ZyXEL Communications 650HW User Manual
Prestige 650HW ADSL Router User’s Guide
8-16
Filter Configuration
8.4 Filter Types and NAT
There are two classes of filter rules, Generic Filter Device rules and Protocol Filter (TCP/IP) rules.
Generic Filter rules act on the raw data from/to LAN and WAN. Protocol Filter rules act on IP packets.
Generic Filter rules act on the raw data from/to LAN and WAN. Protocol Filter rules act on IP packets.
When NAT (Network Address Translation) is enabled, the inside IP address and port number are replaced
on a connection-by-connection basis, which makes it impossible to know the exact address and port on the
wire. Therefore, the Prestige applies the protocol filters to the “native” IP address and port number before
NAT for outgoing packets and after NAT for incoming packets. On the other hand, the generic (or device)
filters are applied to the raw packets that appear on the wire. They are applied at the point where the
Prestige is receiving and sending the packets; for instance, the interface. The interface can be an Ethernet,
or any other hardware port. The following figure illustrates this.
on a connection-by-connection basis, which makes it impossible to know the exact address and port on the
wire. Therefore, the Prestige applies the protocol filters to the “native” IP address and port number before
NAT for outgoing packets and after NAT for incoming packets. On the other hand, the generic (or device)
filters are applied to the raw packets that appear on the wire. They are applied at the point where the
Prestige is receiving and sending the packets; for instance, the interface. The interface can be an Ethernet,
or any other hardware port. The following figure illustrates this.
Figure 8-13 Protocol and Device Filter Sets
8.5 Example
Filter
Let’s look at an example to block outside users from telnetting into the Prestige. See the included disk for
example filters.
example filters.