Nortel Networks WEB OS 212777 User Manual

Page 199

Advertising
background image

Web OS 10.0 Application Guide

Chapter 7: Filtering

n

199

212777-A, February 2002

2.

A filter that allows SMTP traffic from the Internet to pass through the switch only if the
destination is one of the Web servers, and the frame is an acknowledgment (ACK) of a
TCP session.

3.

A filter that allows trusted HTTP traffic from the Internet to pass through the switch to
the Web servers.

4.

A filter that allows HTTP responses from the Web servers to pass through the switch to
the Internet.

>> Filter 10# ../filt 15

(Select a filter for Internet SMTP ACKs)

>> Filter 15# sip any

(From any source IP address)

>> Filter 15# sport smtp

(From well-known source SMTP port)

>> Filter 15# proto tcp

(For TCP traffic)

>> Filter 15# dip 203.122.186.0

(To the Web servers’ IP address)

>> Filter 15# dmask 255.255.255.0

(To the entire subnet range)

>> Filter 15# dport any

(To any destination port)

>> Filter 15# action allow

(Allow matching traffic to pass)

>> Filter 15# ena

(Enable the filter)

>> Filter 15# adv/tcp

(Select the advanced TCP menu)

>> Filter 15 Advanced# ack ena

(Match acknowledgments only)

>> Filter 15 Advanced# /cfg/slb/filt 16

(Select a filter for incoming HTTP traffic)

>> Filter 16# sip any

(From any source IP address)

>> Filter 16# sport http

(From well-known source HTTP port)

>> Filter 16# proto tcp

(For TCP traffic)

>> Filter 16# dip 203.122.186.0

(To the Web servers’ IP address)

>> Filter 16# dmask 255.255.255.0

(To the entire subnet range)

>> Filter 15# dport http

(To well-known destination HTTP port)

>> Filter 16# action allow

(Allow matching traffic to pass)

>> Filter 16# ena

(Enable the filter)

>> Filter 16# ../filt 17

(Select a filter for outgoing HTTP traffic)

>> Filter 17# sip 203.122.186.0

(From the Web servers’ source IP address)

>> Filter 17# smask 255.255.255.0

(From the entire subnet range)

>> Filter 17# sport http

(From well-known source HTTP port)

>> Filter 17# proto tcp

(For TCP traffic)

>> Filter 17# dip any

(To any destination IP address)

>> Filter 17# dport http

(To well-known destination HTTP port)

>> Filter 17# action allow

(Allow matching traffic to pass)

>> Filter 17# ena

(Enable the filter)

Advertising
Popular Brands
Popular manuals