Справочник Пользователя для Netopia R310
Security 12-21
Basic Firewall is suitable for a LAN containing only client hosts that wish to access ser vers on the WAN, not for
a LAN containing ser vers providing ser vices to clients on the WAN. Basic Firewall’s general strategy is to
explicitly pass WAN-originated TCP and UDP traffic to por ts greater than 1023. Por ts lower than 1024 are the
ser vice origination por ts for various Internet ser vices such as FTP, Telnet, and the World Wide Web (WWW).
a LAN containing ser vers providing ser vices to clients on the WAN. Basic Firewall’s general strategy is to
explicitly pass WAN-originated TCP and UDP traffic to por ts greater than 1023. Por ts lower than 1024 are the
ser vice origination por ts for various Internet ser vices such as FTP, Telnet, and the World Wide Web (WWW).
A more complicated filter set would be required to provide WAN access to a LAN-based ser ver. See
below, for ways to allow remote hosts to use ser vices provided by ser vers on the LAN.
Possible modifications
You can modify the sample filter set Basic Firewall to allow incoming traffic using the examples below. These
modifications are not intended to be combined. Each modification is to be the only one used with Basic Firewall.
modifications are not intended to be combined. Each modification is to be the only one used with Basic Firewall.
The results of combining filter set modifications can be difficult to predict. It is recommended that you take
special care if making more than one modification to the sample filter set.
special care if making more than one modification to the sample filter set.
Trusted host. To allow unlimited access by a trusted remote host with the IP address a.b.c.d (corresponding to
a numbered IP address such as 163.176.8.243), inser t the following input filter ahead of the current input filter
1:
a numbered IP address such as 163.176.8.243), inser t the following input filter ahead of the current input filter
1:
■
Enabled: Yes
■
For ward: Yes
■
Source IP Address: a.b.c.d
■
Source IP Address Mask: 255.255.255.255
■
Dest. IP Address: 0.0.0.0
■
Dest. IP Address Mask: 0.0.0.0
■
Protocol Type: 0
Trusted subnet. To allow unlimited access by a trusted remote subnet with subnet address a.b.c.d
(corresponding to a numbered IP address such as 163.176.8.0) and subnet mask e.f.g.h (corresponding to a
numbered IP mask such as 255.255.255.0), inser t the following input filter ahead of the current input filter 1:
(corresponding to a numbered IP address such as 163.176.8.0) and subnet mask e.f.g.h (corresponding to a
numbered IP mask such as 255.255.255.0), inser t the following input filter ahead of the current input filter 1:
■
Enabled: Yes
■
For ward: Yes
■
Source IP Address: a.b.c.d
■
Source IP Address Mask: e.f.g.h
■
Dest. IP Address: 0.0.0.0
■
Dest. IP Address Mask: 0.0.0.0
■
Protocol Type: 0