Configuring IP Filters | SMC Networks SMC7204BRA manual

Configuring IP Filters

Configuring IP Filter Global Settings

The [IP Filter Configuration] page enables you to configure the following global IP filter settings.

[Security Level:]

This setting determines which IP filter rules take effect, based on the security level specified in each rule. For example, when [High] is selected, only those rules that are assigned a High security value will be effective. The same is true for the [Medium] and [Low] settings. When [None] is selected, IP filtering is disabled.

[Private Default Action:], [Public Default Action:], [DMZ Default Action:]

These settings specify a default action ([Accept] or [Deny]) to be taken on Private, Public or DMZ type device interfaces when they receive packets that do not match any of the filtering rules. You can specify a different default action for each interface type. (You specify an interface's type when you create the interface; see the

PPPconfiguration page, for example.)

-A Public interface typically connects to the Internet. PPP, EoA, and IPoA interfaces are typically public. Packets received on a public interface are subject to the most restrictive set of firewall protections defined in the software. Typically, the global setting for public interfaces is [Deny], so that all accesses to your LAN initiated from external computers are denied (discarded at the public interface), except for those allowed by a specific IP filter rule.

-A Private interface connects to your LAN, such as the Ethernet interface. Packets received on a private interface are subject to a less restrictive set of protections, because they originate within the network. Typically, the global setting for private interfaces is [Accept], so that

137

Image 135

SMC Networks SMC7204BRA manual Configuring IP Filters, Configuring IP Filter Global Settings

Contents

Page February Table of Contents Configuring Network Address Translation Getting Started with the Configuration ManagerConfiguring the LAN Ports Configuring Dynamic Host Configuration Protocol Configuring the ATM Virtual Circuit Configuring DNS Server AddressesConfiguring IP Routes Configuring the Routing Information Protocol Configuring Bridging Configuring PPP InterfacesConfiguring EOA Interfaces Configuring IPoA Interfaces Viewing DSL Line Information Administrative Tasks Appendix aAppendix B Introduction Features Notational conventions Using this DocumentSystem Requirements Introduction Using this Document Typographical conventionsSpecial messages Getting to Know Adsl Barricade Package Contents Rear Panel Hardware DescriptionGetting to Know the Adsl Barricade Front Panel Quick Start Connecting the Hardware Connect the Adsl cable Quick Start Connect the Ethernet cable Configuring Your ComputersAttach the power connector Power up your systems Windows XP Windows Windows Me Windows 95 Quick Start Windows NT Assigning static Internet Information to your PCs Configuring the Adsl Barricade Configuring the Adsl BarricadeLogging into the Adsl Barricade Quick Configuration Path that your connection uses to communicate with your ISP With your ISP Bridge Configuration of your devicePassword You have used to log in to Configuration Manager Addresses Default Router Settings Internet. See Configuring Description of the NAT serviceLAN Ports on page 33 for a Accessing the Configuration Manager Getting Started with the Configuration Manager Login Screen Getting Started with the Configuration Manager Browser window. Help is available from any main topic Functional LayoutFunctional Layout Commonly used buttons System View Table Home Page and System View Table Home Page and System View Table Modifying Basic System Information Modifying Basic System Information Time ZoneDaylight Committing your changes Committing Changes and Rebooting Rebooting the device using Configuration Manager Committing Changes and Rebooting Session Reboot from LastConfiguration Just committed Configuring Connecting via EthernetConfiguring the LAN Port IP Address LAN Configuration Configuring the LAN Ports Configuring the LAN Port IP Address Configuring the LAN Ports Configuring the LAN Port IP Address Viewing the Adsl Barricades IP Addresses Viewing System IP Addresses and IP Performance Statistics Viewing System IP Addresses and IP Performance Statistics Viewing IP Performance Statistics Viewing IP Performance Statistics Configuring Dynamic Host Configuration Protocol What is DHCP?Overview of Dhcp Configuring Dynamic Host Configuration Protocol Why use DHCP?Adsl Barricade Dhcp modes Configuring Dhcp Server Configuring Dhcp ServerGuidelines for creating Dhcp server address pools Configuring Dynamic Host Configuration Protocol Adding Dhcp Server Address Pools Mac Address Start IP AddressEnd IP Address For distribution to your LAN computers Gateway As explained onDomain Name Addresses in this pool. This is used for reference only Dhcp Server Pool Modify Viewing, modifying, and deleting address pools Viewing current Dhcp address assignments Excluding IP addresses from a pool Mac Configuring Dhcp RelayNetmask These terms Dynamic Host Configuration Protocol Dhcp Relay Configuration Configuring Dhcp Relay Dynamic Host Configuration Protocol Dhcp Setting the Dhcp Mode Setting the Dhcp Mode Overview of NAT Configuring Network Address Translation Configuring Network Address Translation Viewing NAT Global Settings and Statistics Viewing NAT Global Settings and Statistics When in the establishing state, the session will timeout TCP Def TimeoutActive state, where the connection is being used to Time specified in TCP Idle Timeout NAT Rule Global Statistics Viewing NAT Rules and Rule Statistics Network Address Translation NAT Rule Configuration Viewing Current NAT Translations Viewing Current NAT Translations TCP, UDP, Icmp Is enabledWas invoked from the rule definition Protocol Out Ports TranslatedPorts Number was translated Adding NAT Rules NAT Rule-Add Page Napt Flavor Adding NAT Rules RDR rule Allowing external access to a LAN computer NAT Rule Add Page RDR Flavor Configuring Network Address Translation Adding NAT Rules NAT Rule Add Page Basic Flavor Basic rule Performing 11 translations Adding NAT Rules NAT Rule Add Page Filter Flavor Adding NAT Rules Bimap rule Performing two-way translations NAT Rule Add Page Bimap Flavor NAT Rule Add Page Pass Flavor Adding NAT Rules Configuring DNS Server Addresses About DNSAssigning DNS Addresses Configuring DNS Server Addresses Configuring DNS Relay Configuring DNS Relay Domain Name Service DNS Configuration Configuring IP Routes IP routing versus telephone switchingOverview of IP Routes Hops and gateways Configuring IP Routes Using IP routes to define default gateways Overview of IP RoutesDo I need to define IP routes? IP Route Table Viewing the IP Routing Table Viewing the IP Routing Table IP Route-Add Adding IP Routes Adding IP Routes RIP Overview Configuring the Routing Information Protocol Configuring the Adsl Barricades Interfaces with RIP Configuring the Routing Information ProtocolWhen should you configure RIP? Routing Information Protocol RIP Configuration Configuring the Adsl Barricades Interfaces with RIP Configuring the Routing Information Protocol Configuring the Adsl Barricades Interfaces with RIP RIP Global Statistics Viewing RIP Statistics Viewing Your ATM VC Configuring the ATM Virtual Circuit Vpi Configuring the ATM Virtual CircuitSoftware and identify the type of traffic that can be Use an aal5-type interface Adding ATM VCs Adding ATM VCs Modifying ATM VCs ATM VC Interface Modify Modifying ATM VCs Configuring PPP Interfaces Ignore WAN to LAN traffic while monitoring inactivity Viewing Your Current PPP ConfigurationConfiguring PPP Interfaces Inactivity TimeOut mins Viewing Your Current PPP Configuration Device will acquire IP addresses for other Disable, LAN hosts will use the DNS addressPreconfigured in the Dhcp pool see Configuring Under way e.g., password authorization or Viewing PPP Interface Details Viewing PPP Interface Details Each requiring a different login and other EnabledRebooted Service Name ISP issued a special packet type to terminate By changing the Configuration Manager settingsWith the timeout period specified on the PPP On the user name and/or password provided PPP Interface Add Adding a PPP Interface Definition Modifying and Deleting PPP Interfaces Modifying and Deleting PPP Interfaces 114 Overview of EOA Configuring EOA Interfaces Configuring EOA Interfaces Viewing Your EOA Setup Viewing Your EOA Setup Adding EOA Interfaces Default RouteEnable or disable the interface a red ball may indicate a Problem with the DSL connection EOA Interface Add Adding EOA Interfaces 120 Viewing Your IPoA Interface Setup Configuring Ipoa Interfaces Configuring IPoA Interfaces Adding IPoA Interfaces Enable or disable the interface a down interface mayIndicate a problem with the DSL connection Adding IPoA Interfaces 124 Overview of Bridges Configuring Bridging Configuring Bridging When to Use the Bridging Feature When to Use the Bridging FeatureDefining Bridge Interfaces 128 Deleting a Bridge Interface Deleting a Bridge Interface Configuring Global Firewall Settings Configuring Firewall Settings Configuring Firewall Settings Configuring Global Firewall Settings Managing the Black List ID assigned to the ruleIts automatic timed expiration Configuring IP Filters Configuring IP Filters and Blocked Protocols Viewing Your IP Filter Configuration Configuring IP Filters and Blocked Protocols Configuring IP Filter Global Settings Configuring IP Filters Creating IP Filter Rules Outgoing refers to packets going to the Internet External computers from accessing your LANThat are incoming or outgoing on the selected interface Incoming refers to packets coming from the LAN Option is valid only for the outgoing direction Choosing the appropriate interface for various rule types Blacklist Log Option to Enable if you configure a Log TagSecurity Low, then the rule will be inactive Specified address Rule to be invoked on packets containingAny any source IP address Lt any source IP address that is numerically less than Received in the anticipated state. Such packets can signify Unwelcome attempt to gain access to a networkStore State An ongoing communication, etc. This option provides That have options specified in their packet headers Example IP filter rule examples 146 Viewing IP Filter Statistics IP Filter Rule Statistics Managing Current IP Filter Sessions Time to expire Blocked ProtocolsBlocked Protocols Filter rule, are assigned a session index 150 Is often used for handling e-mail, mailing lists Address Resolution Protocol. Computers on a LAN use ARP toComputers when they only know their IP addresses Your ISP before blocking this protocol Large networks DSL Status Viewing DSL Line Information DSL Parameter Viewing DSL Line Information 155 156 Administrative Tasks Configuring User Names and PasswordsChanging Login Passwords User Configuration Administrative Tasks Viewing System Alarms Viewing System AlarmsViewing the Alarm Table Upgrading the Software Image Upgrade Using Diagnostics Using DiagnosticsFile 162 Modifying Port Settings Modifying Port SettingsOverview of IP port numbers Modifying the Adsl Barricade’s port numbers 165 Appendix a IP AddressesStructure of an IP address Network ID Host ID Appendix a Network classes Network classes Subnet masks Subnet masks Appendix B Binary NumbersDefinition binary numbers Appendix B Bits and bytesDefinition bit and byte Troubleshooting Internet Access My PC cannot access Internet Troubleshooting My LAN PCs cannot display web pages on the Internet Diagnosing Problem using IP Utilities My changes to Configuration Manager are not being retained 179 180 Technical Specifications Chap Technical Specifications Power Dissipation Operating System SupportEnvironmental Operating Range Safety Power InputWeight Dimensions Authenticate TerminologyAnalog Terminology Digital Filtering Domain nameDownload Ethernet Hop count FirewallGbps Hop Intranet HostIn-line filter Internet 191 NAT rule MaskMbps Microfilter Network mask PacketPort Pots splitter ProtocolRemote Splitterless RoutingRule Splitter Subnet mask Subnet Telnet Twisted pairUpstream Web Web browser Web site Compliances FCC Class BFCC Part Compliances EC Conformance Declaration Class B Wichtige Sicherheitshinweise Germany Safety Compliance Compliances Legal Information Contacts SMCs Limited Warranty Statement Legal Information and Contacts Is subject to change without notice Limitation of Liability