Manuals / ZyXEL Communications / Computer Equipment / Network Router

ZyXEL Communications 2304R-P1 manual A filter for blocking the NetBIOS packets, Filter

Models: 2304R-P1

1 124

Download 124 pages 11.81 Kb

Page 32

A filter for blocking the NetBIOS packets

Prestige 2304 Support Notes

A filter for blocking the NetBIOS packets

•Introduction

The NETBIOS protocol is used to share a Microsoft comupter of a workgroup. For the security concern, the NetBIOS connection to a outside host is blocked by Prestige router as factory defaults. Users can remove the filter sets applied to menu 3.1 and menu 4.1 for activating the NetBIOS services. The details of the filter settings are described as follows.

•Configuration

The packets need to be blocked are as follows. Please configure two filter sets with 4 and 2 rules respectively based on the following packets in SMT menu 21.

Filter Set 1:

oRule 1-Destination port number 137 with protocol number 6 (TCP) o Rule 2-Destination port number 137 with protocol number 17 (UDP) o Rule 3-Destination port number 138 with protocol number 6 (TCP) o Rule 4-Destination port number 138 with protocol number 17 (UDP) o Rule 5-Destination port number 139 with protocol number 6 (TCP) o Rule 6-Destination port number 139 with protocol number 17 (UDP)

Filter Set 2:

oRule 1-Source port number 137, Destination port number 53 with protocol number 6 (TCP)

oRule 2-Source port number 137, Destination port number 53 with protocol number 17 (UDP)

Before starting to set the filter rules, please enter a name for each filter set in the 'Comments' field first.

Menu 21 - Filter Set Configuration

Filter

Filter

32

All contents copyright (c) 2005 ZyXEL Communications Corporation.

Image 32

ZyXEL Communications 2304R-P1 manual A filter for blocking the NetBIOS packets, Prestige 2304 Support Notes, Filter

Contents

VoIP Station Gateway Prestige 2304R-P1Support Notes Prestige 2304 Support Notes INDEXPrestige 2304 Support Notes How many network users can the SUA/NAT support?CLI Command List Prestige 2304 Support NotesApplication Notes General Application NotesInternet Connection 1. Ethernet connection2. TCP/IP Installation 3. TCP/IP ConfigurationSetting up the Prestige router Prestige 2304 Support NotesPrestige 2304 Support Notes 1. Retrieve Prestige WebPrestige 2304 Support Notes 3. Configure Prestige for Internet access by using WIZARD SETUPAll contents copyright c 2005 ZyXEL Communications Corporation The Web screen shown below takes PPPoE as the example All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2304 Support Notes Prestige 2304 Support Notes Setup the Prestige as a DHCP RelayWhat is DHCP Relay? IP Subnet Mask= Setup the Prestige as a DHCP ClientPrestige 2304 Support Notes Configure an Internal Server Behind SUA ConfigurationFor example Configuring an internal Web server for outside access Prestige 2304 Support NotesService Configure a PPTP server Behind SUAPort Number All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2304 Support Notes Window98 PPTP Client / Internet / NT RAS Server Protocol StackPrestige 2304 Support Notes ExamplePrestige 2304 Support Notes For example C\pingPrestige 2304 Support Notes About Filter & Filter Examples How does ZyXEL filter work?Filter Structure Prestige 2304 Support Notes Filter Types and SUAAll contents copyright c 2005 ZyXEL Communications Corporation Prestige 2304 Support Notes The sequence of the logic flow for the packet from WAN to LAN isPrestige 2304 Support Notes Menu 21.1.1 - Generic Filter Rule Filter # 1,1Prestige 2304 Support Notes Protocol and device rule cannot be active togetherprotocol filters= device filters= protocol filters= device filters=filter for blocking the web service Prestige 2304 Support NotesGenerally, the outbound packets for Web service could be as following All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2304 Support Notes 1. The outbound packet type protocol & port number3.Rule 2 for b.DNS request, TCP06/Port number Prestige 2304 Support Notes2. Rule one for a. http packet, TCP06/Port number Prestige 2304 Support Notes 4. Rule 3 for c. DNS packet UDP17/Port numberPrestige 2304 Support Notes A filter for blocking a specific clientConfiguration 1. Create a filter set in Menu 21, e.g., set Prestige 2304 Support Notes Key SettingsA filter for blocking a specific MAC address Before you Begin Prestige 2304 Support NotesPrestige 2304 Support Notes Configurations2. We are now ready to configure the Generic Filter Rule as below Generic Filter Ruls Set the Filter Type to Generic Filter Rule Active Key SettingsPrestige 2304 Support Notes Prestige 2304 Support Notes Action Matched=A filter for blocking the NetBIOS packets Menu 21 - Filter Set ConfigurationPrestige 2304 Support Notes FilterAction Not Matched= Check Next Rule Prestige 2304 Support NotesRule 1-Destination port number 137 with protocol number 6 TCP Rule 3-Destination port number 138 with protocol number 6 TCP Prestige 2304 Support NotesRule 2-Destination port number 137 with protocol number 17 UDP Prestige 2304 Support Notes Rule 4-Destination port number 138 with protocol number 17 UDPRule 6-Destination port number 139 with protocol number 17 UDP Prestige 2304 Support NotesRule 5-Destination port number 139 with protocol number 6 TCP Prestige 2304 Support Notes Prestige 2304 Support Notes Prestige 2304 Support Notes 1. After the first filter set is finished, you will get the complete rules summary as belowUsing the Dynamic DNS DDNS 1. What is DDNS?Setup the DDNS Prestige 2304 Support NotesOption Service Provider Host User Password Enable Wildcard Network Management Using SNMPDescription 1. SNMP OverviewPrestige 2304 Support Notes 1. A small set of management operations2. Definitions of management variables 3. Data representation 6. Reads2. SNMPv1 Operations Prestige 2304 Support Notes7. Writes 8. Traversal operationsPrestige 2304 Support Notes GetNextTrap 3. ZyXEL SNMP Implementation Prestige 2304 Support Notes4. Configure the Prestige for SNMP Prestige 2304 Support NotesGet Community Set Community Trusted Host Trap Community Trap DestinationNMS managers entered, the Prestige will not send trap any NMS managerUsing syslog 4. Prestige SetupUNIX Setup Prestige 2304 Support NotesPacket triggered log Filter logPrestige 2304 Support Notes line = the WAN ID in a board channel = channel ID within the WANPPP Log Prestige 2304 Support NotesUsing IP Alias What is IP Alias ?All contents copyright c 2005 ZyXEL Communications Corporation Prestige 2304 Support NotesIP Alias Setup Prestige 2304 Support Notes2004 ZyXEL Communications Corp ras ip ro stDHCP Setup TCP/IP Setup Edit IP Alias IP Alias IP AliasMenu 3.2.1 - IP Alias Setup IP Alias 1= Yes IP Address= Enter here to CONFIRM or ESC to CANCELUsing IP Multicast Time Service in PrestigeWhat is IP Multicast ? Prestige 2304 Support NotesIP Multicast Setup Enable IGMP in Prestiges LAN in menu Prestige 2304 Support NotesPrestige 2304 Support Notes Using Prestige traffic redirectMulticast Traffic Redirect on WAN port Traffic Redirect on LAN portHow to deploy backup gateway? Traffic Redirect SetupSMT Menu 11.6-Traffic Redirect Setup BackupTimeout ActivePrestige 2304 Support Notes ADVANCED/WAN/Traffic Redirect Using Universal Plug n Play UPnP1. What is UPnP Prestige 2304 Support Notes UPnP Operations2. Using UPnP in ZyXEL devices Service NAT function provided by Prestige Router Control Point PC1Prestige 2304 Support Notes Device Prestige RouterThe first check box enables UPnP function in this device Prestige 2304 Support Notes3. Start a Video conversation with one online user All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2304 Support Notes All contents copyright c 2005 ZyXEL Communications Corporation Prestige 2304 Support Notes5. Finally, your video conversation is achieved All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2304 Support Notes Prestige 2304 Support Notes Setup SIP AccountVoIP Application Notes Prestige 2304 Support Notes Prestige 2304 Support Notes Step 6. If you wish to send caller ID check the check box in the Caller ID category, if you do not wish to send out caller ID leave the check box uncheckService Each fields detail description on this page is listed belowLabel DescriptionAuthentication PasswordSettings ResetEach fields detail description is listed below PhonePrestige 2304 Support Notes LabelVolume SpeakingListening OutgoingEach fields detail description of the page is listed below Prestige 2304 Support NotesEntry Speed DialName TypeZyNOS FAQ What is ZyNOS?How do I access the embeded web configurator? ClearPrestige 2304 Support Notes How do I upload the ZyNOS firmware code via embeded web configurator?How do I upload or backup ROMFILE via web configurator? Why cant I make Telnet to Prestige from WAN? What should I do if I forget the system password?What is SUA? When should I use SUA? Prestige 2304 Support NotesWhat is the difference between NAT and SUA? How many network users can the SUA/NAT support?What are Device filters and Protocol filters? Prestige 2304 Support NotesProduct FAQ Why cant I configure device filters or protocol filters?What is the Prestige Internet Access Sharing Router? Will the Prestige work with my Internet connection?What is PPPoE? How do I know I am using PPPoE?Why does my provider use PPPoE? How can I configure the Prestige?What network interface does the Prestige support? What can we do with Prestige?Does Prestige support dynamic IP addressing? How does e-mail work through the Prestige?What is the difference between the Standard and RoadRunner service? What DHCP capability does the Prestige support?What network interface does the new Prestige series support? Prestige 2304 Support NotesHow does the Prestige support TFTP? Can the Prestige support TFTP over WAN?How can I upload data to outside Internet over the one-way cable? How fast can the data go?1. Your ISP checks the MAC address Prestige 2304 Support Notes2. Your ISP checks the Host Name 3. Your ISP checks User IDPrestige 2304 Support Notes a. Assigned By, Choose IP address attached on LANWhat is Multi-NAT? Prestige 2304 Support NotesWhen do I need Multi-NAT? What IP/Port mapping does Multi-NAT support?1. One to One 2. Many to OneWhat is the difference between SUA and Multi-NAT? NAT TypeIP Mapping Prestige 2304 Support NotesWhat is BOOTP/DHCP? What is DDNS?When do I need DDNS service? What is DDNS wildcard?VoIP FAQ How do I setup my Prestige for routing IPsec packets over SUA?What is Voice over IP? Does the Prestige support DDNS wildcard?Why use VoIP? What is the relationship between codec and VoIP?What is the difference between H.323 and SIP? What advantage does Voice over IP can provide?What is voice quality? What is codec?What is the relation of codec and VoIP? How are voice quality normally rated?What do I need in order to use SIP? Unable to register with the SIP server?I can register but can not establish a call? Prestige 2304 Support NotesTrouble Shooting Unable to Get WAN IP from ISPI can make a call but the voice only goes one way not bothway? I can receive a call but the voice only goes one way not bothway?1. Your ISP checks the MAC address Prestige 2304 Support Notes2. Your ISP checks the Host Name Prestige 2304 Support Notes3. Your ISP checks User ID Prestige 2304 Support NotesUsing Embedded Packet Trace 1. Online Trace--display the trace real time on screen2. Offline Trace--capture the trace first and display later Online TraceExample Prestige 2304 Support Notes100 All contents copyright c 2005 ZyXEL Communications Corporation Prestige 2304 Support Notes101 All contents copyright c 2005 ZyXEL Communications Corporation Prestige 2304 Support Notes102 All contents copyright c 2005 ZyXEL Communications Corporation Prestige 2304 Support NotesExample 103 All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2304 Support Notes Prestige 2304 Support Notes LAN Frame ENET1-RECV+Y.x 105 All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2304 Support Notes 106 All contents copyright c 2005 ZyXEL Communications Corporation Prestige 2304 Support NotesPrestige 2304 Support Notes Offline Trace107 All contents copyright c 2005 ZyXEL Communications Corporation Prestige 2304 Support Notes Exmaple108 All contents copyright c 2005 ZyXEL Communications Corporation 109 All contents copyright c 2005 ZyXEL Communications Corporation Prestige 2304 Support NotesExample 110 All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2304 Support Notes a.P&Mq= 111 All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2304 Support Notes 112 All contents copyright c 2005 ZyXEL Communications Corporation Prestige 2304 Support NotesPrestige 2304 Support Notes Debug PPPoE ConnectionDebug PPPoE Connection Example- A trace with system crashes Prestige 2304 Support Notes115 All contents copyright c 2005 ZyXEL Communications Corporation Prestige 2304 Support NotesPrestige 2304 Support Notes LAN/WAN Packet Trace116 All contents copyright c 2005 ZyXEL Communications Corporation Prestige 2304 Support Notes 1. Online Trace--display the trace real time on screen2. Offline Trace--capture the trace first and display later Online Trace118 All contents copyright c 2005 ZyXEL Communications Corporation Prestige 2304 Support Notes119 All contents copyright c 2005 ZyXEL Communications Corporation Prestige 2304 Support Notes120 All contents copyright c 2005 ZyXEL Communications Corporation Prestige 2304 Support Notes121 All contents copyright c 2005 ZyXEL Communications Corporation Prestige 2304 Support NotesExample 122 All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2304 Support Notes Offline Trace 123 All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2304 Support Notes CLI Command List Prestige 2304 Support Notes