Table of Contents
Advertisement
Prestige 660RU-Tx Series User's Guide
Table 56 Menu 21.1.5.1 Generic Filter Rule (continued)
FIELD
Action Not
Matched
When you have completed this menu, press [ENTER] at the prompt "
or ESC to Cancel:
22.5 Filter Types and NAT
There are two classes of filter rules, Generic Filter Device rules and Protocol Filter (TCP/IP)
rules. Generic Filter rules act on the raw data from/to LAN and WAN. Protocol Filter rules act
on IP packets.
When NAT (Network Address Translation) is enabled, the inside IP address and port number
are replaced on a connection-by-connection basis, which makes it impossible to know the
exact address and port on the wire. Therefore, the Prestige applies the protocol filters to the
"native" IP address and port number before NAT for outgoing packets and after NAT for
incoming packets. On the other hand, the generic (or device) filters are applied to the raw
packets that appear on the wire. They are applied at the point where the Prestige is receiving
and sending the packets; for instance, the interface. The interface can be an Ethernet, or any
other hardware port. The following figure illustrates this.
Figure 124 Protocol and Device Filter Sets
22.6 Example Filter
Let's look at an example to block outside users from telnetting into the Prestige.
187
DESCRIPTION
Select the action for a packet not matching the rule. Choices are Check Next Rule,
Forward or Drop.
" to save your configuration, or press [ESC] at any time to cancel.
Press ENTER to Confirm
Chapter 22 Filter Configuration
Advertisement
Table of Contents
Troubleshooting
