5-24 Administrator’s Handbook
For PPTP negotiation to work, TCP packets inbound and outbound destined for por t 1723 must be allowed.
Likewise, for ATMP negotiation to work, UDP packets inbound and outbound destined for por t 5150 must be
allowed. Source por ts are dynamic, so, if possible, make this flexible, too. Additionally, PPTP and ATMP both
require a firewall to allow GRE bi-directionally.
The following sections illustrate a sample filtering setup to allow either PPTP or ATMP traffic to cross a firewall:
•
"PPTP example" on page 5-24
•
"ATMP example" on page 5-27
Make your own appropriate substitutions. For more information on filters and firewalls, see
Chapter 10,
“Security.”
.
PPTP example
To enable a firewall to allow PPTP traffic, you must provision the firewall to allow inbound and outbound TCP
packets specifically destined for por t 1723. The source por t may be dynamic, so often it is not useful to apply
a compare function upon this por tion of the control/negotiation packets. You must also set the firewall to allow
inbound and outbound GRE packets, enabling transpor t of the tunnel payload.
From the Main Menu navigate to Display/Change IP Filter Set, and from the pop-up menu select
Basic Firewall
.
Select
Display/Change Input Filter
.
Display/Change Input Filter screen
Select Input Filter 1 and press Return. In the Change Input Filter 1 screen, set the Destination Por t information
as shown below.
Main
Menu
System
Filter
Sets
Display/Change
Filter Set
Configuration
Basic
Firewall
+--#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D.Port--On?-Fwd--+
+---------------------------------------------------------------------------+
| 1 0.0.0.0 0.0.0.0 TCP NC =2000 Yes No |
| 2 0.0.0.0 0.0.0.0 TCP NC =6000 Yes No |
| |
+---------------------------------------------------------------------------+
Содержание Netopia Embedded Software
Страница 1: ...Administrator s Handbook Motorola Netopia Embedded Seftware Version 8 7 4 Enterprise Series Routers ...
Страница 10: ...x Administrator s Handbook ...
Страница 16: ...1 6 Administrator s Handbook ...
Страница 44: ...2 28 Administrator s Handbook ...
Страница 108: ...3 64 Administrator s Handbook ...
Страница 176: ...5 34 Administrator s Handbook ...
Страница 202: ...6 26 Administrator s Handbook ...
Страница 243: ...IP Setup 7 41 Additional LAN Configuration Name IP Address Additional LAN 1 1 1 1 1 Additional LAN 2 0 0 0 0 ...
Страница 244: ...7 42 Administrator s Handbook ...
Страница 340: ...Index 6 ...