D-Link DFL-260E User Manual page 257
Network security firewall netdefendos version 2.27.03
Hide thumbs
Also See for DFL-260E:
- Reference manual (948 pages) ,
- Log reference manual (652 pages) ,
- User manual (589 pages)
Table of Contents
Advertisement
6.2.3. The FTP ALG
2.
Enter Name: ftp-outbound
3.
Uncheck Allow client to use active mode
4.
Check Allow server to use passive mode
5.
Click OK
B. Create the Service
1.
Go to Objects > Services > Add > TCP/UDP Service
2.
Now enter:
•
Name: ftp-outbound-service
•
Type: select TCP from the dropdown list
•
Destination: 21 (the port the ftp server resides on)
•
ALG: ftp-outbound
3.
Click OK
C. Create IP Rules
IP rules need to be created to allow the FTP traffic to pass and these are different depending on if private or
public IP addresses are being used.
i. Using Public IPs
If using public IPs, make sure there are no rules disallowing or allowing the same kind of ports/traffic before these
rules. The service used here is the ftp-outbound-service which should be using the predefined ALG definition
ftp-outbound which is described earlier.
1.
Go to Rules > IP Rules > Add > IPRule
2.
Now enter:
•
Name: Allow-ftp-outbound
•
Action: Allow
•
Service: ftp-outbound-service
3.
For Address Filter enter:
•
Source Interface: lan
•
Destination Interface: wan
•
Source Network: lannet
•
Destination Network: all-nets
4.
Click OK
ii. Using Public IPs
If the firewall is using private IPs with a single external public IP, the following NAT rule need to be added instead:
1.
Go to Rules > IP Rules > Add > IPRule
2.
Now enter:
•
Name: NAT-ftp-outbound
•
Action: NAT
•
Service: ftp-outbound-service
3.
For Address Filter enter:
•
Source Interface: lan
257
Chapter 6. Security Mechanisms
- Quick Links:
- The Web Interface
- The Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
