Configuring IP Filters | SMC Networks SMC7204BRA specs

CONFIGURING IP FILTERS AND BLOCKED PROTOCOLS

This section describes two Configuration Manager features that enable you to control the data passing through your network:

•

•

The IP filter feature enables you to create rules to block attempts by certain computers on your LAN to access certain types of data or Internet locations. You can also block incoming access to computers on your LAN. Although IP filter rules provide a very flexible and powerful tool to enhance network security and control user activity, they can also be complex and generally require an advanced understanding of IP protocols.

The blocked protocols feature enables you to simply select from a predefined list the protocol that you want to block.

All data passed to the ADSL Barricade using a blocked protocol will be discarded, without consideration of the source computer, destination computer, or the device interface on which it was received.

Configuring IP Filters

When you define an IP filter rule and enable the feature, you instruct the ADSL Barricade to examine each data packet

it receives to determine whether it meets criteria set forth in the rule. The criteria can include the size of the packet, the network or internet protocol it is carrying, the direction in which it is traveling (for example, from the LAN to the Internet or vice versa), the IP address of the sending computer, the destination IP address, and other characteristics of the packet data.

135

Image 133

SMC Networks SMC7204BRA manual Configuring IP Filters and Blocked Protocols

Contents

Page February Table of Contents Configuring the LAN Ports Getting Started with the Configuration ManagerConfiguring Dynamic Host Configuration Protocol Configuring Network Address Translation Configuring IP Routes Configuring DNS Server AddressesConfiguring the Routing Information Protocol Configuring the ATM Virtual Circuit Configuring EOA Interfaces Configuring PPP InterfacesConfiguring IPoA Interfaces Configuring Bridging Appendix a Viewing DSL Line Information Administrative TasksAppendix B Introduction Features System Requirements Using this DocumentIntroduction Notational conventions Typographical conventions Using this DocumentSpecial messages Getting to Know Adsl Barricade Package Contents Getting to Know the Adsl Barricade Hardware DescriptionFront Panel Rear Panel Quick Start Connecting the Hardware Connect the Adsl cable Quick Start Attach the power connector Configuring Your ComputersPower up your systems Connect the Ethernet cable Windows XP Windows Windows Me Windows 95 Quick Start Windows NT Assigning static Internet Information to your PCs Configuring the Adsl Barricade Configuring the Adsl BarricadeLogging into the Adsl Barricade Quick Configuration Path that your connection uses to communicate with your ISP With your ISP Password Configuration of your deviceYou have used to log in to Configuration Manager Bridge Addresses Default Router Settings Description of the NAT service Internet. See ConfiguringLAN Ports on page 33 for a Accessing the Configuration Manager Getting Started with the Configuration Manager Login Screen Getting Started with the Configuration Manager Functional Layout Functional LayoutCommonly used buttons Browser window. Help is available from any main topic System View Table Home Page and System View Table Home Page and System View Table Modifying Basic System Information Time Zone Modifying Basic System InformationDaylight Committing your changes Committing Changes and Rebooting Rebooting the device using Configuration Manager Committing Changes and Rebooting Configuration Reboot from LastJust committed Session Connecting via Ethernet ConfiguringConfiguring the LAN Port IP Address LAN Configuration Configuring the LAN Ports Configuring the LAN Port IP Address Configuring the LAN Ports Configuring the LAN Port IP Address Viewing the Adsl Barricades IP Addresses Viewing System IP Addresses and IP Performance Statistics Viewing System IP Addresses and IP Performance Statistics Viewing IP Performance Statistics Viewing IP Performance Statistics What is DHCP? Configuring Dynamic Host Configuration ProtocolOverview of Dhcp Why use DHCP? Configuring Dynamic Host Configuration ProtocolAdsl Barricade Dhcp modes Configuring Dhcp Server Configuring Dhcp ServerGuidelines for creating Dhcp server address pools Configuring Dynamic Host Configuration Protocol Adding Dhcp Server Address Pools End IP Address Start IP AddressFor distribution to your LAN computers Mac Address Domain Name As explained onAddresses in this pool. This is used for reference only Gateway Dhcp Server Pool Modify Viewing, modifying, and deleting address pools Viewing current Dhcp address assignments Excluding IP addresses from a pool Netmask Configuring Dhcp RelayThese terms Mac Dynamic Host Configuration Protocol Dhcp Relay Configuration Configuring Dhcp Relay Dynamic Host Configuration Protocol Dhcp Setting the Dhcp Mode Setting the Dhcp Mode Overview of NAT Configuring Network Address Translation Configuring Network Address Translation Viewing NAT Global Settings and Statistics Viewing NAT Global Settings and Statistics Active state, where the connection is being used to TCP Def TimeoutTime specified in TCP Idle Timeout When in the establishing state, the session will timeout NAT Rule Global Statistics Viewing NAT Rules and Rule Statistics Network Address Translation NAT Rule Configuration Viewing Current NAT Translations Viewing Current NAT Translations Was invoked from the rule definition Is enabledProtocol TCP, UDP, Icmp Translated Out PortsPorts Number was translated Adding NAT Rules NAT Rule-Add Page Napt Flavor Adding NAT Rules RDR rule Allowing external access to a LAN computer NAT Rule Add Page RDR Flavor Configuring Network Address Translation Adding NAT Rules NAT Rule Add Page Basic Flavor Basic rule Performing 11 translations Adding NAT Rules NAT Rule Add Page Filter Flavor Adding NAT Rules Bimap rule Performing two-way translations NAT Rule Add Page Bimap Flavor NAT Rule Add Page Pass Flavor Adding NAT Rules About DNS Configuring DNS Server AddressesAssigning DNS Addresses Configuring DNS Server Addresses Configuring DNS Relay Configuring DNS Relay Domain Name Service DNS Configuration IP routing versus telephone switching Configuring IP RoutesOverview of IP Routes Hops and gateways Configuring IP Routes Overview of IP Routes Using IP routes to define default gatewaysDo I need to define IP routes? IP Route Table Viewing the IP Routing Table Viewing the IP Routing Table IP Route-Add Adding IP Routes Adding IP Routes RIP Overview Configuring the Routing Information Protocol Configuring the Routing Information Protocol Configuring the Adsl Barricades Interfaces with RIPWhen should you configure RIP? Routing Information Protocol RIP Configuration Configuring the Adsl Barricades Interfaces with RIP Configuring the Routing Information Protocol Configuring the Adsl Barricades Interfaces with RIP RIP Global Statistics Viewing RIP Statistics Viewing Your ATM VC Configuring the ATM Virtual Circuit Software and identify the type of traffic that can be Configuring the ATM Virtual CircuitUse an aal5-type interface Vpi Adding ATM VCs Adding ATM VCs Modifying ATM VCs ATM VC Interface Modify Modifying ATM VCs Configuring PPP Interfaces Configuring PPP Interfaces Viewing Your Current PPP ConfigurationInactivity TimeOut mins Ignore WAN to LAN traffic while monitoring inactivity Viewing Your Current PPP Configuration Preconfigured in the Dhcp pool see Configuring Disable, LAN hosts will use the DNS addressUnder way e.g., password authorization or Device will acquire IP addresses for other Viewing PPP Interface Details Viewing PPP Interface Details Rebooted EnabledService Name Each requiring a different login and other With the timeout period specified on the PPP By changing the Configuration Manager settingsOn the user name and/or password provided ISP issued a special packet type to terminate PPP Interface Add Adding a PPP Interface Definition Modifying and Deleting PPP Interfaces Modifying and Deleting PPP Interfaces 114 Overview of EOA Configuring EOA Interfaces Configuring EOA Interfaces Viewing Your EOA Setup Viewing Your EOA Setup Enable or disable the interface a red ball may indicate a Default RouteProblem with the DSL connection Adding EOA Interfaces EOA Interface Add Adding EOA Interfaces 120 Viewing Your IPoA Interface Setup Configuring Ipoa Interfaces Configuring IPoA Interfaces Indicate a problem with the DSL connection Enable or disable the interface a down interface mayAdding IPoA Interfaces Adding IPoA Interfaces 124 Overview of Bridges Configuring Bridging Configuring Bridging When to Use the Bridging Feature When to Use the Bridging FeatureDefining Bridge Interfaces 128 Deleting a Bridge Interface Deleting a Bridge Interface Configuring Global Firewall Settings Configuring Firewall Settings Configuring Firewall Settings Configuring Global Firewall Settings ID assigned to the rule Managing the Black ListIts automatic timed expiration Configuring IP Filters Configuring IP Filters and Blocked Protocols Viewing Your IP Filter Configuration Configuring IP Filters and Blocked Protocols Configuring IP Filter Global Settings Configuring IP Filters Creating IP Filter Rules That are incoming or outgoing on the selected interface External computers from accessing your LANIncoming refers to packets coming from the LAN Outgoing refers to packets going to the Internet Option is valid only for the outgoing direction Choosing the appropriate interface for various rule types Security Log Option to Enable if you configure a Log TagLow, then the rule will be inactive Blacklist Any any source IP address Rule to be invoked on packets containingLt any source IP address that is numerically less than Specified address Store State Unwelcome attempt to gain access to a networkAn ongoing communication, etc. This option provides Received in the anticipated state. Such packets can signify That have options specified in their packet headers Example IP filter rule examples 146 Viewing IP Filter Statistics IP Filter Rule Statistics Managing Current IP Filter Sessions Blocked Protocols Blocked ProtocolsFilter rule, are assigned a session index Time to expire 150 Computers when they only know their IP addresses Address Resolution Protocol. Computers on a LAN use ARP toYour ISP before blocking this protocol Is often used for handling e-mail, mailing lists Large networks DSL Status Viewing DSL Line Information DSL Parameter Viewing DSL Line Information 155 156 Configuring User Names and Passwords Administrative TasksChanging Login Passwords User Configuration Administrative Tasks Viewing System Alarms Viewing System AlarmsViewing the Alarm Table Upgrading the Software Image Upgrade Using Diagnostics Using DiagnosticsFile 162 Modifying Port Settings Modifying Port SettingsOverview of IP port numbers Modifying the Adsl Barricade’s port numbers 165 IP Addresses Appendix aStructure of an IP address Network ID Host ID Appendix a Network classes Network classes Subnet masks Subnet masks Binary Numbers Appendix BDefinition binary numbers Bits and bytes Appendix BDefinition bit and byte Troubleshooting Internet Access My PC cannot access Internet Troubleshooting My LAN PCs cannot display web pages on the Internet Diagnosing Problem using IP Utilities My changes to Configuration Manager are not being retained 179 180 Technical Specifications Chap Technical Specifications Operating System Support Power DissipationEnvironmental Operating Range Weight Power InputDimensions Safety Terminology AuthenticateAnalog Terminology Digital Download Domain nameEthernet Filtering Gbps FirewallHop Hop count In-line filter HostInternet Intranet 191 Mbps MaskMicrofilter NAT rule Packet Network maskPort Protocol Pots splitterRemote Rule RoutingSplitter Splitterless Subnet mask Subnet Twisted pair TelnetUpstream Web Web browser Web site FCC Class B CompliancesFCC Part Compliances EC Conformance Declaration Class B Wichtige Sicherheitshinweise Germany Safety Compliance Compliances Legal Information Contacts SMCs Limited Warranty Statement Legal Information and Contacts Is subject to change without notice Limitation of Liability