User Manual

ManualsBrandsLantronix ManualsComputers & AccessoriesLantronix CONSLE Server 10/100MBPS ENET (SCS400-02)

181

182

183

184

185

186

187

188

189

190

Security Examples

11-31

To permit SMTP traffic between the SCS and the local and backup SMTP servers, the following commands

are required:

Figure 11-61: Permitting SMTP Traffic to SMTP Servers

To permit NNTP traffic between the local and remote NNTP servers, the following commands are required:

Figure 11-62: Permitting Traffic Between NNTP Servers

To permit outgoing FTP connections, the following commands are used:

Figure 11-63: Permitting Outgoing FTP Connections

The following three commands deny incoming X-Windows traffic to well-known ports 6000-6023, but

permit incoming TCP/IP connections to ports greater than 1023. This configuration also allows PASV-

mode FTP data.

Figure 11-64: Controlling X-Windows Traffic

The three commands below permit UDP- and TCP-based queries and answers to the local Domain Name

Server:

Figure 11-65: Permitting DNS Queries

To permit ICMP messages (except for redirect messages), a generic IP rule is defined:

Figure 11-66: Permitting ICMP Messages

Local>> DEF FILT fw_i ADD ALLOW IP TCP DPORT EQ SMTP SPORT GT 1023 DST 255.255.255.255

192.0.1.102

Local>> DEF FILT fw_i ADD ALLOW IP TCP SPORT EQ SMTP DPORT GT 1023 ACK DST 255.255.255.255.

192.0.1.102

Local>> DEF FILT fw_i ADD ALLOW IP TCP DPORT EQ SMTP SPORT GT 1023 DST 255.255.255.255

192.0.1.103

Local>> DEF FILT fw_i ADD ALLOW IP TCP SPORT EQ SMTP DPORT GT 1023 ACK DST 255.255.255.255

192.0.1.103

Local>> DEF FILT fw_i ADD ALLOW IP TCP DPORT EQ NNTP SPORT GT 1023 DST 255.255.255.255

192.0.1.104 SRC 255.255.255.255 192.0.2.100

Local>> DEF FILT fw_i ADD ALLOW IP TCP SPORT EQ NNTP DPORT GT 1023 ACK DST 255.255.255.255

192.0.1.104 SRC 255.255.255.255 192.0.2.100

Local>> DEF FILT fw_i ADD ALLOW IP TCP SPORT EQ FTP DPORT GT 1023 ACK

Local>> DEF FILT fw_i ADD ALLOW IP TCP SPORT EQ FTPDATA DPORT GT 1023

Local>> DEF FILT fw_i ADD ALLOW IP TCP SPORT GT 1023 DPORT GT 6024 ACK

Local>> DEF FILT fw_i ADD DENY IP TCP SPORT GT 1023 DPORT GE 6000 ACK

Local>> DEF FILT fw_i ADD ALLOW IP TCP SPORT GT 1023 DPORT GT 1023 ACK

Local>> DEF FILT fw_i ADD ALLOW IP UDP DPORT EQ DNS DST 255.255.255.255 192.0.1.101

Local>> DEF FILT fw_i ADD ALLOW IP TCP DPORT EQ DNS SPORT GT 1023 DST 255.255.255.255

192.0.1.101

Local>> DEF FILT fw_i ADD ALLOW IP TCP SPORT EQ DNS DPORT GT 1023 ACK DST 255.255.255.255

192.0.1.101

Local>> DEF FILT fw_i ADD ALLOW IP ICMP IPGENERIC OFFSET 0 MASK 0xf0000000 NE 0x50000000