Manuals / Netopia / Computer Equipment / Network Router

Netopia R910 manual Filter priority, Security, packet first filter match?, to network

Models: R910

1 209

Page 127

Security 13-127

Each inspector has a speciﬁc task. One inspector’s task may be to examine the destination address of all outgoing packages. That inspector looks for a certain destination—which could be as speciﬁc as a street address or as broad as an entire country—and checks each package’s destination address to see if it matches that destination.

INSPECTOR

FROM:

APPROVET : D

FROM:

TO:

FROM:

TO:

A ﬁlter inspects data packets like a customs inspector scrutinizing packages.

Filter priority

Continuing the customs inspectors analogy, imagine the inspectors lined up to examine a package. If the package matches the ﬁrst inspector’s criteria, the package is either rejected or passed on to its destination, depending on the ﬁrst inspector’s particular orders. In this case, the package is never seen by the remaining inspectors.

packet

first filter

match?

send to next filter

yes

pass or

discard?

discard (delete)

pass

to network

Page 127

Image 127

Netopia R910 manual Filter priority, Security, packet first filter match?, to network

Contents

User’s Reference Guide Netopia R910 Ethernet Router for DSL and Cable ModemsPart Number CopyrightPrinted Copies Chapter 2 - Setting Up Internet Services ContentsFeatures and capabilities How to use this guideAccessing the Easy Setup console screens Connecting a console cable to your routerChapter 7 - Easy Setup Easy Setup console screensInstalling the VPN Client DHCP NetBIOS OptionsVPN Default Answer Proﬁle Installing Dial-Up Networking12-109 The SNMP Setup screenTelnet access Chapter 12 - Monitoring ToolsConﬁguration problems Chapter 14 - Utilities and DiagnosticsFactory defaults Appendix A - TroubleshootingPower requirements Using address servingExported services Appendix F - Technical Speciﬁcations and SafetyOverview Features and capabilities“Features and capabilities” on page “How to use this guide” on page Chapter Introduction1-10 User’s Reference Guide How to use this guideDSL and cable modems Chapter Setting Up Internet ServicesSetting Up Internet Services Deciding on an ISP accountWithout Network Address Translation Local LAN IP address information to obtain2-12 User’s Reference Guide With Network Address TranslationMaking the Physical Connections “Identify the connectors and attach the cables” on pageChapter Making the Physical Connections Find a locationWhat you need Identify the connectors and attach the cables3-14 User’s Reference Guide your router” on page Netopia R910 Ethernet Router back panel portsMaking the Physical Connections 3-16 User’s Reference Guide Netopia R910 Ethernet Router status lights8 9 10 12 13 14 15 16 Network Model Chapter Connecting to Your Local Area NetworkConnecting to Your Local Area Network “Connecting to an Ethernet network” on page4-18 User’s Reference Guide Readying computers on your local networkAfter Application software TCP/IP stack Ethernet/EtherTalk Driver Your PC Connecting to Your Local Area Network10Base-T Connecting to an Ethernet network4-20 User’s Reference Guide The Netopia R910 in a 10Base-T network Connecting to Your Local Area NetworkThe Netopia R910 in a 10Base-T network with a hub 4-22 User’s Reference Guide “Hardware and operating system requirements” on page Chapter Configuring TCP/IPHardware and operating system requirements Conﬁguring TCP/IP5-24 User’s Reference Guide Conﬁguring TCP/IP on Windows 95 orDynamic conﬁguration recommended Conﬁguring TCP/IP Static conﬁguration optional5-26 User’s Reference Guide Conﬁguring TCP/IP on a Macintosh ComputerDynamic conﬁguration recommended Static conﬁguration optional Conﬁguring TCP/IP1. Go to the Apple menu. Select 5-28 User’s Reference Guide Dynamic conﬁguration using MacIP optionalConﬁguring TCP/IP 5-30 User’s Reference Guide Console-Based Management “Connecting through a Telnet session” on page“Connecting a console cable to your router” on page Chapter Console-Based ManagementFilter sets ﬁrewalls. See “About ﬁlters and ﬁlter sets” on page Connecting through a Telnet sessionUpgrade feature set. See “Upgrade feature set” on page 6-32 User’s Reference GuideConﬁguring Telnet software Connecting a console cable to your routerConsole-Based Management 6-34 User’s Reference Guide Navigating through the console screensEasy Setup Chapter Easy SetupEasy Setup console screens Accessing the Easy Setup console screens7-36 User’s Reference Guide See Appendix A, “Troubleshooting,” for more suggestionsEasy Setup Quick Easy Setup connection pathIf your ISP supports DHCP If your ISP doesn’t support DHCP7-38 User’s Reference Guide For more Easy Setup options see “More Easy Setup options” on pageWAN Ethernet Conﬁguration More Easy Setup optionsEasy Setup 7-40 User’s Reference Guide IP Easy SetupEasy Setup Easy Setup Security ConﬁgurationEasy Setup is now complete 7-42 User’s Reference Guide1. Select RESTART DEVICE. A prompt asks you to conﬁrm your choice WAN and System Conﬁguration Chapter WAN and System Configuration“System conﬁguration features” on page WAN conﬁguration8-44 User’s Reference Guide System conﬁguration screensWAN and System Conﬁguration Navigating through the system conﬁguration screens8-46 User’s Reference Guide System conﬁguration featuresDate and time IP setupFilter sets ﬁrewalls IP address servingSecurity Upgrade feature setConsole conﬁguration SNMP Simple Network Management ProtocolWAN and System Conﬁguration Logging8-50 User’s Reference Guide Installing the Syslog client“Network Address Translation features” on page Chapter IP Setup and Network Address TranslationNetwork Address Translation features IP Setup and Network Address Translation192.168.1.100 192.168.1.102 192.168.1.103 192.168.1.104 192.168.1.105 9-52 User’s Reference GuideHOW NAT WORKS With NAT ISP 163.167.132.1 Without NAT or corporate intranet routerNote See “Associating port numbers with nodes” on page Using Network Address TranslationIP Setup and Network Address Translation 9-54 User’s Reference Guide Network Address Translation guideline Associating port numbers with nodesIP Setup and Network Address Translation IP setup 9-56 User’s Reference GuideIP Setup and Network Address Translation Exports, Add Export, and Delete Export 9-58 User’s Reference GuideSelect Add Export. The Add Exported Service screen appears CANCELSelect Service. A pop-up menu of services and ports appears IP Setup and Network Address Translation9-60 User’s Reference Guide IP subnetsFor example IP Setup and Network Address Translation9-62 User’s Reference Guide Static routespage IP Setup and Network Address Translation Viewing static routesAdding a static route 9-64 User’s Reference GuideIP Setup and Network Address Translation Rules of static route installationModifying a static route Deleting a static routeServe DHCP Clients Serve BootP Clients Serve Dynamic WAN Clients 9-66 User’s Reference GuideIP address serving Follow these steps to conﬁgure IP Address Serving IP Setup and Network Address Translation9-68 User’s Reference Guide IP Address PoolsNumerous factors inﬂuence the choice of served address. It is difﬁcult to specify the address that will be served to a particular client in all circumstances. However, when the address server has been conﬁgured, and the clients involved have no prior address serving interactions, the Netopia R910 will generally serve the ﬁrst unused address from the ﬁrst address pool with an available address. The Netopia R910 starts from the pool on the ﬁrst row and continues to the pool on the last row of this screen IP Setup and Network Address Translation9-70 User’s Reference Guide DHCP NetBIOS OptionsIP Setup and Network Address Translation Select Release BootP Leases and press Return 9-72 User’s Reference GuideYou have ﬁnished your IP setup Virtual Private Networks VPN “VPN Default Answer Proﬁle” on page “VPN QuickView” on page“Installing the VPN Client” on page “About ATMP Tunnels” on page Chapter Virtual Private Networks VPNTransi t In t ern etwor k 10-74 User’s Reference GuideVirtual Private Networks VPN “About PPTP Tunnels” on page “About IPsec Tunnels” on page“About ATMP Tunnels” on page SummaryAbout PPTP Tunnels PPTP configuration10-76 User’s Reference Guide Virtual Private Networks VPN Note Proﬁles using PPTP do not offer a Telco Options screen10-78 User’s Reference Guide MS-CHAP V2 and strong encryption Encryption SupportVirtual Private Networks VPN About IPsec Tunnels Configuration10-80 User’s Reference Guide The Add Connection Proﬁle screen appears Virtual Private Networks VPN10-82 User’s Reference Guide Virtual Private Networks VPN IP Profile Parameters10-84 User’s Reference Guide Advanced IP Profile OptionsVirtual Private Networks VPN VPN Default Answer ProfileVPN QuickView Interoperation with other features10-86 User’s Reference Guide Proﬁle Name Lists the name of the Connection Proﬁle being used, if any Virtual Private Networks VPNDial-Up Networking for VPN Installing Dial-Up Networking10-88 User’s Reference Guide Virtual Private Networks VPN Creating a new Dial-Up Networking profile10-90 User’s Reference Guide Configuring a Dial-Up Networking profileVirtual Private Networks VPN 4. Click the TCP/IP Settings button10-92 User’s Reference Guide Installing the VPN ClientWindows 95 VPN installation Windows 98 VPN installationVirtual Private Networks VPN Connecting using Dial-Up NetworkingAbout ATMP Tunnels ATMP configuration10-94 User’s Reference Guide Virtual Private Networks VPN Note Proﬁles using ATMP do not offer a Telco Options screen10-96 User’s Reference Guide Virtual Private Networks VPN 10-98 User’s Reference Guide Allowing VPNs through a Firewall“PPTP example” on page “ATMP example” on page Virtual Private Networks VPN PPTP exampleDisplay/Change Input Filter screen 10-100 User’s Reference Guide 0.0.0.0 Virtual Private Networks VPN0.0.0.0 0.0.0.010-102 User’s Reference Guide ATMP exampleVirtual Private Networks VPN 0.0.0.0 10-104 User’s Reference Guide0.0.0.0 0.0.0.0PPP over Ethernet Chapter PPP over Ethernet11-106 User’s Reference Guide PPP over Ethernet PPP Ethernet LAN ReconfigurationConfiguration The Netopia R910 offers the ability for PPP to reconﬁgure the router’s Ethernet LAN when establishing an unnumbered, non-NAT connection11-108 User’s Reference Guide Quick View“Quick View status overview” on page “Statistics & Logs” on page Chapter Monitoring ToolsQuick View status overview Monitoring ToolsStatus lights General status12-110 User’s Reference Guide General Statistics Statistics & LogsMonitoring Tools Network Interface Event histories12-112 User’s Reference Guide Physical InterfaceDevice Event History WAN Event HistoryMonitoring Tools 12-114 User’s Reference Guide Routing tablesMonitoring Tools IP routing table12-116 User’s Reference Guide Served IP AddressesMonitoring Tools System InformationSNMP The SNMP Setup screen12-118 User’s Reference Guide Community strings SNMP trapsMonitoring Tools Modifying IP trap receivers Setting the IP trap receivers12-120 User’s Reference Guide Viewing IP trap receiversMonitoring Tools Deleting IP trap receivers12-122 User’s Reference Guide User accounts “Telnet access” on page “About ﬁlters and ﬁlter sets” on pageChapter Security Suggested security measuresProtecting the Security Options screen 13-124 User’s Reference GuideProtecting the conﬁguration screens Security Telnet access13-126 User’s Reference Guide About ﬁlters and ﬁlter setsWhat’s a ﬁlter and what’s a ﬁlter set? How ﬁlter sets worksend to next filter yes pass or discard? discard delete pass Filter prioritySecurity packet first filter match?A ﬁltering rule How individual ﬁlters work13-128 User’s Reference Guide A ﬁlter’s actionsSecurity Parts of a ﬁlterPort numbers Port number comparisonsOther ﬁlter attributes 13-130 User’s Reference GuidePutting the parts together Security Filtering example #113-132 User’s Reference Guide Design guidelinesFiltering example #2 Security An approach to using ﬁltersWorking with IP ﬁlters and ﬁlter sets Disadvantages of ﬁlters13-134 User’s Reference Guide Adding a ﬁlter setSecurity Naming a new ﬁlter setInput and output ﬁlters-source and destination 13-136 User’s Reference GuideAdding ﬁlters to a ﬁlter set Security 1. To make the ﬁlter active in the ﬁlter set, select Enabled and toggle it to Yes. If Enabled is toggled to No, the ﬁlter can still exist in the ﬁlter set, but it will have no effectModifying ﬁlters Viewing ﬁlter sets13-138 User’s Reference Guide Viewing ﬁltersSecurity Modifying ﬁlter setsDeleting a ﬁlter set A sample IP ﬁlter set13-140 User’s Reference Guide Security Possible modiﬁcations13-142 User’s Reference Guide Security Firewall tutorial General ﬁrewall termsBasic IP packet components Basic protocol typesFirewall Logic Firewall design rules13-144 User’s Reference Guide Example TCP/UDP PortsSecurity Binary representationLogical AND function Implied rulesExample IP ﬁlter set screen Filter basics13-146 User’s Reference Guide Established connectionsInternet Example ﬁltersIncoming Packet Filter NetopiaExample 13-148 User’s Reference GuideExample Example SecurityExample 13-150 User’s Reference Guide RADIUS Client Support RADIUS client configurationSecurity Local then RADIUS 13-152 User’s Reference GuideRADIUS Server Authentication Port RADIUS then LocalSecurity be unable to configure this device unless a Radius Server isAdvanced Security Options 13-154 User’s Reference Guide “Ping” on page “Trace Route” on page “Telnet client” on page Chapter Utilities and DiagnosticsUtilities and Diagnostics “Factory defaults” on page14-156 User’s Reference Guide PingUtilities and Diagnostics 14-158 User’s Reference Guide Trace RouteUtilities and Diagnostics Telnet client14-160 User’s Reference Guide Factory defaultsDisconnect Telnet console session Transferring conﬁguration and ﬁrmware ﬁles with TFTPGET CONFIG FROM SERVER SEND CONFIG TO SERVER Updating ﬁrmwareUtilities and Diagnostics GET WAN MODULE FIRMWARE FROM SERVER Config File Name14-162 User’s Reference Guide Downloading conﬁguration ﬁlesTransferring conﬁguration and ﬁrmware ﬁles with XMODEM Uploading conﬁguration ﬁlesUtilities and Diagnostics Updating ﬁrmware 14-164 User’s Reference GuideDownloading conﬁguration ﬁles Utilities and DiagnosticsUploading conﬁguration ﬁles 14-166 User’s Reference Guide Restarting the system“Conﬁguration problems” on page A-167 Appendix A TroubleshootingConﬁguration problems Troubleshooting A-167Local routing problems Console connection problemsNetwork problems Problems communicating with remote IP hostsTroubleshooting A-169 How to reset the router to factory defaultsPower outages Reset Switch SlotBefore contacting Netopia How to reach usTechnical support A-170 User’s Reference GuideOnline product information Troubleshooting A-171Online Technical Support A-172 User’s Reference Guide About IP addressing What is IP?“What is IP?” on page B-173 “About IP addressing” on page B-173 Appendix B Understanding IP AddressingB-174 User’s Reference Guide Subnets and subnet masksUnderstanding IP Addressing B-175 Example Using subnets on a Class C IP internetSubnet masks ISP Network B-176 User’s Reference GuideNetwork conﬁguration Customer Site ABackground Example Working with a Class C subnetDistributing IP addresses Understanding IP Addressing B-177B-178 User’s Reference Guide Technical note on subnet maskingDHCP address serving Netopia R910 DHCP server characteristicsConﬁguration Understanding IP Addressing B-179B-180 User’s Reference Guide Using address servingManually distributing IP addresses Tips and rules for distributing IP addressesUnderstanding IP Addressing B-181 B-182 User’s Reference Guide Nested IP subnetsA DHCP example Internet Understanding IP Addressing B-183B-184 User’s Reference Guide Packet header types BroadcastsUnderstanding IP Addressing B-185 B-186 User’s Reference Guide ISP Network Appendix C Understanding Netopia NAT BehaviorNetwork conﬁguration BackgroundC-188 User’s Reference Guide Workstation A Understanding Netopia NAT Behavior C-189Workstations C-190 User’s Reference GuideUnderstanding Netopia NAT Behavior C-191 Exported servicesC-192 User’s Reference Guide Important notesConﬁguration Understanding Netopia NAT Behavior C-193C-194 User’s Reference Guide SummaryBinary Conversion Table D-195 Appendix D Binary Conversion TableDecimal D-196 User’s Reference GuideDecimal BinaryFurther Reading E-197 Appendix E Further ReadingE-198 User’s Reference Guide Further Reading E-199 E-200 User’s Reference Guide Description Appendix F Technical Specifications and Safety InformationPower requirements Technical Speciﬁcations and Safety Information F-201F-202 User’s Reference Guide Regulatory noticesDeclaration for Canadian users Battery Important safety instructionsTechnical Speciﬁcations and Safety Information F-203 Telecommunication installation cautionsF-204 User’s Reference Guide Numerics IndexIndex-205 Index-206 Index-207 Index-208 13-131Index-209