Technicolor - Thomson 610 Manuel D’Utilisation

Application Note Ed. 01

2 SpeedTouch

TM

610 Remote Access

In case you use the SpeedTouch

TM

610 DHCP server for automatic IP configuration for 

the hosts on your local network, DHCP requests from local hosts will no longer be 
accepted to arrive at the SpeedTouch

TM

610 IP host (i.e. its DHCP server), and equally, 

DHCP replies will no longer be accepted to leave the SpeedTouch

TM

610 IP host 

towards the local LAN.
To solve this, you can add following firewall rules:

The first rule makes sure that DHCP requests are accepted to pass the 
SpeedTouch

TM

610 DHCP server’s BootP-Server UDP port; the second that DHCP 

replies in answer to the DHCP requests are accepted to pass the DHCP server’s 
BootP-Client UDP port.
Of course, in case your local network uses fixed IP adresses or another DHCP server 
than the SpeedTouch

TM

610’s, there is no need for these rules.

Syslog messages

When restricting access as described in 

 no communication between any host and the 

SpeedTouch

TM

610 IP host is possible.

However, to provide minimal management, syslog messages are allowed to pass the fire-
wall towards the LAN or WAN via following rule in the source chain:

Still, to allow a host’s syslog deamon to receive SpeedTouch

TM

610 syslog messages, a 

syslog rule for that host must be configured via the SpeedTouch

TM

610 web pages or the 

CLI.

Allowing restricted

access

Once you denied all access leaving from or ariving at the SpeedTouch

TM

610 IP host, you 

are able to allow service by service to the LAN by adding specific firewall rules for the 
sink and source chains.
The rules are very similar to the rules added for remote management except that now 
the “gate” must be opened for the LAN instead of the WAN.

chain=sink index=3 srcintfgrp=lan prot=udp dstport=bootps action=accept
chain=source index=3 dstintfgrp=lan prot=udp srcport=bootpc action=accept

chain=source index=4 prot=udp dstport=syslog action=accept