TCP Icmp UDP | Netopia R910 manual

13-140 User’s Reference Guide

The ﬁve input ﬁlters and one output ﬁlter that make up Basic Firewall are shown in the table below.

	Setting	Input ﬁlter	Input ﬁlter	Input ﬁlter	Input ﬁlter	Input ﬁlter	Output
	Setting	1	2	3	4	5	ﬁlter 1
		1	2	3	4	5	ﬁlter 1


	Enabled	Yes	Yes	Yes	Yes	Yes	Yes

	Forward	No	No	Yes	Yes	Yes	Yes

	Source IP	0.0.0.0	0.0.0.0	0.0.0.0	0.0.0.0	0.0.0.0	0.0.0.0
	address

	Source IP	0.0.0.0	0.0.0.0	0.0.0.0	0.0.0.0	0.0.0.0	0.0.0.0
	address mask

	Dest. IP	0.0.0.0	0.0.0.0	0.0.0.0	0.0.0.0	0.0.0.0	0.0.0.0
	address

	Dest. IP	0.0.0.0	0.0.0.0	0.0.0.0	0.0.0.0	0.0.0.0	0.0.0.0
	address mask

	Protocol type	TCP	TCP	ICMP	TCP	UDP	0

	Source port	No	No	N/A	No	No	N/A
	comparison	Compare	Compare		Compare	Compare

	Source port ID	0	0	N/A	0	0	N/A

	Dest. port	Equal	Equal	N/A	Greater	Greater	N/A
	comparison				Than	Than

	Dest. port ID	2000	6000	N/A	1023	1023	N/A

Basic Firewall’s ﬁlters play the following roles.

Input ﬁlters 1 and 2: These block WAN-originated OpenWindows and X-Windows sessions. Service origination requests for these protocols use ports 2000 and 6000, respectively. Since these are greater than 1023, OpenWindows and X-Windows trafﬁc would otherwise be allowed by input ﬁlter 4. Input ﬁlters 1 and 2 must precede input ﬁlter 4; otherwise they would have no effect since ﬁlter 4 would have already passed OpenWindows and X-Windows trafﬁc.

Input ﬁlter 3: This ﬁlter explicitly passes all WAN-originated ICMP trafﬁc to permit devices on the WAN to ping devices on the LAN. Ping is an Internet service that is useful for diagnostic purposes.

Input ﬁlters 4 and 5: These ﬁlters pass all TCP and UDP trafﬁc, respectively, when the destination port is greater than 1023. This type of trafﬁc generally does not allow a remote host to connect to the LAN using one of the potentially intrusive Internet services, such as Telnet, FTP, and WWW.

Output ﬁlter 1: This ﬁlter passes all outgoing trafﬁc to make sure that no outgoing connections from the LAN are blocked.

Image 140

Netopia R910 manual TCP Icmp UDP

Contents

Netopia R910 Ethernet Router for DSL and Cable Modems Part Number Contents Iv User’s Reference Guide Contents Snmp Contents Index Overview Features and capabilitiesChapter Introduction How to use this guide Chapter Setting Up Internet Services Deciding on an ISP accountDSL and cable modems Obtaining information from the ISP Without Network Address Translation Local LAN IP address information to obtainWith Network Address Translation Chapter Making the Physical Connections Find a location Line 1 port Identify the connectors and attach the cablesWhat you need Netopia R910 Ethernet Router back panel ports Your router on Netopia R910 Ethernet Router status lights 10 12 13 14 15 16 Before Chapter Connecting to Your Local Area NetworkNetwork Model Readying computers on your local network After Connecting to Your Local Area Network 10Base-T Connecting to an Ethernet networkPower port Console port Netopia R910 in a 10Base-T network User’s Reference Guide Chapter Configuring TCP/IP Hardware and operating system requirements Conﬁguring TCP/IP on Windows 95 or Dynamic conﬁguration recommended Static conﬁguration optional Conﬁguring TCP/IP on a Macintosh Computer Static conﬁguration optional Dynamic conﬁguration using MacIP optional Conﬁguring TCP/IP User’s Reference Guide Chapter Console-Based Management Connecting through a Telnet session Snmp Simple Network Management Protocol. See Snmp on Connecting a console cable to your router Conﬁguring Telnet software Navigating through the console screens Mac ANSI, VT-100, or VT-200 Accessing the Easy Setup console screens Chapter Easy SetupEasy Setup console screens Screen similar to the following Main Menu appears If your ISP doesn’t support Dhcp Quick Easy Setup connection pathIf your ISP supports Dhcp Main Menu appears More Easy Setup options WAN Ethernet Conﬁguration IP Easy Setup Previous Screen Next Screen Easy Setup Security Conﬁguration User’s Reference Guide Chapter WAN and System Configuration WAN conﬁguration System conﬁguration screens Navigating through the system conﬁguration screens System conﬁguration features IP setup Filter sets ﬁrewallsIP address serving Date and time Upgrade feature set Console conﬁgurationSnmp Simple Network Management Protocol Security Logging Installing the Syslog client Chapter IP Setup and Network Address Translation Network Address Translation features HOW NAT Works Using Network Address Translation To Main Menu Associating port numbers with nodes Network Address Translation guideline IP Setup Ethernet IP Address IP Setup and Network Address Translation Select Add Export. The Add Exported Service screen appears Exports, Add Export, and Delete Export Select Service. a pop-up menu of services and ports appears IP subnets IP Setup and Network Address Translation Static routes Static Routes screen will appear Viewing static routes Adding a static route Deleting a static route Rules of static route installationModifying a static route Main Menu System Configuration IP Address Serving Dhcp NetBios Options Serve Bootp Clients IP Address Pools IP Setup and Network Address Translation Dhcp NetBIOS Options NetBios Type User’s Reference Guide Chapter Virtual Private Networks VPN Transi t In t ern etwor k Summary About Pptp Tunnels Pptp configurationConfiguration Add Connection Profile Chap User’s Reference Guide MS-CHAP V2 and strong encryption Encryption SupportIP Proﬁle Parameters screen appears Configuration About IPsec Tunnels Add Connection Proﬁle screen appears IPsec Encryption & Authentication Options IP Profile Parameters Advanced IP Profile Options Following section VPN Default Answer Profile QuickView Interoperation with other featuresVPN QuickView Virtual Private Networks VPN Installing Dial-Up Networking Dial-Up Networking for VPN Creating a new Dial-Up Networking profile Configuring a Dial-Up Networking profile Virtual Private Networks VPN Windows 98 VPN installation Installing the VPN ClientWindows 95 VPN installation Connecting using Dial-Up Networking Atmp configuration About Atmp Tunnels Pptp Commitcancel User’s Reference Guide Local WAN IP Address 0.0 Remote IP Address Allowing VPNs through a Firewall Pptp example on Atmp example on Pptp example Change Input Filter EnabledYes ForwardYes Source IP Address Change Output Filter EnabledYes ForwardYes Source IP Address Atmp example Source Port ID Dest. Port Compare Change Output Filter EnabledYes ForwardYes Source IP Address Setup EN WAN Module Chapter PPP over Ethernet Add Connection PPP Ethernet LAN Reconfiguration Quick View Chapter Monitoring Tools Quick View status overview General status Status lights Statistics & Logs General Statistics Network Interface Event historiesPhysical Interface WAN Event History Device Event History Routing tables IP routing table Scroll Down Served IP Addresses System Information Snmp Setup screen Snmp Snmp traps Community strings Modifying IP trap receivers Setting the IP trap receiversViewing IP trap receivers Deleting IP trap receivers User’s Reference Guide User accounts Chapter SecuritySuggested security measures Protecting the Security Options screen Protecting the conﬁguration screens Telnet access How ﬁlter sets work About ﬁlters and ﬁlter setsWhat’s a ﬁlter and what’s a ﬁlter set? Filter priority ﬁltering rule How individual ﬁlters workﬁlter’s actions Parts of a ﬁlter Port numbers161 Aurp AppleTalk 387 Who 513 Other ﬁlter attributes Putting the parts together Internet Control Message Protocol Transmission Control ProtocolUser Datagram Protocol Filtering example #1 Design guidelines Filtering example #2 Disadvantages of ﬁlters An approach to using ﬁltersWorking with IP ﬁlters and ﬁlter sets Adding a ﬁlter set Naming a new ﬁlter set Adding ﬁlters to a ﬁlter set Input and output ﬁlters-source and destinationNetopia R910 Router ADD this Filter NOW Cancel Viewing ﬁlter sets Viewing ﬁltersModifying ﬁlters Deleting ﬁlters Sample IP ﬁlter set Modifying ﬁlter setsDeleting a ﬁlter set TCP Icmp UDP Possible modiﬁcations User’s Reference Guide Firewall tutorial General ﬁrewall terms Basic IP packet componentsBasic protocol types ACK Bit Yes Firewall Logic Firewall design rulesExample TCP/UDP Ports Implied rules Binary representationLogical and function Filter basics Established connectionsExample IP ﬁlter set screen This is an example of the Netopia IP ﬁlter set screen Example Example ﬁltersExample network Example Example User’s Reference Guide Radius client configuration Radius Client Support Radius Server Secret Continue Cancel Continue Chapter Utilities and Diagnostics Ping Start Ping Receive return Ping packet Trace Route Stop Ping Telnet client Transferring conﬁguration and ﬁrmware ﬁles with Tftp Factory defaultsDisconnect Telnet console session Updating ﬁrmware Downloading conﬁguration ﬁles Press Return. You will see the following dialog box Uploading conﬁguration ﬁles Transferring conﬁguration and ﬁrmware ﬁles with Xmodem Idle Do you want to send a saved configuration to your Netopia? Restarting the system Appendix a Troubleshooting Conﬁguration problems Console connection problems Network problems How to reset the router to factory defaults Power outages How to reach us Technical supportBefore contacting Netopia Environment proﬁle Online Technical Support Online product informationProduct information can be found in the following User’s Reference Guide About IP addressing What is IP?Appendix B Understanding IP Addressing Subnets and subnet masks Example Using subnets on a Class C IP internet Subnet masks Network conﬁguration ISP Network Background Example Working with a Class C subnetDistributing IP addresses Technical note on subnet masking 255.255.255.224 Netopia R910 Dhcp server characteristics Conﬁguration255.255.255.0 Dhcp address serving Using address serving Manually distributing IP addressesTips and rules for distributing IP addresses MacIP serving Understanding IP Addressing B-181 Nested IP subnets Dhcp example Internet 0.0 C.1 WAN 3719 Broadcasts Packet header types User’s Reference Guide Background Appendix C Understanding Netopia NAT BehaviorNetwork conﬁguration User’s Reference Guide Understanding Netopia NAT Behavior C-189 Router Netopia Exported services Understanding Netopia NAT Behavior C-191 Important notes Understanding Netopia NAT Behavior C-193 Summary Appendix D Binary Conversion Table Decimal Binary Appendix E Further Reading User’s Reference Guide Further Reading E-199 User’s Reference Guide Appendix F Technical Specifications and Safety Information Regulatory notices Declaration for Canadian users Battery Important safety instructionsTelecommunication installation cautions User’s Reference Guide Index Deﬁned B-180 Index-206 Index-207 Index-208 SmartIP Index-209