Avocent Access Router Cyclades-PR2000 User Manual

100

Chapter 12 - Filters and Rules

Cyclades-PR2000

Steps necessary to activate filtering on the exterior router in the example:

1 There are two interfaces with two directions each. Filtering on link 1 requires the creation of two rule lists,

called

exterior_in

and

exterior_out

. Create them using the menu CONFIG =>RULES LIST =>IP

=>ADD RULE LIST and the following parameters:

Rule List Type = Filter
Default Scope = Deny
Linked Rule List Name = None

2 Create the rules for each rule list in the order in which they should be evaluated. The order is important

and mis-ordering the rules can cause unexpected results. This is done in the menu CONFIG =>RULES
LIST =>IP =>CONFIGURE RULES. The parameters for rules 0 and 1 in the example are shown in Figure
12.4.

3 Link the rule lists to the respective interface parameters in the menu CONFIG =>INTERFACE

=>

<INTERFACE> =>NETWORK PROTOCOL =>INCOMING/ OUTGOING RULE LIST NAME. exterior_in

should be set as the incoming rule list name and exterior_out should be set as the outgoing rule list name.

Exterior_in, rule 0

, allows a remote computer to connect to the bastion host using the TCP protocol on

its SMTP port.

Exterior_out, rule 0

, allows the Bastion Server to RESPOND to the connection started

by the remote computer. To send e-mail

out, two more rules would be needed. If all the router needs to do is

receive e-mail, the configuration is done. If not, other “holes” must be created in the deny ball.