ZyXEL P-1100 User Guide - Page 78

Prestige 1100 Internet Access Router Table 8-3 Abbreviations Used If Filter Type Is IPX Abbreviation Description PT IPX Packet Type SS Source Socket DS Destination Socket l If the filter type is Dev (device), the following abbreviations listed in the following table will be used. Table 8-4 Abbreviations Used If Filter Type Is Dev Abbreviation Description Off Offset Len Length Refer to the next section for information on configuring the filter rules. 8.4 Configuring a Filter Rule To configure a filter rule, enter its number in Menu 21.1 - Filter Rules Summary and press [ENTER] to open Menu 21.1.1 for the rule. 8.4.1 Filter Types and SUA There are two types of filter rules, Device Filter rules and Protocol Filter (TCP/IP and IPX) rules. Device Filter rules act on the raw data from/to LAN and WAN. Protocol Filter rules act on the IP and IPX packets. Device and TCP/IP filter rules are discussed in more detail in the next section. When NAT/SUA (Network Address Translation/Single User Account) is enabled, the inside IP address and port number are replaced on a connection-by-connection basis, which makes it impossible to know the exact address and port on the wire. Therefore, the Prestige applies the protocol filters to the "native" IP address and port number before NAT/SUA for outgoing packets and after NAT/SUA for incoming packets. On the other hand, the device filters are applied to the raw packets that appear on the wire. They are applied at the point where the Prestige is receiving and sending the packets; i.e. the interface. The interface can be an Ethernet, or any other hardware port. The following diagram illustrates this. 8-6 Filter Configuration