsConﬁguring for security authentication Security authentication componentsEstablishing a dial-on-demand DOD connection call Connecting using security authenticationCurrent Connection Status Establishing a manual connection call User’s Reference Guide Utilities and Diagnostics Chapter Utilities and DiagnosticsStart Ping PingUtilities and Diagnostics Stop Ping Telnet clientTelnet client screen appears Trace RouteSecure Authentication Monitor Transferring conﬁguration and ﬁrmware ﬁles with Tftp Factory defaultsDisconnect Telnet Console Session Updating ﬁrmware Uploading conﬁguration ﬁles Downloading conﬁguration ﬁlesTransferring conﬁguration and ﬁrmware ﬁles with Xmodem Do you want to send a saved configuration to your Netopia? Restarting the system Isdn Switch Loopback Test User’s Reference Guide If the loopback test fails Part III Appendixes User’s Reference Guide Troubleshooting A-1 Appendix a TroubleshootingConﬁguration problems Network problems SmartStart TroubleshootingConsole connection problems How to get support Power outagesTechnical support Before contacting NetopiaFAX-Back Online product informationFinding an Isdn service provider Appendix B Setting Up Telco ServicesObtaining an Isdn line Choosing an Isdn lineIsdn Ordering Codes Setup tipsPhysical Isdn line Outside North America only Switch protocol typeDirectory and Spid numbers U models only Circuit ID number U models onlyLong-distance Isdn calls North American models only Testing the Isdn lineCompleting the Isdn worksheet Isdn Telco Worksheet for North America Isdn Telco Worksheet for Outside North America User’s Reference Guide North American Telco Provisioning for Isdn Appendix C North American Telco Provisioning for IsdnUser’s Reference Guide Finding an Internet service provider Appendix D Setting Up Internet ServicesSetting Up Internet Services D-1 Unique requirementsPricing and support Setting up a Netopia R3100 accountISP’s Point of presence Endorsements Deciding on an ISP accountLocal LAN IP address information to obtain Obtaining information from the ISPWith Network Address Translation Remote WAN IP address information to obtainRemote WAN IP address information to obtain Appendix E Understanding IP Addressing What is IP?About IP addressing Understanding IP Addressing E-1Subnets and subnet masks Subnet masks Example Using subnets on a Class C IP internetUnderstanding IP Addressing E-3 ISP Network Network conﬁgurationDistributing IP addresses Example Working with a Class C subnetUnderstanding IP Addressing E-5 BackgroundTechnical note on subnet masking Conﬁguration Netopia R3100 Dhcp Server CharacteristicsUnderstanding IP Addressing E-7 Dhcp Address ServingManually distributing IP addresses Using address servingTips and rules for distributing IP addresses MacIP ServingDhcp example Understanding IP Addressing E-9Internet Nested IP subnetsUnderstanding IP Addressing E-11 Packet header types BroadcastsNetwork Conﬁguration Appendix F Understanding Netopia NAT BehaviorBackground Understanding Netopia NAT Behavior F-1User’s Reference Guide Understanding Netopia NAT Behavior F-3 Router NetopiaRouter Netopia Understanding Netopia NAT Behavior F-5 Exported servicesImportant notes Understanding Netopia NAT Behavior F-7 Summary Understanding Frame Relay G-1 Appendix G Understanding Frame RelayVirtual Circuits Excess Burst Size Be Committed Information Rate CIRCommitted Burst Size Bc Local and Global DLCIs AddressingLocal Management Interface LMI Understanding Frame Relay G-3Frame Relay partial mesh support Encapsulation and FragmentationNetwork Protocol Addressing and Virtual Interfaces Understanding Frame Relay G-5 User’s Reference Guide Leased line events Appendix H Event HistoriesIsdn events Event HistoriesIsdn event cause codes Event Histories User’s Reference Guide Event Histories User’s Reference Guide Deﬁnitions Appendix Isdn Conﬁguration GuideAbout SPIDs Isdn Conﬁguration GuideDynamic B-channel usage Example SPIDsOther incoming call restrictions User’s Reference Guide Binary Conversion Table J-1 Appendix J Binary Conversion TableDecimal Binary Further Reading K-1 Appendix K Further ReadingUser’s Reference Guide Further Reading K-3 User’s Reference Guide Pinouts for Auxiliary Port Modem Cable Appendix L Technical Specifications and Safety InformationTechnical Speciﬁcations and Safety Information L-1 DSR Technical Speciﬁcations and Safety Information L-3 Power requirementsDescription EnvironmentRegulatory notices Agency approvalsNorth America InternationalTechnical Speciﬁcations and Safety Information L-5 Declaration for Canadian users Important safety instructionsAustralian Safety Information Battery Technical Speciﬁcations and Safety Information L-7Telecommunication installation cautions User’s Reference Guide Glossary GlossaryUser’s Reference Guide Glossary User’s Reference Guide Glossary Remapping See network number remapping Glossary User’s Reference Guide Index-1 IndexIndex-2 ISP Index-3NAT Index-4Spid Index-5Index-6 Limited Warranty and Limitation of Remedies Limited Warranty and Limitation of RemediesUser’s Reference Guide