elmeg T444, Руководство пользователя, Страница: 27 / 36

Discarding of the packet is generally a safe procedure, as only those packets for which an explicit rule (i.e. deliberately
configured) exists are authorized in such a configuration.
When defining the filters it is essential to take into account that basically all packets are permitted at all LAN ports
(LAN1, LAN2, USB port). You therefore do not need to define filter rules for passing IP packets from the LAN to the
PABX system / router, nor for their »Return«.
Four place holders are provided to achieve an abstraction when defining the filters:
LAN_ADDR Represents the LAN address for the router, based on the default configuration, i. e.
192.168.1.250 with the network mask 255.255.255.0 (192.168.1.250 / 24).
LAN_NET This place holder represents all of the LAN addresses, based on the default configurati-
on, i.e. 192.168.1.0 with network mask 255.255.255.0 (192.168.1.0 / 24).
WAN_ADDR This place holder represents the WAN address for the router that is assigned dynami-
cally by the ISP when PPoE or PPP is used. Dynamic allocation allows an IP address to
be assigned from the inventory of your ISP for the WAN port each time a connection is
set up to the Internet. The WAN address can not be entered as an absolute value for fil-
ter configuration when you are defining the configuration. PPPoE is required for
T-DSL for example; PPP is used for Internet connections with ISDN dial-in. If you
have been assigned a set public IP address by your provider for your Internet access,
this address will be used for WAN_ADDR.
The firewall is adapted automatically in accordance with the defined rules after the IP
address is assigned to the WAN port (or ISDN channel).
WAN_NET Represents all WAN addresses located in the same IP subnetwork as the WAN port.
This parameter is currently not used and will not be significant for future software
updates.
You can configure the following parameters:
Name of the filter Each filter must be assigned a unique name. Select a name for the filter that uniquely
describes the function for that filter - this will make it easier for you later if you wish to
change any filters.
Action The following options can be selected: allow, deny, discard and portmap. When »al-
low« is selected, all packets which correspond to the parameters of the associated filter
can pass through. When »deny« is selected, the corresponding IP packets are rejected
and the sender of the packet is informed. »discard« results in packets being discarded
(refused) without the sender being informed. The option »portmap« permits specific
forwarding of packets with TCP and UDP protocols to the IP address of a PC in the
LAN.
TCP Flag If a TCP connection is to be set up (for example for downloading files), certain bit sam-
ples are set in the packets involved with this - the TCP flags. The option »connection in
progress« stands for the SYN flag; the option »connection established« for the
»Established flag«
Protocols UDP, TCP, ICMP and »all protocols« can be selected as protocols. The selection of the
protocol can affect further options, as, for example, there are no TCP flags available for
UDP, or no port for ISM, while there are certain types of protocols available however.
Interface Here you can define the interfaces for the correspondend filter. At present, the setting
»WAN« is useful for most cases, as all packets are allowed at internal interfaces with
this setting.
Connection Use this field to define the direction of the IP packet for which the configured filter is
valid. Possible parameters: in, out and in/out (bi-directional).
Source address definition
Configure firewall filters
23