Other filter attributes, Putting the parts together | Netopia R5200

Security 13-9

Other filter attributes

There are three other attributes to each ﬁlter:

■The ﬁlter’s order (i.e., priority) in the ﬁlter set

■Whether the ﬁlter is currently active

■Whether the ﬁlter is set to forward packets or to block (discard) packets

Putting the parts together

When you display a ﬁlter set, its ﬁlters are displayed as rows in a table:

+-#---	Source IP Addr---	Dest IP Addr-----	Proto-Src.Port-D.Port--			On?-Fwd-+
+----------------------------------------------------------------------							+
1	192.211.211.17	0.0.0.0	TCP	0	23	Yes No
2	0.0.0.0	0.0.0.0	TCP	NC	=6000	Yes No
3	0.0.0.0	0.0.0.0	ICMP	--	--	Yes Yes
4	0.0.0.0	0.0.0.0	TCP	NC	>1023	Yes Yes
5	0.0.0.0	0.0.0.0	UDP	NC	>1023	Yes Yes











+----------------------------------------------------------------------							+

The table’s columns correspond to each ﬁlter’s attributes:

#: The ﬁlter’s priority in the set. Filter number 1, with the highest priority, is ﬁrst in the table.

Source IP Addr: The packet source IP address to match.

Dest IP Addr: The packet destination IP address to match.

Proto: The protocol to match. This can be entered as a number (see the table below) or as TCP or UDP if those protocols are used.

Protocol	Number to use	Full name


N/A	0	Ignores protocol type

ICMP	1	Internet Control Message Protocol

TCP	6	Transmission Control Protocol

UDP	17	User Datagram Protocol

Image 187

Netopia R5200, R5300, R5100 manual Other filter attributes, Putting the parts together, Internet Control Message Protocol

Contents

Netopia R5000 Series Routers Part Number Contents Setting up your Router with the SmartStart Wizard Part II Advanced Configuration Vi User’s Reference Guide Aurp Viii User’s Reference Guide Part III Appendixes User’s Reference Guide Index Index-1 Limited Warranty and Limitation of Remedies Xii User’s Reference Guide Part I Getting Started User’s Reference Guide Chapter Introduction Features and capabilitiesOverview How to use this guide Finding an Internet service provider Chapter Setting Up Internet ServicesType of Service Data Rate Speed Datalink Protocol Pricing and support Unique requirementsEndorsements Deciding on an ISP account Without Network Address Translation Obtaining information from the ISPLocal LAN IP address information to obtain With Network Address Translation User’s Reference Guide Find a location Chapter Making the Physical Connections What you need Serial Line port Connect the routerR5100 Serial R5200 DDS and R5300 T1 Attach the cables Identify the connectors Netopia R5000 Series Router LED front panel Netopia R5000 Series Router status lights User’s Reference Guide Readying computers on your local network Chapter Connecting to Your Local Area Network User’s Reference Guide Crossover Switch Auxiliary port Port Ethernet hub Connecting to an Ethernet network10Base-T Adding an external modem Connecting to a LocalTalk network User’s Reference Guide Chapter Setting up your Router with the SmartStart Wizard Before running SmartStart Installed and properly conﬁgured. See SmartStart Wizard configuration screens Setting up your Router with the SmartStart Wizard Easy option Setup options screen. You can choose either Easy or Advanced option Conﬁguration screen on Conﬁguration tab Dynamic configuration recommended Static configuration optional Add. Repeat this process for the secondary DNS TCP/IP Configuring TCP/IP on Macintosh computers TCP/IP or MacTCP Close the TCP/IP control panel and save the settings Dynamic configuration using MacIP optional Setting up your Router with the SmartStart Wizard User’s Reference Guide Chapter Console-Based Management Filter sets ﬁrewalls. See Security on Connecting through a Telnet sessionSnmp Simple Network Management Protocol. See Snmp on Connecting a console cable to your router Configuring Telnet software Mac ANSI, VT-100, or VT-200 Navigating through the console screens Screen differences Chapter Easy SetupEasy Setup console screens Accessing the Easy Setup console screens Screen similar to the following Main Menu appears See Appendix A, Troubleshooting, for more suggestions Serial Line Easy Setup screen appears Serial Line Easy Setup configuration screen T1 Line Conﬁguration screen appears T1 Line configuration screen DDS Line Conﬁguration screen appears DDS Line configuration screen Easy Setup Proﬁle screen appears Easy Setup Profile screen IP Easy Setup Easy Setup Security Configuration Easy Setup User’s Reference Guide Part II Advanced Configuration User’s Reference Guide WAN configuration Chapter WAN and System ConfigurationConfiguration Line configuration for a Serial line Line configuration for a DDS line Line configuration for a T1 line WAN and System Conﬁguration Easy Setup Frame Relay screens Configuring Frame RelayMain Menu Easy Setup Line Configuration Setup Line Configuration WAN Configuration Frame Relay screens Frame Relay configuration WAN and System Conﬁguration Displaying a Frame Relay Dlci configuration table Frame Relay Dlci configuration WAN and System Conﬁguration Changing a Frame Relay Dlci configuration Dlci Adding a Frame Relay Dlci configuration Deleting a Frame Relay Dlci configuration Creating a new Connection Proﬁle ADD Profile NOW Cancel IPX Profile Parameters Remote IPX Network Datalink Frame Relay Options Auto-Detect DLCIs PAP Dial IP Address IPX Network-+ Configuration Default Profile Default profile IP parameters default profile screen IPX parameters default profile screen Configuration Scheduled Connections Scheduled connections switched async only Viewing scheduled connections Adding a scheduled connection Set Weekly Schedule Set Once-Only Schedule Deleting a scheduled connection Modifying a scheduled connection Connection accounting screens switched async only Budget Setup screen appears Budget Statistics in Hhhhmm Navigating through the system configuration screens System configuration screens System configuration features Date and time Network protocols setupFilter sets firewalls IP address serving Console configuration Logging Upgrade feature setSnmp Simple Network Management Protocol Security Installing the Syslog client User’s Reference Guide Network Address Translation features Chapter IP Setup and Network Address Translation HOW NAT Works Previous Screen Using Network Address Translation V2 multicast Numbered Unnumbered Sdsl WAN1 Associating port numbers with nodes Connection Profiles Advanced IP/IPX router configuration options ATM Funi IPX Profile Parameters Remote IPX Network Network Address Translation guidelines IP setup IP Setup and Network Address Translation Select Add Export. The Add Exported Service screen appears Select Service. a pop-up menu of services and ports appears IP subnets IP Setup and Network Address Translation Static routes Viewing static routes Static Routes screen will appear Adding a static route Modifying a static route Rules of static route installationDeleting a static route Main System Menu Configuration IP Address Serving 176.163.222.10 Dhcp NetBios Options Serve Bootp Clients IP Address Pools User’s Reference Guide Dhcp NetBIOS Options NetBios Type Select Release BootP Leases and press Return MacIP KIP forwarding setup You have ﬁnished your IP setup Internetwork Packet Exchange IPX Chapter IPX SetupIPX features IPX definitions Routing Information Protocol RIP Service Advertising Protocol SAPIPX address Socket IPX setup screen NetBIOSIPX spoofing Default Gateway Address IPX routing tables User’s Reference Guide AppleTalk networks Chapter AppleTalk SetupAppleTalk protocol AT Routing Table Routers and seeding MacIP Installing AppleTalk Upgrade NOW EtherTalk setup Configuring AppleTalk LocalTalk setup Viewing Aurp partners Aurp setupAurp Free Trade Zone Modifying an Aurp partner Adding an Aurp partner Deleting an Aurp partner Configuring Aurp OptionsReceiving Aurp connections Aurp Options Tickle Interval Hhmmss User’s Reference Guide Quick View status overview Chapter Monitoring Tools General status Status lights Current status Statistics & Logs Physical Interface General StatisticsNetwork Interface Event histories WAN Event History Device Event History Routing tables IPX routing table IP routing table AppleTalk routing table IPX Sap Bindery table Served IP Addresses IP Address Lease Management screen appears Snmp System Information Community strings Snmp Setup screen Snmp traps Deleting IP trap receivers Setting the IP trap receiversViewing IP trap receivers Modifying IP trap receivers T1 Line Statistics and Diagnostics screen T1 DiagnosticsSelect T1 Line Statistics / Diagnostics and press Return T1 Line Statistics / Diagnostics screen appears Monitoring Tools Web-based monitoring Accounting for switched interfaces only Frame Relay Statistics Connection Status Connect/Disconnect Router Budget Configuration Connection Budgets Connection Budget Configuration Budget Statistics Event History pages Device Event History Suggested security measures Chapter SecurityUser accounts Protecting the Security Options screen Protecting the configuration screens Dial-in console access What’s a filter and what’s a filter set? Enable SmartStart/SmartView/Web serverTelnet access About filters and filter sets Filter priority How filter sets work User’s Reference Guide Parts of a filter How individual filters workFilter’s actions Filtering rule Who 513 161 Aurp AppleTalk 387Port number comparisons Transmission Control Protocol Other filter attributesPutting the parts together Internet Control Message Protocol Filtering example #1 Filtering example #2 Design guidelinesDisadvantages of filters Working with IP filters and filter sets An approach to using filters Naming a new filter set Adding a filter set Netopia Router Input and output filters-source and destination ADD this Filter NOW Cancel User’s Reference Guide Viewing filters Moving filtersModifying filters Deleting filters Viewing filter sets Modifying filter sets Sample IP filter set TCP Icmp UDP Possible modifications User’s Reference Guide IPX filters Main Menu System Configuration Filter Sets Firewalls Viewing and modifying packet filters IPX packet filtersAdding a packet filter Adding a packet filter set IPX packet filter setsDeleting a packet filter Viewing and modifying packet filter sets No Match Deleting a packet filter set IPX SAP filtersViewing and modifying SAP filters Deleting a SAP filter Adding a SAP filter Viewing and modifying SAP filter sets IPX SAP filter setsAdding a SAP filter set Deleting a SAP filter set ACK Bit Yes Firewall tutorial General firewall termsBasic IP packet components Basic protocol types Example TCP/UDP Ports Firewall design rulesFirewall Logic Logical and function Binary representation Established connections Implied rulesExample IP filter set screen Example network Filter basics Example Example filters Example Example Chapter Utilities and Diagnostics Ping Utilities and Diagnostics Stop Ping Time Trace Route Telnet client Disconnect Telnet console session Factory defaults Updating firmware Transferring configuration and firmware files with Tftp Downloading configuration files Transferring configuration and firmware files with Xmodem Uploading configuration files Idle Do you want to send a saved configuration to your Netopia? Restarting the system User’s Reference Guide Part III Appendixes User’s Reference Guide Configuration problems Appendix a Troubleshooting Network problems Console connection problems Power outages How to reset the router to factory defaults Environment profile How to reach usTechnical support Before contacting Netopia FAX-Back Netopia Bulletin Board Service 1Online product information Product information can be found in the following User’s Reference Guide Appendix B Understanding IP Addressing What is IP?About IP addressing Subnets and subnet masks Subnet masks Example Using subnets on a Class C IP internet Customer Site a ISP Network Network configuration Distributing IP addresses Example Working with a Class C subnetBackground Technical note on subnet masking 255.255.255.0 ConfigurationNetopia R5000 Series Router Dhcp server characteristics 255.255.255.192 Manually distributing IP addresses Using address servingMacIP serving Serve dynamic WAN clients Tips and rules for distributing IP addresses Dhcp example Internet Nested IP subnets 0.0 C.1 WAN 3719 Packet header types Broadcasts User’s Reference Guide Appendix C Understanding Netopia NAT Behavior Network configurationBackground User’s Reference Guide Understanding Netopia NAT Behavior C-3 Netopia Router WWW Server ISP Router LAN Understanding Netopia NAT Behavior C-5 Exported services Important notes Understanding Netopia NAT Behavior C-7 Summary Appendix D Binary Conversion Table Decimal Binary Appendix E Further Reading User’s Reference Guide No August Further Reading E-3 User’s Reference Guide Pin Not used DCE Ready Appendix F Technical Specifications and Safety InformationPinouts for Auxiliary port modem cable HD-15 DB-25 Pin Ground Not used Pin Not used HD-15 DB-25 PinPin Rset EIA-530 Pin Not used Tset EIA-530 Software and protocols Power requirementsDescription Environment FCC Class B Agency approvalsRegulatory notices North America R5100, R5200, R5300 Technical Speciﬁcations and Safety Information F-5 Australian Safety Information R5100 Important safety instructionsDeclaration for Canadian users Battery Telecommunication installation cautions User’s Reference Guide Glossary User’s Reference Guide Glossary User’s Reference Guide Glossary Remapping See network number remapping Glossary User’s Reference Guide Numerics Index Deﬁned Display Account types LocalTalk conﬁguration Index-3 Index-4 Index-5 Index-6 Limited Warranty and Limitation of Remedies User’s Reference Guide