Filter Example

A filter for blocking the FTP connections from WAN


The Prestige supports the firmware and configuration files upload using FTP connections via LAN and WAN. So, it is possible that anyone can make a FTP connection over the Internet to your Prestige. To prevent outside users from connecting to your Prestige via FTP, you can configure a filter to block FTP connections from WAN.

Before configuring a filter, you need to know the following information:

  1. The inbound packet type (protocol & port number): In this case, it is TCP(06) protocol with port 20 or 21.
  2. The source IP address: In this case, we block all connections from outside so the source IP is 0.0.0.0.
  3. The destination IP address:  It is the Prestige's IP address, but it is not available in SUA case since most WAN IP address is dynamically assigned by the ISP. So, we can only enter 0.0.0.0 as the destination IP in the filter rule. Once 0.0.0.0 is set as the destination IP, no FTP connections are allowed to reach the Prestige nor the FTP server on the LAN. For the LAN-to-LAN connection, you enter the Prestige's LAN IP as the destination IP in the filter rule. After the FTP filter is applied to the remote node, it only blocks the FTP connection to the Prestige but still permits the FTP connection to the local FTP server.

 


All contents copyright © 1999 ZyXEL Communications Corporation.