Adding A Tcp/Udp Service - D-Link DFL-1660 User Manual
Network security firewall
Hide thumbs
Also See for DFL-1660:
- User manual (595 pages) ,
- Installation manual (45 pages) ,
- Reference manual (948 pages)
Table of Contents
Advertisement
3.2.2. TCP and UDP Based Services
Port Ranges
Multiple Ports and Port Ranges
Example 3.8. Adding a TCP/UDP Service
This example shows how to add a TCP/UDP Service, using destination port 3306, which is used by MySQL:
CLI
gw-world:/> add Service ServiceTCPUDP MySQL DestinationPorts=3306 Type=TCP
Web Interface
1.
Go to Objects > Services > Add > TCP/UDP service
2.
Specify a suitable name for the service, for example MySQL
3.
Now enter:
•
Type: TCP
•
Source: 0-65535
•
Destination: 3306
4.
Click OK
Apart from protocol and port information, TCP/UDP Service objects also contain several other
parameters that are being described in more detail in other sections of this users guide:
SYN Flood Protection
Passing ICMP Errors
Application Layer Gateways
Tip: Source port values
The above methods of specifying port numbers are used not just for destination ports.
Source port definitions can follow the same conventions, although it is usual that the
source ports are left as their default value which are the range 0-65535
(corresponding to all possible source ports).
Some services use a range of destination ports. As an
example, the NetBIOS protocol used by Microsoft Windows
uses destination ports 137 to 139. To define a range of ports
in a TCP/UDP service object, the format mmm-nnn is used. A
port range is inclusive, meaning that a range specified as
137-139 covers ports 137, 138 and 139.
Multiple ranges or individual ports may also be entered,
separated by commas. This provides the possibility to cover a
wide range of ports using only a single TCP/UDP Service
object. For instance, all Microsoft Windows networking can
be covered using a port definition specified as 135-139,445.
HTTP and Secure HTTP (HTTPS) can be covered by stating
destination ports 80,443.
A TCP based service can be configured to enable protection
against SYN Flood attacks. For more details on how this
feature works see Section 6.6.8, "TCP SYN Flood Attacks".
If an attempt to open a TCP connection is made by a user
application behind the NetDefend Firewall and the remote
server is not in operation, an ICMP error message is returned
as the response. These ICMP errors can either be ignored or
allowed to pass through, back to the requesting application.
A TCP/UDP Service can be linked to an Application Layer
80
Chapter 3. Fundamentals
Advertisement
Table of Contents
Troubleshooting
