ELSA LANCOM Business LC-4X00, Руководство пользователя

Страница: 77 / 276

Operating modes and functions
ELSA LANCOM Business
67
The sequence of the entries is important here: They are processed from top to bottom.
The router sorts entries automatically: Firstly by network masks, in descending order.
Then by the IP addresses, in ascending order. This places the 'HEAD OFFICE' entry at the
very end of the list. If this entry were at the top of the list, the router would send all (!)
data packets not belonging to the local network to the network of the head office.
TCP/IP packet filters
You can use your entries in the routing table to determine quite precisely which data
should be transferred. Additionally, you can use the '0.0.0.0' entry in the 'Router' field to
reject whole groups of IP addresses.
Occasionally, you may wish to restrict a transmission even further. You can do this using
a characteristic of TCP/IP, which is to send port numbers for destination and source as
well as the source and destination IP addresses with a data packet. The destination port
in a data packet stands for the service to be addressed in the TCP/IP network. The
destination ports are fixed for the various services on the TCP/IP network (see also 'TCP/
IP-ports' in the reference manual). The source ports, on the other hand, may be selected
freely within certain ranges.
The router can check the source and destination ports of data packets using the TCP or
UDP protocols. It can then deduce the purpose of the data from these ports. For example,
FTP accesses or Telnet sessions can be identified. The appropriate filter table can be
used to determine that certain data is not to be transferred from the LAN to the remote
station. Data for particular ports can also be blocked from entering the LAN from the
WAN in the same way. The filter tables can use the filter type along with the definition
of the port ranges and associated protocols to determine whether the data in question
192.168.120.0 255.255.255.0 Router01 2 All data packets with destination
IP addresses 192.168.120.x are
transmitted to ROUTER01.
192.168.125.0 255.255.255.0 Router02 3 All data packets with destination
IP addresses 192.168.125.x are
transmitted to ROUTER02.
192.168.130.0 255.255.255.0 192.168.140.123 0 All data packets with destination
IP addresses 192.168.130.x are
transmitted to the router with the
IP address 192.168.140.123.
10.0.0.0 255.0.0.0 0.0.0.0 0 Excludes transmission of all data
packets to networks using private
address spaces.
255.255.255.255 0.0.0.0 HEAD OFFICE 2 All data packets which cannot be
allocated to the entries listed
above are transmitted to the HEAD
OFFICE remote station.
IP address Netmask Router Dist. This is what happens: