Table of Contents
Advertisement
Prestige 202 ISDN Router
Refer to the next section for information on configuring the filter rules.
9.3
Configuring a Filter Rule
To configure a filter rule, enter its number in Menu 21.1 – Filter Rules Summary and press
[Enter] to open Menu 21.1.1 for the rule.
There are two types of filter rules: TCP/IP and Generic. Depending on the type of rule, the
parameters below the type will be different. Use [space bar] to select the type of rule that you
wish to create in the Filter Type field and press [Enter] to open the respective menu.
9.3.1 Filter Types and NAT
The network layer filters are collectively called protocol filters. When NAT (Network Address
Translation) is enabled, the inside IP address and port number are replaced on a connection-by-
connection basis, which makes it impossible to know the exact address and port on the wire.
Therefore, the Prestige applies the protocol filters to the "native" IP address and port number
before NAT for outgoing packets and after NAT for incoming packets. On the other hand, the
generic, or device filters are applied to the raw packets that appear on the wire. They are applied at
the point when the Prestige is receiving and sending the packets; i.e., the interface. The interface
can be an Ethernet port or any other hardware port. The following diagram illustrates this.
Figure 9-6 Protocol and Device Filter Sets
To speed up filtering, all rules in a filter set must be of the same class, i.e., protocol filters or
generic filters. The class of a filter set is determined by the first rule that you create. When
applying the filter sets to a port, separate menu fields are provided for protocol and device filter
sets. If you include a protocol filter set in a device filters field or vice versa, the Prestige will warn
you and will not allow you to save.
9-7
Filter Configuration
Advertisement
Table of Contents
Troubleshooting
