D-Link DFL-80 User Manual - Page 128
IP Spoofing, Network Address Translation, Packet Filtering, Address
View all D-Link DFL-80 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 128 highlights
IP Spoofing Data packets sent is from a fake source address. If the firewall's policy does not restrict these packets from passing through, they could be used to attack internal servers easily. Network Address Translation NAT is the translation of IP addresses between internal or private networks and the public IP addresses on the Internet. There are three IP address blocks that have been assigned as private IP address space: 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 Through the NAT mechanism, an enterprise's internal networks can use any IP addresses that fall in the three private spaces. Note that, private IP addresses can not pass through routers to their destinations. Packet Filtering Packet Filters check the headers of IP, TCP and ICMP packets to gather information, such as sources addresses, source ports, destination addresses, and destination ports. It also checks the relationships between packets to decide whether a packet is for normal connection. In this way, attacks can be detected and blocked. Address Each address in Address Table can be either an IP address or a sub-network address. Administrators can create a name for a specific address for easier reference. Basically, base on the networks they are located, IP address falls into 3 categories: Internal IP addresses, external IP addresses and DMZ IP addresses. When setting up policies, administrators choose IP addresses in Address Table as the source/destination addresses. So Address Table has to be constructed before setting up policies. 128