Manuals / USRobotics / Computer Equipment / Switch

USRobotics NETServer/8, NETServer/16 manual TCP and UDP parameters

Models: NETServer/16 NETServer/8

1 284

Download 284 pages 20.7 Kb

Page 124

TCP and UDP parameters

TCP and UDP packets can be filtered by source and destination socket numbers. This allows you permit or deny specific services.

<tcp udp> src <lt gt eq> <TCP/UDP port #>

Compare the source port number in a TCP or UDP packet to a specific value.

lt or lessthan	less than
eq or equal	equal to
gt or greaterthan	greater than

A sample rule might look something like this:

permit tcp src gt 23

<tcp udp>dst <lt gt eq> <TCP/UDP port #>

Compare the destination port number in a UDP packet to a specific value. Example:

deny udp dst eq 40

established or estab

Evaluates whether the packet is for an established connection. Note that since UDP is not a connection-oriented protocol, this parameter can only be used in TCP rules. Example

permit tcp dest eq 192 established

Established is usually employed to restrict a normally two-way connection to only one way. One example would be allowing internal users to establish FTP sessions with external hosts, while denying external users FTP access to local hosts. Since a single FTP session sends packets in both directions, filtering out FTP packets headed in either direction will kill FTPs in both directions. See the discussion of FTP below for more informa- tion.

8-10 Packet Filters

Image 124

USRobotics NETServer/8, NETServer/16 manual TCP and UDP parameters

Contents

NETServer/8 NETServer/16 Page Table of Contents Network Dial-in Access Administrative Tools Reference SectionWarranty and Service Limited WarrantyTechnical Support Service and SupportVii We welcome your suggestions for better documentation ViiiChapter Overview What’s New with Release 3.1?Additional Software Enhancements OverviewNetmask Table IP Address SpoofingAccounting Servers Accounting Server SupportMultiple Name Servers Randomized HostsRadius Accounting and ANI/DNIS Icmp Message LoggingNew Modem Port Features NETServer Overview IP Modem Sharing How do I get there from here? Administrative Utilities SecuritySystem Administrator Requirements Chapter Basic InstallationBasic Installation TCP/IP Reference Material Accessing the Command Line Getting Started Getting the LAN port up and running First step for IPX or IP/IPX networksBasic Installation IP Configuration You must also set the Broadcast Address. Type the following IPX Configuration Ethernet802.3 ethernet802.2 ethernet802.2II ethernetIIFinal Steps Password Recommended Global ConfigurationIP and IPX Default Gateways To set the IP gateway, type the following Name Service Save your workBasic Installation How to Setup Applications Chapter Configuration OverviewConfiguration Overview Where do I go from here? Application SectionCommand Line Commands are not case sensitiveYou can abbreviate commands Separate a parameter and its value by a spaceReset any ports you have changed Reboot when necessaryHow to log out of the command line Save your changesQuick Command Overview Global Configuration Overview of configurable tablesHosts Table Initialization Script Configuration Net0 LAN Port ConfigurationLocation Table Netmasks TablePacket Filter Table Port Configuration Port TypeSnmp Configuration Routes TableUser Table Configuration Overview Terminal or Workstation Setup Chapter IP Terminal Server SetupIP Terminal Server Setup NETServer Terminal Server Setup Overview Global Default Port DefaultUser Table Terminal Server Detailed Setup Configuring a PortSet the port type to User Login Set the port’s security Pass-Thru LoginCreate default user settings for the port Port Default Login Service Optional Friendly Stuff Save sport # Adding a Remote User to the User Table Configure the userAdd the user to the User Table Login Service Configure for dialback use? IP Terminal Server Case Studies ExampleNETServer will use ports 6, 7, and 8 for this application Save your work and reset all the ports Example IP Terminal Server Setup Dial-in User Setup Chapter Network Dial In AccessNetwork Dial In Access NETServer Setup for Network Dial-In Overview PreworkConfiguration NETServer Dial-In Detailed Setup Dialback Users on this Port? Save the changes to flash memory Create a new user Normal or dialback user?Add configuration information for the user This is the user’s IP subnet mask. Use the following command Option can be any one of the following IP Remote Access Case Study Configure the portsCreate user table entries for the dial in users Create a user table entry for the dialback userSave your work and reset the ports Connecting to the NETServer IPX Remote Access Create User Table entries for the dial in users Chapter LAN-to-LAN Routing Setup for NETServer Routing OverviewLAN-to-LAN Routing IPX routing LAN-to-LAN Routing An Introduction to NETServer Routing NETServer RoutingLAN-to-LAN Routing Static vs. Dynamic Routes How RIP Dynamically Builds the Routing TableHow Packets are Routed Establishing Connections to Remote GatewaysRouting Procedure PAP/CHAP Authentication PAP Password Authentication ProtocolChap Setup for the NETServer Chap Challenge Example LAN-to-LAN Routing Detailed Setup Configuring the PortCreating a Dial-Out Group Create a new location table entry Adding a Remote Device to the Location TableSet Required Location Parameters This is the remote device’s IP address Set location location name netmask netmask Dial Group Number Multiple lines for a single connection Maximum Ports Create a Dial Script Set location Chicago script 1 atds slot#\r Connect Create a User Table Entry Adding the Remote Device to the User TableTell the NETServer about the Remote Device Set user user name protocol ppp slip Set netuser user name compression on off LAN-to-LAN Routing Case Study Setting Up NETServer a Add netuser nsb password xyzabcSetting Up NETServer B Now, save your work and reset the ports Testing the Connection Connecting to NETServer a from NETServer B What If I Don’t Want to Use Chap Authentication?Configure the port as a host device Chapter Talking to the ModemsTCP/IP Modem Sharing Assign the modem a TCP port numberSave your work and reset the port Turn modem control carrier detect offImplementing Security with Host Device Dial Out Configuring modems as Unix pseudo TTYs Talking to the Modems Modem Initialization Scripts How ToAdd a New Initialization Script Assign Text to an Initialization ScriptDelete an Initialization Script Use an Existing Initialization ScriptDisplaying an Initialization Script Default initialization string Initialization Script ExampleSending AT commands to the modems Talking to the Modems Packet Filters Chapter Packet FiltersPacket Filters Types of Filters Packet Filters and the NETServerInput filters vs. Output filters Information SourcesAdding Packet Filters Input filters vs. Output filters Rule Type Filter Rule FormatName Permit or Deny Rule NumberOptions TCP/IP packet filtering Destination Address TCP and UDP parameters Standard Port Numbers TCP UDPFiltering RIP messages FTP Packet FilteringClient opens a control channel FTP Example Filtering Icmp packets Type DescriptionIPX packet filtering IPX RulesDsthost SAP Rule Options Editing Packet Filters Edit a Packet FilterDelete a Packet Filter Rule Delete a Packet FilterView a Packet Filter View the Packet Filter TableChapter Administrative Tools Configuring the !root accountChanging the command prompt Root AccessTelnet Access Port Dial Command Manually Connecting to a Remote SiteNslogin, Rlogin and Telnet Commands Troubleshooting Commands Viewing Debug messagesTurn off the output console by typing the following Ifconfig MTU Ping Ptrace Traceroute VersionShow command ShowShow arp Show flashShow memory Show netconnsShow netstat Show sap Show sessionsAdministrative Tools Global Configuration Chapter Command ReferenceCommand Reference Get help View the Global Configuration TableSave Changes Default Host Global user parametersAssigned Address Connect MessageRandomize Hosts Default Gateways Global routing parametersDefault Route IP Address SpoofingNetBIOS Packet Propagation PAP AuthenticationProxy ARP System NameService Name ServiceServer name DNS Cache Reset Time-out Domain nameRadius security Primary Radius ServerAlternate Radius Server Radius SecretRadius Accounting Syslog AccountingIcmp Logging Hosts Table Add a HostDelete a Host View the Hosts TableBring Up the List of Commands Location TableAdd a Location to the Location Table Change a Location’s ParametersView the Location Table Save Location Table ChangesView a Particular Location Location Table Parameters Connection TypeNetmask IP AddressIPX Network Routing ProtocolCompression Dial Group Maximum PortsIdle Time-out High Water MarkMTU PPP Async MapInput Filter Output FilterDial Script Send Reply LAN Port Net0 Configuration Reset the Network Interface CardLAN Port Parameters View LAN Port ConfigurationEthernet Status Configured Ethernet Media Interface AddressBroadcast Address IPX Frame Type Set net0 ifilter filter name Netmask Table Add a netmaskDelete a netmask View the netmask tableSave Port Configuration Change a Port’s ParametersTo view all of the S-ports, use the following command View the Ports TableIdle Port is idle View an Individual Port Determining a Port’s Type User LoginHost Device Device Service Network Dial In Port Parameters Login MessageLine Hangup Login Prompt Security Pass-Thru LoginDialback Delay User Login Port ParametersAutolog Name Host Login Service Terminal Type Hardwired Port Parameters IPX Network NumberSet s0 netmask netmask NETServer sends RIP information across Serial Communications Parameters Port SpeedDatabits StopbitsParity Flow ControlHost Override Modem ControlAdd a Route to the Routes Table Routes Table ConfigurationChange a Route’s Information Save Routes Table Changes Delete a Routes Table EntryView the IP Routes Table Viewing the IPX Routes Table Flag ParameterIP Parameters IPX Parameters Snmp Table Delete Snmp HostsSave the Snmp Table Changes Enabling/Disabling SnmpSnmp Table Parameters View Snmp TableRead Community Name Write Community NameRead Hosts Write HostsUser Table Add a User to the User TableChange a User’s Parameters Delete a UserSave User Table Changes View the User TableAccess Filter Login User ParametersDialback Number Set user name service rlogin telnet netdata portmux Command Reference Network User Parameters DialbackIPX connections require the PPP protocol NETServer sends RIP information to the dial Set user filter name ofilter filter name Command Reference Appendix a Technical Specifications 16 port NETServer HardwarePower Requirements Maximum Output PowerMaximum Input Power Typical Input PowerTechnical Specifications A-3 External Serial Port ConsoleEthernet Network Interface Card 10Base-TSignal Technical Specifications A-510Base-2 BNC Isolated GNDTechnical Specifications Technical Specifications A-7 Token Ring⎯STP ConnectorToken Ring Network Interface Card Token Ring⎯UTP Connector NETServer Firmware Specifications AdministrationTechnical Specifications A-9 Routing SupportIndustry Standards Support PPP Specific FeaturesClient Dial-up Support Technical Specifications A-11 Slip and PPP Client Software SupportTechnical Specifications Appendix B Addressing Schemes IPX Addressing BasicsIP Addressing Basics Addressing Schemes B-1Subnetting Address ClassesAddressing Schemes Mask Binary Subnets Hosts Addressing Schemes B-3Reserved Addresses Supernetting Advanced TCP/IP Addressing Schemes B-5Cidr Each Supernet is treated as a single entity Addressing Schemes B-7 Step two Select a range of addresses for each supernet Addressing Schemes B-9 Supernetting and the NETServer SDL Using a Direct Connection to a PC Why Perform an SDL Software Download?Appendix C Software Download Software Download C-1Make Backup Copies of the NETServer Firmware Software InstallationLoading the Software Download SDL Program Starting SDLSDL Command Syntax Software Download C-3Optional -d Parameter Filename PrefixesEntering SDL Mode Software Download C-5From the Windows Management Software Upgrading NETServer FirmwareUpgrading the Modem Firmware Software Download C-7For the Isdn NETServer, the file names are Error Messages Software Download C-9PC SDL program detected unknown command line argu- ments Software Download C-11 Invalid Control Word Software Download C-13 File you are trying to download is not a NETServer file Appendix D Boot Process Boot Process D-1Boot Process Appendix E Syslog Accounting Using SyslogSyslog Accounting E-1 Syslog System Messages Spotting Unused PortsSyslog System Message Format Syslog AccountingSyslog System Message Examples Syslog Accounting E-3Someone has logged in as !root on port S16 Syslog Accounting E-5 Syslog Accounting Appendix F Obtaining RadiusSecurity a Centrally Managed User Table Setting Up Radius User Table Entries Authentication ItemsResponse Items Radius F-5 Framed-Netmask Radius F-7 User Types Radius F-9 Making NETServer talk to a Radius security server Chap authentication using Radius Acct-Delay-Time Radius AccountingRadius accounting fields Acct-Status-TypeAcct-Authentic Accounting ExamplesAcct-Session-Time Radius Alphabetical Index IndexIndex Icmp MTU NIC PPP SAP Slip Index Index