Manuals / ZyXEL Communications / Computer Equipment / Network Router

ZyXEL Communications P-2302HW manual Filter to block web services, Prestige 2302 Support Notes

Models: P-2302HW

1 128

Download 128 pages 63.22 Kb

Page 23

Filter to block web services

Prestige 2302 Support Notes

allowed in the pre-ZyNOS v3.40 firmware. Thus when you upgrade the firmware to ZyNOS v3.40, the old configuration is translated to the new format and any filter configuration inconsistence is logged. It is highly recommended that you check the system log (in SMT menu 24.3.1) before setting up the device on the network.

Note: The Prestige automatically deactivates the routing/bridging functions when an inconsistency is detected in the filter rule settings.

Filter to block web services

•Configuration

Before configuring a filter, you need to know the following information:

1.The outbound packet type (the protocol and port number)

2.The source IP address

Generally, the outbound packets for a web service could be as follows:

a. HTTP packet, TCP (06) protocol with port number 80 b. DNS packet, TCP (06) protocol with port number 53 or c. DNS packet, UDP (17) protocol with port number 53

To block web services on all LAN hosts, enter 0.0.0.0 for the source IP address. Otherwise enter the IP address of a LAN computer to block web services for that computer. The configuration procedure is described below.

oCreate a filter set in SMT menu 21, for example, set 1

oCreate three filter rules in menu 21.1.1, 21.1.2, and 21.1.3

Rule 1- block the HTTP packets, TCP (06) protocol type with port number 80

Rule 2- block the DNS packets, TCP (06) protocol type with port number 53

Rule 3- block the DNS packets, UDP (17) protocol type with port number 53 o Apply the filter set in menu 4

1.Create a filter set in menu 21

Menu 21 - Filter Set Configuration

Filter

Filter

23

All contents copyright (c) 2005 ZyXEL Communications Corporation.

Image 23

ZyXEL Communications P-2302HW manual Filter to block web services, Prestige 2302 Support Notes, The source IP address

Contents

VoIP Station Gateway With Lifeline/ DECT/ USBP-2302HW SERIES Support NotesINDEX Prestige 2302 Support NotesPrestige 2302 Support Notes What is the difference between NAT and SUA?How does Voice over IP work? CLI Command ListWhat is Voice over IP? Prestige 2302 Support NotesInternet Connection Application NotesPrestige 2302 Support Notes General Application NotesPrestige 2302 Support Notes 2. TCP/IP Installation3. TCP/IP Configuration Setting up the Prestige routerPrestige 2302 Support Notes 1. Accessing the Prestige Web Management InterfacePrestige 2302 Support Notes All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2302 Support Notes Prestige 2302 Support Notes WAN IP Address field Setup the Prestige as a DHCP RelayWhat is DHCP Relay? All contents copyright c 2005 ZyXEL Communications CorporationIP Subnet Mask= Setup the Prestige as a DHCP ClientPrestige 2302 Support Notes Introduction Configure an Internal Server Behind the PrestigeConfiguration Prestige 2302 Support NotesAll contents copyright c 2005 ZyXEL Communications Corporation ServicePort Number The following table lists some common service port numbersWindow98 PPTP Client / Internet / NT RAS Server Protocol Stack Configure a PPTP server Behind SUAPrestige 2302 Support Notes Prestige 2302 Support Notes The PPTP is already supported in Windows NT and Windows 98. For Windows 95, a software upgrade with Dial-Up Networking 1.2 is requiredƒ Set the Prestige that connects to the ISP as the Internet gateway Prestige 2302 Support NotesPrestige 2302 Support Notes How does the ZyXEL filter feature work?About Filters & Filter Examples Prestige 2302 Support Notes Filter StructurePrestige 2302 Support Notes Filter Types and SUAMask= N/A Value= N/A More= No Log= None Prestige 2302 Support NotesMenu 21.1.1 - Generic Filter Rule Filter # 1,1 Filter Type= Generic Filter Rule Active= Yes Offset= Length=protocol filters= device filters= Prestige 2302 Support NotesProtocol and device rule cannot be active together protocol filters= device filters=Rem IP Prestige 2302 Support NotesRoute= Edit PPP Options= No1. The outbound packet type the protocol and port number Filter to block web servicesGenerally, the outbound packets for a web service could be as follows Prestige 2302 Support NotesENTER to Confirm or 2. Configure rule one for a. HTTP packets using TCP06 and port numberPrestige 2302 Support Notes Prestige 2302 Support Notes 3. Configure rule 2 for b. DNS requests using TCP06 and port number4. Rule 3 for c. DNS packets using UDP17 and port number Prestige 2302 Support Notes A filter to block a specific client2.Create one rule to block all packets from this client Prestige 2302 Support NotesPrestige 2302 Support Notes Key SettingsA filter to block a specific MAC address Before you BeginThe following shows detailed information with Ethernet Version Prestige 2302 Support NotesPrestige 2302 Support Notes ConfigurationsSelect Generic Filter Rule in the Filter Type field Key SettingsActive Select Yes in the Active field Offset in bytes Prestige 2302 Support NotesPrestige 2302 Support Notes A filter to block NetBIOS packetsPrestige 2302 Support Notes Configure fieldRule 2-Destination port number 137 with protocol number 17 UDP Prestige 2302 Support NotesAction Not Matched= Check Next Rule Rule 4-Destination port number 138 with protocol number 17 UDP Prestige 2302 Support NotesRule 3-Destination port number 138 with protocol number 6 TCP Rule 5-Destination port number 139 with protocol number 6 TCP Prestige 2302 Support NotesRule 6-Destination port number 139 with protocol number 17 UDP Prestige 2302 Support NotesPrestige 2302 Support Notes Rule 2-Source port number 137, Destination port number 53 with protocol number 17 UDP Prestige 2302 Support NotesPrestige 2302 Support Notes Using Dynamic DNS DDNS1. What is DDNS? Prestige 2302 Support Notes web site from the WAN when you have set up the DDNS settings. With DDNS, users can always access a web site regardless of the WAN IP address on the PrestigeNetwork Management Using SNMP Service ProviderPassword Enable Wildcard8. Traversal operations Prestige 2302 Support Notes6. Reads 7. WritesPrestige 2302 Support Notes 2. SNMPv1 OperationsGetNext TrapPrestige 2302 Support Notes 3. ZyXEL SNMP ImplementationPrestige 2302 Support Notes If the machine warmstarts, the trap will be sent after bootingPrestige 2302 Support Notes 4. Configure the Prestige for SNMPAll contents copyright c 2005 ZyXEL Communications Corporation entered, the Prestige will not send traps to any NMS manager Get Community Set Community Trusted Host Trap CommunityTrap Destination NMS managersPrestige 2302 Support Notes Using syslog4. Prestige Setup UNIX Setupline = the WAN ID in a board channel = channel ID within the WAN Packet triggered logFilter log Prestige 2302 Support NotesPrestige 2302 Support Notes PPP LogPrestige 2302 Support Notes Using IP AliasWhat is IP Alias ? ras ip ro st IP Alias SetupPrestige 2302 Support Notes 2004 ZyXEL Communications CorpEnter here to CONFIRM or ESC to CANCEL DHCP Setup TCP/IP Setup Edit IP AliasIP Alias IP Alias Menu 3.2.1 - IP Alias Setup IP Alias 1= Yes IP Address=Prestige 2302 Support Notes System Date and Time Settings on the PrestigePrestige 2302 Support Notes Using IP MulticastSelect IGMP-v1 for IGMP version 1 or IGMP-v2 for IGMP version MulticastPrestige 2302 Support Notes How to set up the backup gateway? Using Prestige traffic redirectTraffic Redirect on the WAN What is Traffic Redirect ?Prestige 2302 Support Notes Traffic Redirect on the LANTraffic Redirect Setup Gateway BackupTimeout ActivePrestige 2302 Support Notes Using Universal Plug n Play UPnP1. What is UPnP UPnP Operations Prestige 2302 Support NotesControl Point PC1 2. Using UPnP in ZyXEL devicesDevice Prestige Service NAT function provided on the Prestige Prestige 2302 Support NotesPrestige 2302 Support Notes Select Enable UPnP service to activate UpnP on the devicePrestige 2302 Support Notes All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2302 Support Notes All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2302 Support Notes All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2302 Support Notes Trunk Setup in P-2302HWL/HWUDL-P1Follow the 3 steps below to set up trunks on P-2302HWL/HWUDL-P1 All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2302 Support Notes o Step 2 Access the web configurator and click VoIP Advance SettingTwo examples are described next Example All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2302 Support Notes So how do you make a phone call over the PSTN and SIP networks?Prestige 2302 Support Notes SIP Account SetupVoIP Application Notes Prestige 2302 Support Notes Prestige 2302 Support Notes The following table describes the screen labelsSIP Account ServiceLabel DescriptionReset AuthenticationPassword SettingsPhone Use this field to select the phone port that you want to configureStep 3. In the navigation panel, click VoIP Phone Analog Phone The table below describes the related fieldsListening VolumeSpeed dial Phone book setup SpeakingPrestige 2302 Support Notes Each fields detail description of the page is listed belowType EntrySpeed Dial NameClear ZyNOS FAQWhat is ZyNOS? How to access the embedded web configurator?Prestige 2302 Support Notes How do I upload the firmware via the web configurator?Prestige 2302 Support Notes Why cant I telnet into Prestige from the WAN?What should I do if I forget the system password? Prestige 2302 Support Notes What is SUA? When should I use SUA?What is the difference between NAT and SUA? How many network users does SUA/NAT support?What are Device and Protocol filters? Product FAQWhy cant I configure device or protocol filters? What is the Prestige Internet Access Sharing Router?How can I configure the Prestige? What is PPPoE?How do I know I am using PPPoE? Why does my provider use PPPoE?How does e-mail work through the Prestige? What network interface does the Prestige support?What can I do with the Prestige? Does the Prestige support dynamic IP addressing?Prestige 2302 Support Notes What is the difference between the Standard and RoadRunner service?What DHCP capability does the Prestige support? How fast is the DSL connection? What network interface does the new Prestige series support?Does the Prestige support TFTP? Does the Prestige support TFTP over WAN?Prestige 2302 Support Notes 1. If your ISP checks the MAC addressa. Assigned By Select IP address attached on LAN 2. If your ISP checks the host name3. If your ISP checks the User ID Prestige 2302 Support NotesPrestige 2302 Support Notes c. My Login Name Enter the login user name given to you by your ISPWhat DDNS servers does the Prestige support? What is BOOTP/DHCP?What is DDNS? When do I need the DDNS service?How do I set up my Prestige to route IPsec packets over SUA? VoIP FAQWhat is DDNS wildcard? Can VPN tunnels still work on a Prestige using SUA?How does Voice over IP work? Why use VoIP?What is the relationship between codec and VoIP? What is the difference between H.323 and SIP?How are voice quality normally rated? What is voice quality?What is codec? Can H.323 and SIP interoperate with each other?I can register to the SIP server but cannot establish a call Which codec should I choose?What do I need in order to use SIP? I am unable to register to a SIP serverPrestige 2302 Support Notes What should I do if there may be a hardware problem with my Prestige?Prestige 2302 Support Notes Trouble ShootingUnable to Get WAN IP from ISP 1. If your ISP checks the MAC addressAssigned By= 2. If your ISP checks the Host NameField settings Prestige 2302 Support NotesSystem Name Enter the same name as the compute name on the computer 3. If your ISP checks the User IDField Setting Prestige 2302 Support NotesEmbedded Packet Trace Using Embedded Packet TracePrestige 2302 Support Notes 2. Offline Trace--capture the trace first and display later 1.1 Disable WAN packet trace sys trcp channel enet1 none1.2 Enable LAN packet trace sys trcp channel enet0 bothway 1. Online Trace--display the trace real time on screenDestination MAC Addr 103 All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2302 Support Notes Prestige sys trcd parsePrestige 2302 Support Notes 104 All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2302 Support Notes 105 All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2302 Support Notes 1.1 Disable LAN packet trace sys trcp channel enet0 none1.2 Enable WAN packet trace sys trcp channel enet1 bothway 106 All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2302 Support Notes 107 All contents copyright c 2005 ZyXEL Communications Corporation+Y.x 108 All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2302 Support Notes Prestige 2302 Support Notes 109 All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2302 Support Notes Offline Trace110 All contents copyright c 2005 ZyXEL Communications Corporation Prestige 2302 Support Notes 1.7 Display specific trace packets sys trcp parse fromindex toindex1.1 Disable WAN packet trace sys trcp channel enet1 none 1.2 Enable LAN packet trace sys trcp channel enet0 bothwayLAN Frame ENET0-XMIT 112 All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2302 Support Notes 1.7 Display specific trace packets sys trcp parse fromindex toindex 1.1 Disable LAN packet trace sys trcp channel enet0 none1.2 Enable WAN packet trace sys trcp channel enet1 bothway Prestige 2302 Support NotesLAN Frame ENET1-RECV 114 All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2302 Support Notes a.P&Mq= Prestige 2302 Support NotesPrestige 2302 Support Notes Debugging PPPoE ConnectionDebugging PPPoE Connection Prestige 2302 Support Notes Example- Trace Example on a crashed systemPrestige 2302 Support Notes 118 All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2302 Support Notes 119 All contents copyright c 2005 ZyXEL Communications CorporationOnline Trace LAN/WAN Packet Trace1. Online Trace--display real-time trace results on the screen Prestige 2302 Support NotesExample 121 All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2302 Support Notes Prestige 2302 Support Notes 122 All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2302 Support Notes 123 All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2302 Support Notes 124 All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2302 Support Notes 1.2 Enable WAN packet trace sys trcp channel mpoa00 bothway1.1 Disable LAN packet trace sys trcp channel enet0 none 125 All contents copyright c 2005 ZyXEL Communications CorporationPrestige 2302 Support Notes 126 All contents copyright c 2005 ZyXEL Communications Corporation1.2 Enable WAN packet trace sys trcp channel mpoa00 bothway 1.1 Disable WAN packet trace sys trcp channel mpoa00 none1.2 Enable LAN packet trace sys trcp channel enet0 bothway 1.1 Disable LAN packet trace sys trcp channel enet0 nonePrestige 2302 Support Notes CLI Command List128 All contents copyright c 2005 ZyXEL Communications Corporation