Prestige 2602HW Series User’s Guide

Table 112 Menu 21.1.5.1 Generic Filter Rule (continued)

FIELD

DESCRIPTION

 

 

Action Not

Select the action for a packet not matching the rule. Choices are Check Next Rule,

Matched

Forward or Drop.

When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm or ESC to Cancel:” to save your configuration, or press [ESC] at any time to cancel.

33.5 Filter Types and NAT

There are two classes of filter rules, Generic Filter Device rules and Protocol Filter (TCP/IP) rules. Generic Filter rules act on the raw data from/to LAN and WAN. Protocol Filter rules act on IP packets.

When NAT (Network Address Translation) is enabled, the inside IP address and port number are replaced on a connection-by-connection basis, which makes it impossible to know the exact address and port on the wire. Therefore, the Prestige applies the protocol filters to the “native” IP address and port number before NAT for outgoing packets and after NAT for incoming packets. On the other hand, the generic (or device) filters are applied to the raw packets that appear on the wire. They are applied at the point where the Prestige is receiving and sending the packets; for instance, the interface. The interface can be an Ethernet, or any other hardware port. The following figure illustrates this.

Figure 194 Protocol and Device Filter Sets

33.6 Example Filter

Let’s look at an example to block outside users from telnetting into the Prestige.

340

Chapter 33 Filter Configuration