Netopia R5300 User Manual

Page 198

Advertising
background image

13-20 User’s Reference Guide

The five input filters and one output filter that make up Basic Firewall are shown in the table below.

Basic Firewall’s filters play the following roles.

Input filters 1 and 2: These block WAN-originated OpenWindows and X-Windows sessions. Ser vice origination
requests for these protocols use por ts 2000 and 6000, respectively. Since these are greater than 1023,
OpenWindows and X-Windows traffic would other wise be allowed by input filter 4. Input filters 1 and 2 must
precede input filter 4; other wise they would have no effect since filter 4 would have already for warded
OpenWindows and X-Windows traffic.

Input filter 3: This filter explicitly for wards all WAN-originated ICMP traffic to permit devices on the WAN to ping
devices on the LAN. Ping is an Internet ser vice that is useful for diagnostic purposes.

Input filters 4 and 5: These filters for ward all TCP and UDP traffic, respectively, when the destination por t is
greater than 1023. This type of traffic generally does not allow a remote host to connect to the LAN using one
of the potentially intrusive Internet ser vices, such as Telnet, FTP, and WWW.

Output filter 1: This filter for wards all outgoing traffic to make sure that no outgoing connections from the LAN
are blocked.

Basic Firewall is suitable for a LAN containing only client hosts that want to access ser vers on the WAN, but not
for a LAN containing ser vers providing ser vices to clients on the WAN. Basic Firewall’s general strategy is to
explicitly for ward WAN-originated TCP and UDP traffic to por ts greater than 1023. Por ts lower than 1024 are the
ser vice origination por ts for various Internet ser vices such as FTP, Telnet, and the World Wide Web (WWW).

Setting

Input filter

1

Input filter

2

Input filter

3

Input filter

4

Input filter

5

Output

filter 1

Enabled

Yes

Yes

Yes

Yes

Yes

Yes

For ward

No

No

Yes

Yes

Yes

Yes

Source IP address

0.0.0.0

0.0.0.0

0.0.0.0

0.0.0.0

0.0.0.0

0.0.0.0

Source IP address mask

0.0.0.0

0.0.0.0

0.0.0.0

0.0.0.0

0.0.0.0

0.0.0.0

Dest. IP address

0.0.0.0

0.0.0.0

0.0.0.0

0.0.0.0

0.0.0.0

0.0.0.0

Dest. IP address mask

0.0.0.0

0.0.0.0

0.0.0.0

0.0.0.0

0.0.0.0

0.0.0.0

Protocol type

TCP

TCP

ICMP

TCP

UDP

0

Source por t comparison

No
Compare

No
Compare

N/A

No
Compare

No
Compare

N/A

Source por t ID

0

0

N/A

0

0

N/A

Dest. por t comparison

Equal

Equal

N/A

Greater
Than

Greater
Than

N/A

Dest. por t ID

2000

6000

N/A

1023

1023

N/A

Advertising
This manual is related to the following products:

R5200, R5000, R5100

Popular Brands
Popular manuals