Intel 9525 Saw User Manual


 
DMZ Firewall Solution for the Express Router
07-12-99 Version 1.0 25
Filter Function Settings
Src. port: > 1023
2 Allows FTP (both active and passive)
from the Internet to the HTTP/FTP
server on the DMZ.
Three filters are required.
Action: Pass
Protocol: TCP
TCP flags: All
Dest. address type: Host
Dest. address: 193.84.251.1
dest port: = 21
Src. address type: All
Src. port: > 1023
3 Action: Pass
Protocol: TCP
TCP flags: ACK
Dest. address type: Host
Dest. address: 193.84.251.1
dest port: = 20
Src. address type: All
Src. port: > 1023
4 Action: Pass
Protocol: TCP
TCP flags: All
Dest. address type: Host
Dest. address: 193.84.251.1
dest port: >1023
Src. address type: All
Src. port: >1023
5 Allows external ping to HTTP/FTP
server on the DMZ.
Action: Pass
Protocol: ICMP
Dest. address type: Host
Dest. address: 193.84.251.1
Src. address type: All
6 Allows external HTTP from HTTP/FTP
proxy on the DMZ.
Action: Pass
Protocol: TCP
TCP flags: ACK
Dest. address type: Host
Dest. address: 193.84.251.2
Dest. port > 1023
Src. address type: All
Src. port: = 80
7 Allows external FTP from HTTP/FTP
proxy server on the DMZ (see note 1).
Two filters are required.
Action: Pass
Protocol: TCP
TCP flags: ACK
Dest. address type: Host
Dest. address: 193.84.251.2
Dest. port > 1023
Src. address type: All
Src. port: > 1023
8 Action: Pass
Protocol: TCP
TCP flags: ACK