User`s guide
Table Of Contents
- Ascend Customer Service
- How to use this guide
- What you should know
- Documentation conventions
- How to use the on-board software
- Manual set
- Configuring WAN Connections
- Configuring IP Routing
- Introduction to IP routing on the Pipeline
- Managing the routing table
- Parameters that affect the routing table
- Static and dynamic routes
- Configuring static routes
- Specifying default routes on a per-user basis
- Enabling the Pipeline to use dynamic routing
- Route preferences
- Viewing the routing table
- Fields in the routing table
- Removing down routes to a host
- Identifying Temporary routes in the routing table
- Configuring IP routing connections
- Ascend Tunnel Management Protocol (ATMP)
- IP Address Management
- Connecting to a local IP network
- BOOTP Relay
- DHCP services
- Dial-in user DNS server assignments
- Local DNS host address table
- Network Address Translation (NAT) for a LAN
- Configuring IPX Routing
- How the Pipeline performs IPX routing
- Adding the Pipeline to the local IPX network
- Working with the RIP and SAP tables
- Configuring IPX routing connections
- Configuring the Pipeline as a Bridge
- Defining Filters and Firewalls
- Setting Up Pipeline Security
- Pipeline System Administration
- Pipeline 75 Voice Features
- IDSL Implementations
- APP Server utility
- About the APP Server utility
- APP Server installation and setup
- Configuring the Pipeline to use the APP server
- Using App Server with Axent SecureNet
- Creating banner text for the password prompt
- Installing and using the UNIX APP Server
- Installing and using the APP Server utility for DO...
- Installing and using the APP Server utility for Wi...
- Installing APP Server on a Macintosh
- Troubleshooting
- Upgrading system software
- What you need to upgrade system software
- Displaying the software load name
- The upgrade procedure
- Untitled
Defining Filters and Firewalls
Example filters
6-16 Preliminary January 30, 1998 Pipeline User’s Guide
An example IP filter to prevent address spoofing
This section shows how to define an IP data filter whose purpose is to prevent
“spoofing” of local IP addresses. “Spoofing” IP addresses—not to be confused
with watchdog or DHCP spoofing described elsewhere in this manual—is a
technique whereby outside users pretend to be from the local network in order to
obtain unauthorized access to the network.
The filter first defines Input filters that drop packets whose source address is on
the local IP network or the loopback address (127.0.0.0). In effect, these filters
say: “If you see an inbound packet with one of these source addresses, drop the
packet.” The third Input filter defines every other source address (0.0.0.0) and
specifies “Forward everything else to the local network.”
The data filter then defines an Output filter that specifies: “If an outbound packet
has a source address on the local network, forward it; otherwise, drop it.” All
outbound packets with a non-local source address will be dropped.
Note:
This example assumes a local IP network address of 192.100.50.128,
with a subnet mask of 255.255.255.192. Of course, you’ll use your own local IP
address and netmask when defining a Filter profile.
Note:
Because the Pipeline only supports 3 filters, this example modifies the
predefined IP Call filter. See “Working with predefined call filters” on page 6-21
for information about predefined filters.
To define an IP data filter:
1
Select an unnamed Filter profile in the Filters menu and press Enter.
For example, select 20-401.
20-400 Filters
20-401 IP Call
20-402 NetWare Call
20-403 AppleTalk Call
2
Assign a name to the Filter profile.
For example:
Name=no spoofing
3
Open the Input Filters submenu.