Support User Manuals

Technicolor - Thomson 610v Network Router User Manual

Open as PDF

of 32

Application Note Ed. 01

2 SpeedTouch

TM

610 Remote Access

10

2.4 Remote SpeedTouch

TM

610 FTP Access

Appropriate firewall

rules

To allow remote access to the SpeedTouch

TM

610 File System via an FTP session from

the WAN to the SpeedTouch

TM

610, you must add two rules per chain: one rule for the

FTP control channel and one for the FTP data channel:

• To t he s ink c hain :

The first rule allows users from the WAN to contact the SpeedTouch

TM

610 FTP

server. The second rule allows data coming from the WAN to the

SpeedTouch

TM

610 file system.

The rules are both inserted after the first two rules (index=0 and index=1) as

none of the two rules apply to traffic coming from any WAN interface. However,

make sure (as in the example) to insert the rule before the last rule (which drops

all traffic not blocked by any preceding rule).

Note If you want to allow remote access to the SpeedTouch

TM

610 CLI via Telnet

in a Bridged Ethernet Packet Service scenario, you must add the rules with

index=0 respectively index=1 (i.e. becoming the first two rules) to avoid that

the traffic coming from the WAN Bridge port and destined for the

SpeedTouch

TM

610 FTP server, or file system is dropped.

• To the source chain:

The first rule allows control messages generated by the SpeedTouch

TM

610 FTP

server to pass through to the WAN. The second rule allows data coming from the

SpeedTouch

TM

610 file system and FTP server to pass through to the WAN. Both

rules are added after the first rule concerning all traffic towards the LAN as it has

no concern with it, but before the last rule (which drops all traffic not blocked by

any preceding rule).

The added rules will allow any user on the WAN to open an FTP session to the

SpeedTouch

TM

610 and accessing the file system after authentication.

Note The access rights which apply to the SpeedTouch

TM

610 file system are not

controlled by the firewall. I.e. you can not change the access rights to the file

system root directory, nor to the /dl and /active subdirectories.

For more information on the access rights that apply to the

SpeedTouch

TM

610 file system, see the application note SpeedTouch

TM

610

Operation and Maintenance.

[firewall rule]=>

create chain=sink index=2 prot=tcp dstport=ftp action=accept

[firewall rule]=>

create chain=sink index=3 prot=tcp dstport=ftp-data action=accept

[firewall rule]=>

create chain=source index=1 prot=tcp srcport=ftp-data action=accept

[firewall rule]=>

create chain=rule index=2 prot=tcp srcport=ftp-data action=accept

previous next