Lucent Technologies 6000 User Manual

Defining Static Filters

Defining IP filters

MAX 6000/3000 Network Configuration Guide

15-17

Configure the second input filter, setting Type to IP and setting Forward to Yes. This allows

inbound TCP packets in response to a local user’s outbound Telnet request, by specifying that

TCP packets whose destination port number is greater than that of the source port are

forwarded. (Telnet requests go out on port 23, and responses come back on some random port

above port 1023.)

Input filters...

In filter=02

Type=IP

Valid=Yes

IP....

Forward=Yes

Protocol=6

Dst Port Comp=Gtr

Dst Port #=1023

Next, configure the third input filter, setting Type to IP Filter and setting Forward to Yes. This

allows inbound RIP updates, by specifying that inbound UDP packets are forwarded if the

destination port number is higher than that of the source port. (For example, suppose a RIP

packet goes out as a UDP packet to destination port 520. The response to this request goes to a

random destination port above port 1023.)

Input filters...

In filter=03

Type=IP

Valid=Yes

IP....

Forward=Yes

Protocol=17

Dst Port Comp=Gtr

Dst Port #=1023

Configure the fourth input filter, setting Type to IP filter and setting Forward to Yes. The fourth

filter uses all default values, which allows unrestricted Pings and Traceroutes. Unlike TCP and

UDP, ICMP does not use ports so a port comparison is unnecessary.

Input filters...

In filter=04

Type=IP

Valid=Yes

IP....

Forward=Yes

Following are comparable RADIUS filter definitions:

Ascend-Data Filter="ip in forward dstip 10.9.250.5/32 dstport=80 proto

6"

Ascend-Data Filter="ip in forward dstport > 1023 proto 6"

Ascend-Data Filter="ip in forward dstport > 1023 proto 6"

Ascend-Data Filter="ip in forward"