ZyXEL Communications 2304R-P1 User Manual
Prestige 2304 Support Notes
All contents copyright (c) 2005 ZyXEL Communications Corporation.
19
In order to allow users to specify the local network IP address and port number in the filter rules with SUA
connections, the TCP/IP filter function has to be executed before SUA for WAN outgoing packets and after the
SUA for WAN incoming IP packets. But at the same time, the Generic filter rules must be applied at the point
when the Prestige is receiving and sending the packets; i.e. the ISDN interface. So, the execution sequence has
to be changed. The logic flow of the filter is shown in Figure 1 and the sequence of the logic flow for the packet
from LAN to WAN is:
•
LAN device and protocol input filter sets.
•
WAN protocol call and output filter sets.
•
If SUA is enabled, SUA converts the source IP address from 192.168.1.33 to 203.205.115.6 and
port number from 1023 to 4034.
•
WAN device output and call filter sets.
The sequence of the logic flow for the packet from WAN to LAN is:
•
WAN device input filter sets.
•
If SUA is enabled, SUA converts the destination IP address from 203.205.115.6 to 92.168.1.33 and port
number from 4034 to 1023.
•
WAN protocol input filter sets.
•
LAN device and protocol output filter sets.
Generic
and
TCP/IP (and IPX)
filter rules are in different filter sets. The SMT will detect and prevent the
mixing of different category rules within any filter set in Menu 21. In the following example, you will receive
an error message
'Protocol and device filter rules cannot be active together'
if you try to activate a TCP/IP (or
IPX) filter rule in a filter set that has already had one or more active Generic filter rules. You will receive the