4 configuring a filter rule, 1 filter types and sua – ZyXEL Communications P-1100 User Manual

Prestige 1100 Internet Access Router

8-6

Filter Configuration

Table 8-3 Abbreviations Used If Filter Type Is IPX

Abbreviation

Description

PT

IPX Packet Type

SS

Source Socket

DS

Destination Socket

l If the filter type is Dev (device), the following abbreviations listed in the following table will be used.

Table 8-4 Abbreviations Used If Filter Type Is Dev

Abbreviation

Description

Off

Offset

Len

Length

Refer to the next section for information on configuring the filter rules.

8.4 Configuring a Filter Rule

To configure a filter rule, enter its number in Menu 21.1 - Filter Rules Summary and press [ENTER] to
open Menu 21.1.1 for the rule.

8.4.1 Filter Types and SUA

There are two types of filter rules, Device Filter rules and Protocol Filter (TCP/IP and IPX) rules. Device
Filter rules act on the raw data from/to LAN and WAN. Protocol Filter rules act on the IP and IPX packets.
Device and TCP/IP filter rules are discussed in more detail in the next section.

When NAT/SUA (Network Address Translation/Single User Account) is enabled, the inside IP address and
port number are replaced on a connection-by-connection basis, which makes it impossible to know the
exact address and port on the wire. Therefore, the Prestige applies the protocol filters to the “native” IP
address and port number before NAT/SUA for outgoing packets and after NAT/SUA for incoming packets.
On the other hand, the device filters are applied to the raw packets that appear on the wire. They are applied
at the point where the Prestige is receiving and sending the packets; i.e. the interface. The interface can be
an Ethernet, or any other hardware port. The following diagram illustrates this.