DMZ Firewall Solution for the Express Router
07-12-99 Version 1.0 20
Filter Function Settings
Src. port: = 80
2 Allows FTP (only passive connections)
from secure LAN to the FTP proxy
server on the DMZ (see note 1).
Two filters are required.
Action: Pass
Protocol: TCP
TCP flags: ACK
Dest. address type: All
Dest port: >1023
Src. address type: Host
Src. address: 193.84.251.2
Src. port: = 21
3
Action: Pass
Protocol: TCP
TCP flags: ACK
Dest. address type: All
Dest. port: > 1023
Src. address type: Host
Src. address: 193.84.251.2
Src. port: > 1023
4 Allows incoming mail (SMTP) from
DMZ to the secure LAN.
Action: Pass
Protocol: TCP
TCP flags: All
Dest. address type: Host
Dest. address: 10.1.0.1
Dest. port: 25
Src. address type: Host
Src. address: 193.84.251.3
Src. port: > 1023
5 Allows outgoing mail (SMTP) from
secure LAN to the DMZ.
Action: Pass
Protocol: TCP
TCP flags: ACK
Dest. address type: Host
Dest. address: 10.1.0.1
Dest. port: > 1023
Src. address type: Host
Src. address: 193.84.251.3
Src. port: 25
6 Allows incoming News (NNTP) from
the DMZ to the secure LAN (see note
2).
Action: Pass
Protocol: TCP
TCP flags: All
Dest. address type: Host
Dest. address: 10.1.0.2
Dest. port: 119
Src. address type: Host
Src. address: 193.84.251.4
Src. port: > 1023
7 Allows outgoing News (NNTP) to
DMZ from secure LAN.
Action: Pass
Protocol: TCP
TCP flags: ACK
Dest. address type: Host
Dest. address: 10.1.0.2