1. Home
    2. /
  2. Manuals
    3. /
  3. Motorola
    4. /
  4. Netopia-3000
    5. /
  5. 31
Page 151 / 351 Scroll up to view Page 146 - 150
151
Firewall Tutorial
Filter basics
In the source or destination IP address fields, the IP address that is entered must be the
network address of the subnet. A host address can be entered, but the applied subnet
mask must be 32 bits (255.255.255.255).
Netopia Firmware Version 7.6 has the ability to compare source and destination TCP or
UDP ports. These options are as follows:
Example network
Item
What it means
No Compare
Does not compare TCP or UDP port
Not Equal To
Matches any port other than what is defined
Less Than
Anything less than the port defined
Less Than or Equal
Any port less than or equal to the port defined
Equal
Matches only the port defined
Greater Than or Equal
Matches the port or any port greater
Greater Than
Matches anything greater than the port defined
Data
Internet
IP 200.1.1.??
Input P
ac
ket
Filter
Page 152 / 351
152
Example filters
Example 1
Incoming packet has the source address of 200.1.1.28
This incoming IP packet has a source IP address that matches the network address in the
Source IP Address field in Netopia Firmware Version 7.6. This will
not
forward this packet.
Example 2
Incoming packet has the source address of 200.1.1.184.
This incoming IP packet has a source IP address that does not match the network address
in the Source IP Address field in Netopia Firmware Version 7.6. This rule
will
forward this
packet because the packet does not match.
Example 3
Incoming packet has the source address of 200.1.1.184.
This rule does
not
match and this packet will be forwarded.
Filter Rule:
200.1.1.0
(Source IP Network Address)
255.255.255.128
(Source IP Mask)
Forward = No
(What happens on match)
Filter Rule:
200.1.1.0
(Source IP Network Address)
255.255.255.128
(Source IP Mask)
Forward = No
(What happens on match)
Filter Rule:
200.1.1.96
(Source IP Network Address)
255.255.255.240
(Source IP Mask)
Forward = No
(What happens on match)
Page 153 / 351
153
Firewall Tutorial
Example 4
Incoming packet has the source address of 200.1.1.104.
This rule
does
match and this packet will
not
be forwarded.
Example 5
Incoming packet has the source address of 200.1.1.96.
This rule
does
match and this packet will
not
be forwarded. This rule masks off a
single
IP
address.
Filter Rule:
200.1.1.96
(Source IP Network Address)
255.255.255.240
(Source IP Mask)
Forward = No
(What happens on match)
Filter Rule:
200.1.1.96
(Source IP Network Address)
255.255.255.255
(Source IP Mask)
Forward = No
(What happens on match)
Page 154 / 351
154
Link:
P
ac
ket Filter
When you click the
P
ac
ket Filter
link the
Filter Sets
screen appears.
Security should be a high priority for anyone administering a network connected to the
Internet. Using packet filters to control network communications can greatly improve your
network’s security. The Packet Filter engine allows creation of a maximum of eight Filter
Sets. Each Filter Set can consist of many rules. There can be a maximum of 32 filter rules
in the system.
WARNING:
Before attempting to configure filters and filter sets, please read and under-
stand this entire section thoroughly. Netopia Gateways incorporating NAT have
advanced security features built in. Improperly adding filters and filter sets
increases the possibility of loss of communication with the Gateway and the
Internet. Never attempt to configure filters unless you are local to the Gate-
way.
Although using filter sets can enhance network security, there are disadvan-
tages:
• Filters are complex. Combining them in filter sets introduces subtle interac-
tions, increasing the likelihood of implementation errors.
• Enabling a large number of filters can have a negative impact on perfor-
mance. Processing of packets will take longer if they have to go through many
checkpoints in addition to NAT.
• Too much reliance on packet filters can cause too little reliance on other
security methods. Filter sets are
not
a substitute for password protection,
effective safeguarding of passwords, and general awareness of how your net-
work may be vulnerable.
Netopia Firmware Version 7.6’s packet filters are designed to provide security for the Inter-
net connections made to and from your network. You can customize the Gateway’s filter
sets for a variety of packet filtering applications. Typically, you use filters to selectively
Page 155 / 351
155
Firewall Tutorial
admit or refuse TCP/IP connections from certain remote networks and specific hosts. You
will also use filters to screen particular types of connections. This is commonly called
fire-
walling
your network.
Before creating filter sets, you should read the next few sections to learn more about how
these powerful security tools work.
What’s a filter and what’s a filter set?
A filter is a rule that lets you specify what sort of data can flow in and out of your network.
A particular filter can be either an input filter—one that is used on data (packets) coming in
to your network from the Internet—or an output filter—one that is used on data (packets)
going out from your network to the Internet.
A filter set is a group of filters that work together to check incoming or outgoing data. A fil-
ter set can consist of a combination of input and output filters.
How filter sets work
A filter set acts like a team of customs inspectors. Each filter is an inspector through which
incoming and outgoing packages must pass. The inspectors work as a team, but each
inspects every package individually.
Each inspector has a specific task. One inspector’s task may be to examine the destina-
tion address of all outgoing packages. That inspector looks for a certain destination—
which could be as specific as a street address or as broad as an entire country—and
checks each package’s destination address to see if it matches that destination.
A filter inspects data packets like a customs inspector scrutinizing packages.
INSPECTOR
FROM:
TO:
FROM:
TO:
FROM:
TO:
APPROVED

Rate

4.7 / 5 based on 3 votes.

Popular Motorola Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top