manualshive.com logo in svg

elmeg T444, Руководство пользователя, Страница: 28 / 36

Поделиться
Скачать
elmeg T444 Скачать руководство пользователя страница 28

Here you specify the source address for the IP packets for which this filter is valid.
Take into account any potential abstractions brought about by place holders.

Target address definition Here you specify the target address for the IP packets for which this filter is valid. Take

into account any potential abstractions brought about by place holders.

Warning message for port

protocol association

A warning appears if you attempt to enter an unknown name in the field for the TCP
port. If this is bothersome you can suppress this message by removing the correspon-
ding check in the box.

Example of configuration for enabling the firewall for Web surfing.

First, set the response by the last filter rule to »discard«.

The IP packets for two services must be routed through the firewall in order that pages from the World Wide Web can
be displayed: DNS for establishing names and the »html data flow«. When you enter a URL in the Web browser, the
browser uses a DNS enquiry for transforming the plain-text name (for example www. Telekom. de) into an IP ad-
dress (in the example here 217. 160. 73. 88). After that, the browser establishes at least one connection to this IP ad-
dress via TCP/IP. This yields the following filter configuration:

The UDP and TCP protocol must be enabled for DNS (protocol name: domain) for the destination port 53 of any DNS
server from any non-privileged port; same applies for the return route.

Access to any destination addresses for port 80 must be possible for http requests for the TCP protocol via the WAN
interface from non-privileged ports. The return patch for reply packets must be enabled appropriately: From any In-
ternet IP addresses (0. 0. 0. 0 / 0) from port 80 to non-privileged ports for the WAN address of the PABX system.

Configuration example for a portmapping entry into the firewall for the ssh-protocol

The ssh protocol (secure shell) is used among other things for web server administration, or to implement VPN tun-
nels. Data can be transferred encrypted using the ssh protocol (not significant for configuration of the firewall howe-
ver). Normally, port 22 of the TCP protocol is used. In the example shown here, the web server in your LAN has the
set, assigned IP address 192.168.1.42. Administration access should be provided for this web server in your LAN via
ssh from the Internet. Please note that you also require equivalent filters for Port 80 if the contents of the web server
are to be accessible from the Internet

You must generate three rules for the firewall based on this information with the default setting »Response by last fil-
ter rule à discard«:
ssh_MAP:

This filter routes incoming packets from any IP addresses and non-privileged ports to
the Internet-end IP address of the telephone system router unit to the computer with
the IP address 192.168.1.42; Port 22 is retained.

ssh_WAN_in:

This filter permits passing of incoming packets from any IP address and non-privile-
ged ports to the Internet-end IP address of the telephone system router unit.

ssh_WAN_out:

This filter permits outgoing packets from Port 22 to pass through the WAN interface
(i. e. the connection for the DSL modem or the ISDN dial-up connection to the Inter-
net) to any IP address and non-privileged ports.

Filter name

TCP-Flag Interfa-

ce

Action

Protocol

Connection

Source IP

Source port

Target IP

Target port

NetBios block

none

WAN

discard

UDP

out

0.0.0.0/0

137-139

0.0.0.0/0

any

ssh_portmap

none

WAN

portmap

TCP

in

0.0.0.0/0

22

192.168.1.42

22

ssh_WAN_in

none

WAN

allow

TCP

in

0.0.0.0/0

any

WAN_ADDR

22

ssh_WAN_out

none

WAN

allow

TCP

out

WAN_ADDR

22

0.0.0.0/0

any

Configure firewall filters

24

Содержание T444

Страница 1: ......

Страница 2: ...atanappropriatewastedisposalfacilityattheendof itsusefulservicelife Youwillfindadditionalinformationonanindividualreturningoftheoldappli ances under www funkwerk ec com 2009 Funkwerk Enterprise Commun...

Страница 3: ...DHCP Recommended configuration Default setting 9 Things to note for this configuration 9 AddressassignmentwithoutDHCP set mixedIPaddresses 11 Things to note for this configuration 12 LAN Client PC Con...

Страница 4: ...Realplayer Filter 28 Mediaplayer Filter 28 Filter update 28 2...

Страница 5: ...erouter AllLANclientsthatarelinkedareintegratedintothelocalnetworkviatheTCP IPproto col Further PCs can be linked to your network via RAS access Here the IP address is always assigned by the telephone...

Страница 6: ...in your list fall back When anInternetconnectionis terminated the first ISP in the list is usedwhen the next connectionattempt is initi ally carried out Note For more information about configuring ISP...

Страница 7: ...nwhichtherouterisintegra ted The router DHCP must be de activated in the configuration for this Default setting of the PABX Default IP addresses for the local area network In its basic setting you can...

Страница 8: ...within thesameIPnetwork APCwiththeIPaddress192 168 2 1islocatedinadifferentnetwork APCfromthePABXnet would not be able to locate this other PC if it is not within its own network In addition the same...

Страница 9: ...ox or cell phone without a B channel of the telephone system being allocated Normal call distribution OneBchannelisde activatedandthecallsignaledatthesubscriberenteredunder Callallocation forthe Exter...

Страница 10: ...tomaticallyinformyourDynamicDNS provider ofyourcurrentdynamicIPaddresseach timeaconnectionissetupwith theInternet TheinformationabouttheIPaddressistransferredafterset tingupanewInternetconnection aswe...

Страница 11: ...xternal access is provided with user name and password protection If the call is made from an external location only the phone number can also be monitored as an added protection feature Access can be...

Страница 12: ...inthePABXsystem YoucanthenmanuallysetupaconnectiontotheInternetviatheControlCenterandthe results for this connection are then displayed after a few seconds No actual Internet connection is established...

Страница 13: ...ettings for address assignment via DHCP If other means of Internet connection for example modem or an ISDN card have already been configured on the LAN client PC observe the information given in the s...

Страница 14: ...ControlPanelfromtheWindowsStartMenu UnderWindows2000 openthefolder NetworkandDial up Connections UnderWindowsXPopenthefolder Networkconnections Selectthe LANConnection forthePABXbypressingtherightmous...

Страница 15: ...omatically via DHCP Intheexamplegivenhere theIPaddressesfortheclients PCs canliewithinarangefromIP192 168 1 50to192 168 1 69 TheIPaddressesareassignedintheorderthattheclients PCs requestthem forexampl...

Страница 16: ...You must make the following minimum settings manually IPaddressfortheLANclient PC Netmask Subnetmask whichisalsoenteredinthePABXrouter IPaddressofthePABXsystemasthegateway interfacetoothernetworks fo...

Страница 17: ...h setaddressassignmentonthefollowing pages Confirm yoursettingsbyclickingOK Example Windows 2000 and Windows XP OpentheControlPanelfromtheWindowsStartMenu UnderWindows2000 openthefolder NetworkandDial...

Страница 18: ...8 1 91 Gateway 192 168 1 250 DNSserver 192 168 1 250 Subnetmask 255 255 255 0 PC2 FixedIP 192 168 1 93 Gateway 192 168 1 250 DNSserver 192 168 1 250 Subnetmask 255 255 255 0 PC3 IPviaDHCP 192 168 1 50...

Страница 19: ...DHCP server is off NumberofDHCPaddresses DHCP server is off PC1 FixedIP 192 168 1 81 Gateway 192 168 1 250 DNSserver 192 168 1 250 Subnetmask 255 255 255 0 PC3 FixedIP 192 168 1 83 Gateway 192 168 1 2...

Страница 20: ...ave beenconfiguredcorrectlyinyourPC seePagein section SettingsimInternetExplorer InternetoptionenofWindows Ifyouhavemadethesettingsasdescribedabove thetelephonesystemwill establishaconnectiontotheIn t...

Страница 21: ...ngefrom192 168 1 50 to 192 168 69 Whenthesevaluesaredisplayed thenetworkadapterandtheWindowsnetworksettingshave beenconfiguredcorrectly Should theprogram Winipcfg showothervalues clickthebuttons Enabl...

Страница 22: ...lueforthephysicaladdressisdifferent foreachnetworkadapter Thevaluesfortheleasedependon whenthePCisswitchedon If other data are shown this may be due to the following reasons Changeshavealreadybeenmade...

Страница 23: ...rent foreachnetworkadapter Thevaluesfortheleasedependon whenthePCisswitchedon If other data continues to be shown this may be due to the following reasons Changeshavealreadybeenmadetotheinitial settin...

Страница 24: ...ystem s Configurator Internet Explorer settings Windows Internet options ThefollowingdescriptionillustratesthesettingsforInternetconnectionsforthevariousoperatingsystems Proceed as described below for...

Страница 25: ...Configuring Internet access on a PC Checking the TCP IP Configuration 21...

Страница 26: ...s of data security and are an ideal compliment to one another but can not replace one another To configure self defined filters click the button New or change an existing entry in the filter list by d...

Страница 27: ...s located in the same IP subnetwork as the WAN port This parameter is currently not used and will not be significant for future software updates You can configure the following parameters Nameofthefil...

Страница 28: ...the WAN address of the PABX system Configuration example for a portmapping entry into the firewall for the ssh protocol Thesshprotocol secureshell isusedamongother thingsfor webserveradministration o...

Страница 29: ...ileges in exchange networks using port mapping by your telephone system router enter the name of the appli cation and the terms port and firewall in an Internet search engine configuration instruction...

Страница 30: ...that a large region of the firewall be enabled Outgoingconnectionsatports20and21andincomingonesfromtheseportstonon privilegedportsareenabled Passive FTP Filter This filter permits file transfer via FT...

Страница 31: ...incoming packets from that port to non privileged ports TELNET Filter ThisfilterpermitstheuseofthetelnetserviceprogrammeatcomputersintheInternetbyenablingpacketstoport23 for outgoing connections and i...

Страница 32: ...r Wizard operates using a descriptive file that you can easily update without necessarily having to update the software in your PABX your router or PC Check at regular intervals whether new descriptio...

Страница 33: ...beforethisbuttonisactivated Thebutton Help islocatedintheconfigurationbranch Network Filters Thetextthatisdisplayedwhenyouclickthisbuttonistakendirectlyfromthefile Filter_Info txt allowing the Help f...

Страница 34: ...S 6 Dynamic ISDN 4 Dynamic ISDN for outgoing calls 5 F Fallback 4 Filter Wizard 25 26 27 Firewall 6 I Internet Explorer settings 20 Internet options of Windows 20 Internet connections 1 IP address all...

Страница 35: ...31...

Страница 36: ...cations GmbH S dwestpark 94 D 90449 N rnberg For information on support and service offerings please visit our Website at www Funkwerk ec com where you will find a Service Support area Subject to modi...

Отзывы:

Нет отзывов