ApplicationNote Ed. 01
2 SpeedTouchTM610 Remote Access
6
2.1 The SpeedTouchTM610 FirewallIntroduction All traffic from, to, or via any of the SpeedTouchTM610 interfaces is subjected to its
powerful programmable firewall.
For a full description of the SpeedTouchTM610 programmable firewall see the applica-
tion note The SpeedTouchTM610 and Firewalling.
In the scope of Remote management however, the following topics provide some essen-
tial information to understand the operation of the SpeedTouchTM610 firewall.
Default firewall
configuration
By default a set of rules is provided for basic firewalling.
Defining LAN as your local network, SpeedTouchTM610 as the SpeedTouchTM610’s IP
host, and WAN as the “outside” network (i.e. any IP connection configured over the
SpeedTouchTM610 DSL line), the combination of the firewall rules make sure that IP
packets migrating:
•from WAN to LAN are allowed (Rule 1)
•from LAN to WAN are allowed (Rule 2)
•from LAN to SpeedTouchTM610 are allowed (Rule 3)
•from SpeedTouchTM610 to LAN are allowed (Rule 4)
•from SpeedTouchTM610 to WAN are dropped, except DNS and DHCP (Rule 5)
•from WAN to SpeedTouchTM610 are dropped, except DNS and DHCP (Rule 6)
•from WAN to WAN are dropped (Rule 7).
Rules 1 and 2 can be considered as “DSL Gateway rules”: these assure that the
SpeedTouchTM610 can act as DSL Gateway for your local network.
Rules 3 and 4 can be defined as “Local Management rules”: these two rules enable
direct communication between the local network and the SpeedTouchTM610 IP host (be
it for http, ftp or telnet access) possible.
Rules 5, 6 and 7 could be defined as the “Security and Remote Management rules”:
these rules ensure that by default no one from the WAN has IP access with the
SpeedTouchTM610 device itself.