ZyXEL Communications P-202 User Manual
Page 65
P-202H Plus v2 Support Notes
Filter Examples
Filter example
A filter for blocking the FTP connections from WAN
•
Introduction
The P-202H Plus v2 supports the firmware and configuration files upload using
FTP connections via LAN and WAN. So, it is possible that anyone can make a
FTP connection over the Internet to your P-202H Plus v2. To prevent outside
users from connecting to your P-202H Plus v2 via FTP, you can configure a filter
to block FTP connections from WAN.
•
Before you begin
Before configuring a filter, you need to know the following information:
1. The inbound packet type (protocol & port number): In this case, it is
TCP(06) protocol with port 20 or 21.
2. The source IP address: In this case, we block all connections from
outside so the source IP is 0.0.0.0.
3. The destination IP address: It is the P-202H Plus v2's IP address, but it
is not available in SUA case since most WAN IP address is dynamically
assigned by the ISP. So, we can only enter 0.0.0.0 as the destination IP in
the filter rule. Once 0.0.0.0 is set as the destination IP, no FTP
connections are allowed to reach the P-202H Plus v2 nor the FTP server
on the LAN. For the LAN-to-LAN connection, you enter the P-202H Plus
v2's LAN IP as the destination IP in the filter rule. After the FTP filter is
applied to the remote node, it only blocks the FTP connection to the P-
202H Plus v2 but still permits the FTP connection to the local FTP server.
•
Configuration
o
Create a filter set in Menu 21, e.g., set 3
o
Create two filter rules in Menu 21.3.1 and Menu 21.3.2
Rule 1- block the inbound FTP packet, TCP (06) protocol
with port number 20
Rule 2- block the inbound FTP packet, TCP (06) protocol
with port number 21
o
Apply the filter set in remote node, Menu 11
•
Create a filter set in Menu 21
All contents copyright © 2006 ZyXEL Communications Corporation.
65