1 access control list (acl) – Asus SL1200 User Manual

Page 23

Advertising
background image

6

Chapter 2 - Getting to Know the Internet Security Router

ASUS SL1200

Dynamic NAT: It dynamically maps an internal host address to a

globally valid Internet address (m-ton). The map usually contains a

pool of internal IP addresses (m) and a pool of globally valid Internet

IP addresses (n) with m usually greater than n. Each internal IP

address is mapped to one external IP address on a first come first

serve basis.

Network Address and Port Translation (NAPT): It is also called IP

Masquerading. It maps many internal hosts to only one globally valid

Internet address. The map usually contains a pool of network ports

to be used for translation. Every packet is translated with the globally

valid Internet address. The port number is translated with a free pool

from the pool of network ports.

Reverse Static: It is inbound mapping that maps a globally valid

Internet address to an internal host address. All packets coming to

that external address are relayed to the internal address. This is

useful when hosting services in an internal machine.

Reverse NAPT: It is also called inbound mapping, port mapping,

and virtual server. Any packet coming to the router can be relayed to

the internal host based on the protocol, port number or IP Address

specified in the rule. This is useful when multiple services are hosted

on different internal machines.

For a complete listing of all NAT ALGs supported, refer to

Chapter 12: ALG Configuration.

2.4.1.1 Access Control List (ACL)

A firewall monitors each individual packet, decodes the header information

of inbound and outbound traffic. It then either blocks the packet from

passing or allows it to pass based on the contents of the source address,

destination address, source port, destination port, protocol and other

criterion such as application filter, and time ranges as defined in the

Access Control List (ACL) rules.
ACL is a very appropriate measure for providing isolation of one subnet

from another. It can be used as the first line of defense in the network to

block inbound packets of specific types from ever reaching the protected

network.
The router's firewall’s ACL methodology supports:

• Filtering based on destination and source IP address, port number

and protocol

Advertising
Popular Brands
Popular manuals