Manuals / Netopia / Computer Equipment / Network Router

Netopia R5100, R5300, R5200 manual Sample IP filter set, Modifying filter sets

Models: R5300 R5100 R5200

1 290

Download 290 pages 3.3 Kb

Page 197

Security 13-19

Modifying filter sets

To modify a ﬁlter set, select Display/Change Filter Set in the Filter Sets screen to display a list of ﬁlter sets.

Select a ﬁlter set from the list and press Return. The Change Filter Set screen appears. The items in this screen are the same as the ones in the Add Filter screen (see “Adding ﬁlters to a ﬁlter set” on page 13-14).

Display/Change Filter Set...

Filter Set Name:

Filter Set 1

Add Input Filter to Filter Set...

Display/Change Input Filter...

Delete Input Filter...

Move Input Filter...

Add Output Filter to Filter Set...

Display/Change Output Filter...

Delete Output Filter...

Move Output Filter...

Deleting a filter set

Note: If you delete a ﬁlter set, all of the ﬁlters it contains are deleted as well. To reuse any of these ﬁlters in another set, before deleting the current ﬁlter set you’ll have to note their conﬁguration and then recreate them.

To delete a ﬁlter set, select Delete Filter Set in the Filter Sets screen to display a list of ﬁlter sets.

Select a ﬁlter set from the list and press Return to delete it. Press Escape to exit the list without deleting the ﬁlter set.

A sample IP filter set

This section contains the settings for a ﬁlter set called Basic Firewall, which is part of the Netopia R5000 Series Router’s factory conﬁguration.

Basic Firewall blocks undesirable trafﬁc originating from the WAN (in most cases, the Internet), but forwards all trafﬁc originating from the LAN. It follows the conservative “that which is not expressly permitted is prohibited” approach: unless an incoming packet expressly matches one of the constituent input ﬁlters, it will not be forwarded to the LAN.

Image 197

Netopia R5100, R5300, R5200 manual Sample IP filter set, Modifying filter sets

Contents

Netopia R5000 Series Routers Part Number Contents Setting up your Router with the SmartStart Wizard Part II Advanced Configuration Vi User’s Reference Guide Aurp Viii User’s Reference Guide Part III Appendixes User’s Reference Guide Index Index-1 Limited Warranty and Limitation of Remedies Xii User’s Reference Guide Part I Getting Started User’s Reference Guide Overview Features and capabilitiesChapter Introduction How to use this guide Type of Service Data Rate Speed Datalink Protocol Chapter Setting Up Internet ServicesFinding an Internet service provider Endorsements Deciding on an ISP account Unique requirementsPricing and support Local LAN IP address information to obtain Obtaining information from the ISPWith Network Address Translation Without Network Address TranslationUser’s Reference Guide Find a location Chapter Making the Physical ConnectionsWhat you need R5100 Serial Connect the routerR5200 DDS and R5300 T1 Serial Line portAttach the cables Identify the connectorsNetopia R5000 Series Router LED front panel Netopia R5000 Series Router status lightsUser’s Reference Guide Readying computers on your local network Chapter Connecting to Your Local Area NetworkUser’s Reference Guide 10Base-T Connecting to an Ethernet networkCrossover Switch Auxiliary port Port Ethernet hub Adding an external modem Connecting to a LocalTalk network User’s Reference Guide Chapter Setting up your Router with the SmartStart Wizard Before running SmartStart Installed and properly conﬁgured. SeeSmartStart Wizard configuration screens Setting up your Router with the SmartStart WizardEasy option Setup options screen. You can choose either Easy orAdvanced option Conﬁguration screen on Conﬁguration tab Dynamic configuration recommendedStatic configuration optional Add. Repeat this process for the secondary DNS TCP/IP Configuring TCP/IP on Macintosh computersTCP/IP or MacTCP Close the TCP/IP control panel and save the settings Dynamic configuration using MacIP optionalSetting up your Router with the SmartStart Wizard User’s Reference Guide Chapter Console-Based Management Snmp Simple Network Management Protocol. See Snmp on Connecting through a Telnet sessionFilter sets ﬁrewalls. See Security on Connecting a console cable to your router Configuring Telnet softwareMac ANSI, VT-100, or VT-200 Navigating through the console screensEasy Setup console screens Chapter Easy SetupAccessing the Easy Setup console screens Screen differencesScreen similar to the following Main Menu appears See Appendix A, Troubleshooting, for more suggestionsSerial Line Easy Setup screen appears Serial Line Easy Setup configuration screenT1 Line Conﬁguration screen appears T1 Line configuration screenDDS Line Conﬁguration screen appears DDS Line configuration screenEasy Setup Proﬁle screen appears Easy Setup Profile screenIP Easy Setup Easy Setup Security Configuration Easy Setup User’s Reference Guide Part II Advanced Configuration User’s Reference Guide Configuration Chapter WAN and System ConfigurationWAN configuration Line configuration for a Serial line Line configuration for a DDS line Line configuration for a T1 line WAN and System Conﬁguration Main Menu Easy Setup Line Configuration Configuring Frame RelayEasy Setup Frame Relay screens Setup Line Configuration WAN Configuration Frame Relay screensFrame Relay configuration WAN and System Conﬁguration Displaying a Frame Relay Dlci configuration table Frame Relay Dlci configurationWAN and System Conﬁguration Changing a Frame Relay Dlci configurationDlci Adding a Frame Relay Dlci configurationDeleting a Frame Relay Dlci configuration Creating a new Connection Proﬁle ADD Profile NOW CancelIPX Profile Parameters Remote IPX Network Datalink Frame Relay Options Auto-Detect DLCIs PAP Dial IP Address IPX Network-+ Configuration Default Profile Default profileIP parameters default profile screen IPX parameters default profile screen Configuration Scheduled Connections Scheduled connections switched async onlyViewing scheduled connections Adding a scheduled connection Set Weekly Schedule Set Once-Only Schedule Deleting a scheduled connection Modifying a scheduled connectionConnection accounting screens switched async only Budget Setup screen appears Budget Statistics in Hhhhmm Navigating through the system configuration screens System configuration screensSystem configuration features Filter sets firewalls Network protocols setupIP address serving Date and timeConsole configuration Snmp Simple Network Management Protocol Upgrade feature setSecurity LoggingInstalling the Syslog client User’s Reference Guide Network Address Translation features Chapter IP Setup and Network Address TranslationHOW NAT Works Previous Screen Using Network Address TranslationV2 multicast Numbered Unnumbered Sdsl WAN1 Associating port numbers with nodesConnection Profiles Advanced IP/IPX router configuration optionsATM Funi IPX Profile Parameters Remote IPX Network Network Address Translation guidelines IP setup IP Setup and Network Address Translation Select Add Export. The Add Exported Service screen appears Select Service. a pop-up menu of services and ports appears IP subnets IP Setup and Network Address Translation Static routes Viewing static routes Static Routes screen will appearAdding a static route Deleting a static route Rules of static route installationModifying a static route Main System Menu Configuration IP Address Serving 176.163.222.10 Dhcp NetBios Options Serve Bootp Clients IP Address Pools User’s Reference Guide Dhcp NetBIOS Options NetBios Type Select Release BootP Leases and press Return MacIP KIP forwarding setupYou have ﬁnished your IP setup IPX features Chapter IPX SetupIPX definitions Internetwork Packet Exchange IPXIPX address Service Advertising Protocol SAPSocket Routing Information Protocol RIPIPX spoofing NetBIOSIPX setup screen Default Gateway Address IPX routing tables User’s Reference Guide AppleTalk protocol Chapter AppleTalk SetupAppleTalk networks AT Routing Table Routers and seeding MacIPInstalling AppleTalk Upgrade NOW EtherTalk setup Configuring AppleTalkLocalTalk setup Aurp Free Trade Zone Aurp setupViewing Aurp partners Modifying an Aurp partner Adding an Aurp partnerReceiving Aurp connections Configuring Aurp OptionsDeleting an Aurp partner Aurp Options Tickle Interval Hhmmss User’s Reference Guide Quick View status overview Chapter Monitoring ToolsGeneral status Status lights Current statusStatistics & Logs Network Interface General StatisticsPhysical Interface Event histories WAN Event History Device Event History Routing tablesIPX routing table IP routing tableAppleTalk routing table IPX Sap Bindery tableServed IP Addresses IP Address Lease Management screen appears Snmp System InformationCommunity strings Snmp Setup screenSnmp traps Viewing IP trap receivers Setting the IP trap receiversModifying IP trap receivers Deleting IP trap receiversSelect T1 Line Statistics / Diagnostics and press Return T1 DiagnosticsT1 Line Statistics and Diagnostics screen T1 Line Statistics / Diagnostics screen appears Monitoring Tools Web-based monitoring Accounting for switched interfaces only Frame Relay Statistics Connection Status Connect/Disconnect Router Budget Configuration Connection Budgets Connection Budget Configuration Budget Statistics Event History pages Device Event History User accounts Chapter SecuritySuggested security measures Protecting the Security Options screen Protecting the configuration screensDial-in console access Telnet access Enable SmartStart/SmartView/Web serverAbout filters and filter sets What’s a filter and what’s a filter set?Filter priority How filter sets workUser’s Reference Guide Filter’s actions How individual filters workFiltering rule Parts of a filterPort number comparisons 161 Aurp AppleTalk 387Who 513 Putting the parts together Other filter attributesInternet Control Message Protocol Transmission Control ProtocolFiltering example #1 Disadvantages of filters Design guidelinesFiltering example #2 Working with IP filters and filter sets An approach to using filtersNaming a new filter set Adding a filter setNetopia Router Input and output filters-source and destinationADD this Filter NOW Cancel User’s Reference Guide Modifying filters Moving filtersViewing filters Deleting filters Viewing filter setsModifying filter sets Sample IP filter setTCP Icmp UDP Possible modifications User’s Reference Guide IPX filters Main Menu System Configuration Filter Sets FirewallsAdding a packet filter IPX packet filtersViewing and modifying packet filters Deleting a packet filter IPX packet filter setsViewing and modifying packet filter sets Adding a packet filter setNo Match Viewing and modifying SAP filters IPX SAP filtersDeleting a packet filter set Deleting a SAP filter Adding a SAP filterAdding a SAP filter set IPX SAP filter setsViewing and modifying SAP filter sets Deleting a SAP filter set Basic IP packet components Firewall tutorial General firewall termsBasic protocol types ACK Bit YesFirewall Logic Firewall design rulesExample TCP/UDP Ports Logical and function Binary representationExample IP filter set screen Implied rulesEstablished connections Example network Filter basicsExample Example filtersExample Example Chapter Utilities and Diagnostics Ping Utilities and Diagnostics Stop Ping TimeTrace Route Telnet client Disconnect Telnet console session Factory defaultsUpdating firmware Transferring configuration and firmware files with TftpDownloading configuration files Transferring configuration and firmware files with Xmodem Uploading configuration filesIdle Do you want to send a saved configuration to your Netopia? Restarting the system User’s Reference Guide Part III Appendixes User’s Reference Guide Configuration problems Appendix a TroubleshootingNetwork problems Console connection problemsPower outages How to reset the router to factory defaultsTechnical support How to reach usBefore contacting Netopia Environment profileOnline product information Netopia Bulletin Board Service 1Product information can be found in the following FAX-BackUser’s Reference Guide About IP addressing What is IP?Appendix B Understanding IP Addressing Subnets and subnet masks Subnet masks Example Using subnets on a Class C IP internetCustomer Site a ISP Network Network configurationBackground Example Working with a Class C subnetDistributing IP addresses Technical note on subnet masking Netopia R5000 Series Router Dhcp server characteristics Configuration255.255.255.192 255.255.255.0MacIP serving Using address servingManually distributing IP addresses Serve dynamic WAN clients Tips and rules for distributing IP addressesDhcp example Internet Nested IP subnets0.0 C.1 WAN 3719 Packet header types BroadcastsUser’s Reference Guide Background Network configurationAppendix C Understanding Netopia NAT Behavior User’s Reference Guide Understanding Netopia NAT Behavior C-3 Netopia Router WWW Server ISP Router LAN Understanding Netopia NAT Behavior C-5 Exported servicesImportant notes Understanding Netopia NAT Behavior C-7 Summary Appendix D Binary Conversion Table Decimal Binary Appendix E Further Reading User’s Reference Guide No August Further Reading E-3User’s Reference Guide Pinouts for Auxiliary port modem cable Appendix F Technical Specifications and Safety InformationHD-15 DB-25 Pin Ground Not used Pin Not used DCE ReadyPin Rset EIA-530 HD-15 DB-25 PinPin Not used Tset EIA-530 Pin Not usedDescription Power requirementsEnvironment Software and protocolsRegulatory notices Agency approvalsNorth America R5100, R5200, R5300 FCC Class BTechnical Speciﬁcations and Safety Information F-5 Declaration for Canadian users Important safety instructionsAustralian Safety Information R5100 Battery Telecommunication installation cautionsUser’s Reference Guide Glossary User’s Reference Guide Glossary User’s Reference Guide Glossary Remapping See network number remapping Glossary User’s Reference Guide Numerics IndexDeﬁned DisplayAccount types LocalTalk conﬁguration Index-3Index-4 Index-5 Index-6 Limited Warranty and Limitation of Remedies User’s Reference Guide