Netopia R5300 Network Router User Manual


 
Security 13-21
A more complicated filter set would be required to provide WAN access to a LAN-based server. See the next
section, “Possible modifications,” for ways to allow remote hosts to use services provided by servers on the
LAN.
PP
PP
oo
oo
ss
ss
ss
ss
ii
ii
bb
bb
ll
ll
ee
ee
mm
mm
oo
oo
dd
dd
ii
ii
ff
ff
ii
ii
cc
cc
aa
aa
tt
tt
ii
ii
oo
oo
nn
nn
ss
ss
You can modify the sample filter set Basic Firewall to allow incoming traffic using the examples below. These
modifications are not intended to be combined. Each modification is to be the only one used with Basic Firewall.
The results of combining filter set modifications can be difficult to predict. It is recommended that you take
special care if you are making more than one modification to the sample filter set.
Trusted host. To allow unlimited access by a trusted remote host with the IP address a.b.c.d (corresponding to
a numbered IP address such as 163.176.8.243), insert the following input filter ahead of the current input
filter 1:
Enabled: Yes
Forward: Yes
Source IP Address: a.b.c.d
Source IP Address Mask: 255.255.255.255
Dest. IP Address: 0.0.0.0
Dest. IP Address Mask: 0.0.0.0
Protocol Type: 0
Trusted subnet. To allow unlimited access by a trusted remote subnet with subnet address a.b.c.d
(corresponding to a numbered IP address such as 163.176.8.0) and subnet mask e.f.g.h (corresponding to a
numbered IP mask such as 255.255.255.0), insert the following input filter ahead of the current input filter 1:
Enabled: Yes
Forward: Yes
Source IP Address: a.b.c.d
Source IP Address Mask: e.f.g.h
Dest. IP Address: 0.0.0.0
Dest. IP Address Mask: 0.0.0.0
Protocol Type: 0