DMZ Firewall Solution for the Express Router
07-12-99 Version 1.0 19
Filters are defined as follows:
Filter Function Settings
— Prohibit internal users access to the
Internet
Default Action: Default
1 Allows access to the HTTP /FTP proxy
server on the DMZ.
Action: Pass
Protocol: All
Dest. address type: Host
Dest. address: 193.84.251.2
Src. address type: All
2 Allows access to the SMTP server on
the DMZ.
Action: Pass
Protocol: All
Dest. address type: Host
Dest. address: 193.84.251.3
Src. address type: all
3 Allows access to News (proxy) server
on the DMZ.
Action: Pass
Protocol: All
Dest. address type: Host
Dest. address: 193.84.251.4
Src. address type: All
4 Allows access to the router from the
private LAN.
Action: Pass
Protocol: All
Dest. port address: Host
Dest. address: <LAN1 IP address>
Scr. address type: All
4.4.1.2 Transmit (Tx) Filters on LAN1
Configure these transmit filters for the LAN1 port, shown as they appear in Advanced Setup.
Filters are defined as follows:
Filter Function Settings
— Prohibit users on the private network
from accessing the Internet
Default Action: Discard
1 Allows HTTP and FTP (read only using
HTTP) from secure LAN to HTTP/FTP
proxy server on the DMZ.
Action: Pass
Protocol: TCP
TCP flags: ACK
Dest. address type: All
Dest port: >1023
Src. address type: Host
Src. address: 193.84.251.2