user manual

Security 10-35

FTP sessions. To allow WAN-originated FTP sessions to a LAN-based FTP server with the IP address a.b.c.d

(corresponding to a numbered IP address such as 163.176.8.243), insert the following input ﬁlter ahead of the

current input ﬁlter 1:

• Enabled: Yes

• Forward: Yes

• Source IP Address: 0.0.0.0

• Source IP Address Mask: 0.0.0.0

• Dest. IP Address: a.b.c.d

• Dest. IP Address Mask: 255.255.255.255

• Protocol Type: TCP

• Source Port Comparison: No Compare

• Source Port ID: 0

• Dest. Port Comparison: Equal

• Dest. Port ID: 21

Note: A similar ﬁlter could be used to permit Telnet or WWW access. Set the Dest. Port ID to 23 for Telnet or

to 80 for WWW.

Deleting a ﬁlter set does not delete the ﬁlters in that set. However, the ﬁlters in the deleted set are no longer in

effect (unless they are part of another set). The deleted set will no longer appear in the answer proﬁle or any

connection proﬁles to which it was added.

Policy-based Routing using Filtersets

Previous software versions routed IP packets only by destination IP address. Motorola Netopia® Embedded

Software Version 8.7.4 now offers the ability to route IP packets using criteria other than the destination IP

address. This is called policy-based routing. You are now able to route IP trafﬁc based on the following:

• source IP address

• source and/or destination protocol ﬁeld

• source and/or destination port numbers

• TOS ﬁeld

You specify the routing criteria and routing information by using IP ﬁltersets to determine the forwarding action

of a particular ﬁlter.