DMZ Firewall Solution for the Express Router
07-12-99 Version 1.0 15
Filter Function Settings
Dest. address: 10.2.0.2
Dest. port > 1023
Src. address type: All
Src. port: > 1023
9 Allows DNS reply to the HTTP/FTP
proxy server on the DMZ.
Two filters are required.
Action: Pass
Protocol: TCP
TCP flags: ACK
Dest. address type: Host
Dest. address: 10.2.0.2
Dest. port > 1023
Src. address type: Host
Src. address: 194.25.6.4
Src. port: = 53
10 Action: Pass
Protocol: UDP
Dest. address type: Host
Dest. address: 10.2.0.2
Dest. port > 1023
Src. address type: Host
Src. address: 194.25.6.4
Src. port: = 53
11 Allows DNS reply to the SMTP server
on the DMZ.
Two filters are required.
Action: Pass
Protocol: TCP
TCP flags: ACK
Dest. address type: Host
Dest. address: 10.2.0.3
Dest. port > 1023
Src. address type: Host
Src. address: 194.25.6.4
Src. port: = 53
12 Action: Pass
Protocol: UDP
Dest. address type: Host
Dest. address: 10.2.0.3
Dest. port > 1023
Src. address type: Host
Src. address: 194.25.6.4
Src. port: = 53
13 Allows incoming mail (SMTP) from
any host on the Internet to the DMZ.
Action: Pass
Protocol: TCP
TCP flags: All
Dest. address type: Host
Dest. address: 10.2.0.3
Dest. port = 25
Src. address type: All
Src. port: > 1023
14 Allows outgoing mail (SMTP) to any
host on the Internet from the DMZ.
Action: Pass
Protocol: TCP
TCP flags: ACK