Four Pla Ce Hol Ders Are Pro Vi Ded To Achie Ve An Ab Strac Ti On When De Fi Ning The Filters; You Can Con Fi Gu Re The Fol Lo Wing Pa Ra Me Ters - elmeg T444 User Manual

Dis car ding of the pa cket is ge ne ral ly a safe pro ce du re, as only tho se pa ckets for which an ex pli cit rule (i.e. de li be ra te ly
con fi gu red) exists are aut ho ri zed in such a con fi gu ra ti on.
When de fi ning the fil ters it is ess en ti al to take into ac count that ba si cal ly all pa ckets are per mit ted at all LAN ports
(LAN1, LAN2, USB port). You the re fo re do not need to de fi ne fil ter ru les for pas sing IP pa ckets from the LAN to the
PABX sys tem / rou ter, nor for their »Re turn«.

Four pla ce hol ders are pro vi ded to achie ve an ab strac ti on when de fi ning the filters:

LAN_ADDR
LAN_NET
WAN_ADDR
WAN_NET

You can con fi gu re the fol lo wing pa ra me ters:

Name of the fil ter
Ac ti on
TCP Flag
Pro to cols
In ter fa ce
Con nec ti on
Sour ce ad dress de fi ni ti on
Re pre sents the LAN ad dress for the rou ter, ba sed on the de fault con fi gu ra ti on, i. e.
192.168.1.250 with the net work mask 255.255.255.0 (192.168.1.250 / 24).
This pla ce hol der re pre sents all of the LAN ad dres ses, ba sed on the de fault con fi gu ra ti -
on, i.e. 192.168.1.0 with net work mask 255.255.255.0 (192.168.1.0 / 24).
This pla ce hol der re pre sents the WAN ad dress for the rou ter that is as sig ned dy na mi -
cal ly by the ISP when PPoE or PPP is used. Dy na mic al lo ca ti on al lows an IP ad dress to
be as sig ned from the in ven to ry of your ISP for the WAN port each time a con nec ti on is
set up to the In ter net. The WAN ad dress can not be en te red as an ab so lu te va lue for fil -
ter con fi gu ra ti on when you are de fi ning the con fi gu ra ti on. PPPoE is re qui red for
T-DSL for ex am ple; PPP is used for In ter net con nec tions with ISDN dial-in. If you
have been as sig ned a set pub lic IP ad dress by your pro vi der for your Internet access,
this address will be used for WAN_ADDR.
The fi re wall is adap ted au to ma ti cal ly in ac cor dan ce with the de fi ned ru les af ter the IP
ad dress is as sig ned to the WAN port (or ISDN channel).
Re pre sents all WAN ad dres ses lo ca ted in the same IP sub net work as the WAN port.
This pa ra me ter is cur rent ly not used and will not be sig ni fi cant for fu tu re soft wa re
updates.
Each fil ter must be as sig ned a uni que name. Se lect a name for the fil ter that uni que ly
des cri bes the functi on for that fil ter - this will make it ea sier for you la ter if you wish to
chan ge any filters.
The fol lo wing op tions can be se lec ted: al low, deny, dis card and port map. When »al -
low« is se lec ted, all pa ckets which cor re spond to the pa ra me ters of the as so cia ted fil ter
can pass through. When »deny« is se lec ted, the cor re spon ding IP pa ckets are re jec ted
and the sen der of the pa cket is in form ed. »dis card« re sults in pa ckets being dis car ded
(re fu sed) wit hout the sen der being in form ed. The op ti on »port map« per mits spe ci fic
for war ding of pa ckets with TCP and UDP protocols to the IP address of a PC in the
LAN.
If a TCP con nec ti on is to be set up (for ex am ple for downloa ding fi les), cer tain bit sam -
ples are set in the pa ckets in vol ved with this - the TCP flags. The op ti on »con nec ti on in
pro gress« stands for the SYN flag; the op ti on »con nec ti on estab lis hed« for the
»Established flag«
UDP, TCP, ICMP and »all pro to cols« can be se lec ted as pro to cols. The se lec ti on of the
pro to col can af fect furt her op tions, as, for ex am ple, the re are no TCP flags avai la ble for
UDP, or no port for ISM, whi le the re are cer tain ty pes of pro to cols available however.
Here you can de fi ne the in ter fa ces for the cor re spon dend fil ter. At pre sent, the set ting
»WAN« is use ful for most ca ses, as all pa ckets are al lo wed at in ter nal in ter fa ces with
this setting.
Use this field to de fi ne the di rec ti on of the IP pa cket for which the con fi gu red fil ter is
va lid. Pos si ble pa ra me ters: in, out and in/out (bi-di rec tio nal).
Con fi gu re fi re wall fil ters
23