Table of Contents
Advertisement
2.5 SpeedTouch
Introduction
Default Firewall
configuration vs LAN
Restricting all
TM
SpeedTouch
610
access for the local
network
Application Note Ed. 01
TM
In sections
"2.2 Remote SpeedTouchTM610 Web Interface Access" on page
"2.3 Remote SpeedTouchTM610 Telnet Access" on page 9
SpeedTouchTM610 FTP Access" on page 10
TM
ment of the SpeedTouch
described.
Generally the method existed of changing or adding firewall rules to which the packets
arriving at or leaving from the SpeedTouch
Regarding the local network no restrictions exist at all by default.
However, in many cases where the SpeedTouch
to restrict access to the device from the local network to avoid potential mis-configura-
tion and/or interference with remote management tasks.
TM
The SpeedTouch
610 firewall provides various means to restrict access from the LAN.
No restriction apply at all for packets arriving at the SpeedTouch
local network due to following two primary rules in the sink chain:
chain=sink index=0 srcintf="eth0" srcbridgeport=!1 action=drop
chain=sink index=1 srcintfgrp=!wan action=accept
Equally, no restrictions apply for packets leaving the SpeedTouch
local network due to following primary rule in the source chain:
chain=source index=0 srcintfgrp=!wan action=accept
Forbidding all contact between the SpeedTouch
be simply done by deleting these three rules.
Do not perform this operation via a Telnet session, or via the
Note
TM
SpeedTouch
effect: all direct IP conectivity will be lost. Therefore, make sure to perform
this operation only from CLI access via the serial Console port.
Doing so will not affect the forwarding and routing functionality of the
TM
SpeedTouch
610, but local hosts will no longer be able to ping, ftp and telnet the
TM
SpeedTouch
610 or browse its web pages.
However, before the local users will experience the same behaviour of the services
delivered by the SpeedTouch
available for the "outside" again:
For the good operation of the SpeedTouch
network, following rule must be added to the source chain:
chain=source index=1 prot=tcp srcport=dns action=accept
This rule makes sure that name resolvings by the SpeedTouch
to the requesting (local) host.
2 SpeedTouch
610 Controlled Access
the methods for allowing remote manage-
610 by a remote host or network on the WAN are
TM
610 from/to the WAN are checked against
TM
610 is remotely managed it is useful
TM
610 IP host and the local network can
610 web pages, as deleting the rules will have immediate
TM
610 two internal SpeedTouch
TM
610 DNS server towards the local
TM
610 Remote Access
8,
and
"2.4 Remote
TM
610 IP host from the
TM
610 IP host to the
TM
610 should be made
TM
610 can be propagated
11
Advertisement
Table of Contents
