Home » ZyXEL Manuals » Networking » ZyXEL P-791R v2 » Manual Viewer

ZyXEL P-791R v2 User Guide - Page 221

Offset, Length, Value, Filter Type, Generic Filter Rule

Get ZyXEL P-791R v2 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 221 highlights

Chapter 25 Filter Configuration For generic rules, the ZyXEL Device treats a packet as a byte stream as opposed to an IP or IPX packet. You specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes. The ZyXEL Device applies the Mask (bit-wise ANDing) to the data portion before comparing the result against the Value to determine a match. The Mask and Value are specified in hexadecimal numbers. Note that it takes two hexadecimal digits to represent a byte, so if the length is 4, the value in either field will take 8 digits, for example, FFFFFFFF. To configure a generic rule, select Generic Filter Rule in the Filter Type field in menu 21.1.1 and press [ENTER] to open Generic Filter Rule. Menu 21.1.1 is shown below as an example. Figure 141 Menu 21.1.1: Generic Filter Rule Menu 21.1.1 - Generic Filter Rule Filter #: 1,1 Filter Type= Generic Filter Rule Active= No Offset= 0 Length= 0 Mask= N/A Value= N/A More= No Log= None Action Matched= Check Next Rule Action Not Matched= Check Next Rule The following table describes the fields in the Generic Filter Rule menu. Table 78 Menu 21.1.1: Generic Filter Rule FIELD DESCRIPTION Filter # This is the filter set, filter rule co-ordinates, in other words 2,3 refers to the second filter set and the third rule of that set. Filter Type Use [SPACE BAR] and then [ENTER] to select a rule type. Parameters displayed below each type will be different. TCP/IP filter rules are used to filter IP packets while generic filter rules allow filtering of non-IP packets. Options are Generic Filter Rule and TCP/IP Filter Rule. Active Select Yes to turn on the filter rule or No to turn it off. Offset Enter the starting byte of the data portion in the packet that you wish to compare. The range for this field is from 0 to 255. Length Enter the byte count of the data portion in the packet that you wish to compare. The range for this field is 0 to 8. Mask Enter the mask (in Hexadecimal notation) to apply to the data portion before comparison. Value Enter the value (in Hexadecimal notation) to compare with the data portion. More If Yes, a matching packet is passed to the next filter rule before an action is taken; else the packet is disposed of according to the action fields. If More is Yes, then Action Matched and Action Not Matched will be No. Log Select the logging option from the following: None - No packets will be logged. Action Matched - Only packets that match the rule parameters will be logged. Action Not Matched - Only packets that do not match the rule parameters will be logged. Both - All packets will be logged. P-791R v2 User's Guide 221

Section	Page
User’s Guide	1
About This User's Guide	3
Document Conventions	4
Safety Warnings	6
Contents Overview	9
Table of Contents	11
List of Figures	21
List of Tables	27
Introduction, Wizards and Tutorials	31
Getting To Know Your ZyXEL Device	33
1.1 Overview	33
1.1.1 High-speed Internet Access	33
1.1.2 High-speed Point-to-point Connections	33
1.2 Ways to Manage the ZyXEL Device	34
1.3 Good Habits for Managing the ZyXEL Device	34
1.4 LEDs	35
Introducing the Web Configurator	37
2.1 Web Configurator Overview	37
2.2 Accessing the Web Configurator	37
2.3 Navigating the Web Configurator	39
2.4 Status Screen	42
2.4.1 Status: Packet Statistics	44
2.5 Resetting the ZyXEL Device	45
2.5.1 Using the Reset Button	45
Wizard Setup for Internet Access	47
3.1 Introduction	47
3.2 Internet Access Wizard Setup	47
Point-to-point Configuration	55
4.1 Overview	55
4.2 Point-to-point Connection Procedure	56
4.2.1 Set up the Server	56
4.2.2 Set up the Client	56
4.2.3 Connect the ZyXEL Devices	57
Network Setup	59
WAN Setup	61
5.1 WAN Overview	61
5.1.1 Encapsulation	61
5.1.2 Multiplexing	62
5.1.3 VPI and VCI	62
5.1.4 IP Address Assignment	62
5.1.5 Nailed-Up Connection (PPP)	63
5.1.6 NAT	63
5.2 Metric	63
5.3 Traffic Shaping	64
5.3.1 ATM Traffic Classes	65
5.4 Internet Connection	65
5.4.1 Configuring Advanced Internet Connection	68
5.5 Configuring More Connections	69
5.5.1 More Connections Edit	70
5.5.2 Configuring More Connections Advanced Setup	72
5.6 Traffic Redirect	74
5.7 Dial Backup Interface	75
5.8 CON/AUX Port for Dial Backup	75
5.9 Configuring WAN Backup Setup	75
5.9.1 Advanced Backup Setup	77
5.9.2 Advanced Modem Settings for Dial Backup	80
LAN Setup	83
6.1 LAN Overview	83
6.1.1 LANs, WANs and the ZyXEL Device	83
6.1.2 DHCP Setup	84
6.1.3 DNS Server Address	84
6.1.4 DNS Server Address Assignment	84
6.2 LAN TCP/IP	85
6.2.1 IP Address and Subnet Mask	85
6.2.2 RIP Setup	86
6.2.3 Multicast	87
6.3 Configuring LAN IP	87
6.3.1 Configuring Advanced LAN Setup	88
6.4 DHCP Setup	89
6.5 LAN Client List	90
6.6 LAN IP Alias	91
Network Address Translation (NAT) Screens	93
7.1 NAT Overview	93
7.1.1 NAT Definitions	93
7.1.2 What NAT Does	94
7.1.3 How NAT Works	94
7.1.4 NAT Application	94
7.1.5 NAT Mapping Types	95
7.2 SUA (Single User Account) Versus NAT	96
7.2.1 SIP ALG	96
7.3 NAT General Setup	97
7.4 Port Forwarding	97
7.4.1 Default Server IP Address	98
7.4.2 Port Forwarding: Services and Port Numbers	98
7.4.3 Configuring Servers Behind Port Forwarding (Example)	98
7.5 Configuring Port Forwarding	99
7.5.1 Port Forwarding Rule Edit	100
7.6 Address Mapping	101
7.6.1 Address Mapping Rule Edit	102
Security	105
Filter	107
8.1 Configuring Filter	107
Advanced Setup	109
Static Route	111
9.1 Static Route	111
9.2 Configuring Static Route	111
9.2.1 Static Route Edit	112
Dynamic DNS Setup	115
10.1 Dynamic DNS Overview	115
10.1.1 DYNDNS Wildcard	115
10.2 Configuring Dynamic DNS	115
Remote Management Configuration	119
11.1 Remote Management Overview	119
11.1.1 Remote Management Limitations	119
11.1.2 Remote Management and NAT	119
11.1.3 System Timeout	120
11.2 WWW	120
11.3 Telnet	120
11.4 Configuring Telnet	121
11.5 Configuring FTP	122
11.6 SNMP	122
11.6.1 Supported MIBs	124
11.6.2 SNMP Traps	124
11.6.3 Configuring SNMP	124
11.7 Configuring DNS	125
11.8 Configuring ICMP	126
Universal Plug-and-Play (UPnP)	129
12.1 Introducing Universal Plug and Play	129
12.1.1 How do I know if I'm using UPnP?	129
12.1.2 NAT Traversal	129
12.1.3 Cautions with UPnP	129
12.2 UPnP and ZyXEL	130
12.2.1 Configuring UPnP	130
12.3 Installing UPnP in Windows Example	131
12.4 Using UPnP in Windows XP Example	134
Maintenance	141
System	143
13.1 General Setup	143
13.1.1 General Setup and System Name	143
13.1.2 General Setup	143
13.2 Time Setting	145
Logs	149
14.1 Logs Overview	149
14.1.1 Alerts and Logs	149
14.2 Viewing the Logs	149
14.3 Configuring Log Settings	150
Tools	153
15.1 Firmware Upgrade	153
15.2 Configuration	155
15.3 Restart	157
Diagnostic	159
16.1 General Diagnostic	159
16.2 DSL Line Diagnostic	159
SMT and Troubleshooting	161
Introducing the SMT	163
17.1 Accessing the SMT Via the Console Port	163
17.2 Accessing the SMT Via Telnet	163
17.3 SMT Menu Items	164
17.4 Navigating the SMT Interface	166
General Setup	169
18.1 Configuring General Setup	169
18.1.1 Configuring Dynamic DNS	170
WAN Setup	173
19.1 WAN Setup	173
19.2 Configuring Traffic Redirect	175
19.3 Dial Backup Interface	175
19.4 Configuring Dial Backup in Menu 2	175
19.5 Advanced Dial Backup Setup	176
LAN Setup	179
20.1 Accessing the LAN Menus	179
20.2 LAN Port Filter Setup	179
20.3 TCP/IP and DHCP Setup Menu	180
20.4 LAN IP Alias	181
Internet Access Setup	183
21.1 Internet Access Setup	183
Remote Node Setup	185
22.1 Introduction to Remote Node Setup	185
22.2 Remote Node Setup	185
22.3 Remote Node Profile	185
22.4 Remote Node Network Layer Options	189
22.5 Remote Node Filter	191
22.6 Remote Node ATM Layer Options	192
22.7 Advance Setup Options	193
Static Route Setup	195
23.1 IP Static Route Setup	195
23.2 Bridge Static Route Setup	196
NAT Setup	199
24.1 Using NAT	199
24.1.1 SUA (Single User Account) Versus NAT	199
24.1.2 Applying NAT	199
24.2 NAT Setup	201
24.2.1 Address Mapping Sets	201
24.3 Configuring a Server behind NAT	204
24.4 General NAT Examples	206
24.4.1 Internet Access Only	206
24.4.2 Example 2: Internet Access with a Default Server	207
24.4.3 Example 3: Multiple Public IP Addresses With Inside Servers	208
24.4.4 Example 4: NAT Unfriendly Application Programs	211
Filter Configuration	213
25.1 Introduction to Filters	213
25.1.1 The Filter Structure of the ZyXEL Device	214
25.2 Configuring a Filter Set	215
25.2.1 Configuring a Filter Rule	217
25.2.2 Configuring a TCP/IP Filter Rule	217
25.2.3 Configuring a Generic Filter Rule	220
25.3 Example Filter	222
25.4 Filter Types and NAT	224
25.5 Applying a Filter	224
25.5.1 Applying LAN Filters	224
25.5.2 Applying Remote Node Filters	225
SNMP Configuration	227
26.1 SNMP Configuration	227
System Password	229
System Information & Diagnosis	231
28.1 Introduction to System Status	231
28.2 System Status	231
28.3 System Information and Console Port Speed	233
28.3.1 System Information	233
28.3.2 Console Port Speed	234
28.4 Log and Trace	235
28.4.1 Viewing Error Log	235
28.4.2 Syslog Logging	236
28.5 Diagnostic	238
Firmware and Configuration File Maintenance	241
29.1 Introduction	241
29.2 Filename Conventions	241
29.3 Backup Configuration	242
29.3.1 Backup Configuration	242
29.3.2 Using the FTP Command from the Command Line	243
29.3.3 Example of FTP Commands from the Command Line	243
29.3.4 GUI-based FTP Clients	244
29.3.5 File Maintenance Over WAN	244
29.3.6 Backup Configuration Using TFTP	244
29.3.7 TFTP Command Example	245
29.3.8 GUI-based TFTP Clients	245
29.3.9 Backup Via Console Port	245
29.4 Restore Configuration	246
29.4.1 Restore Using FTP	247
29.4.2 Restore Using FTP Session Example	247
29.4.3 Restore Via Console Port	248
29.5 Uploading Firmware and Configuration Files	248
29.5.1 Firmware File Upload	249
29.5.2 Configuration File Upload	249
29.5.3 FTP File Upload Command from the DOS Prompt Example	250
29.5.4 FTP Session Example of Firmware File Upload	251
29.5.5 TFTP File Upload	251
29.5.6 TFTP Upload Command Example	252
29.5.7 Uploading Via Console Port	252
29.5.8 Uploading Firmware File Via Console Port	252
29.5.9 Example Xmodem Firmware Upload Using HyperTerminal	252
29.5.10 Uploading Configuration File Via Console Port	253
29.5.11 Example Xmodem Configuration Upload Using HyperTerminal	253
Menus 24.8 to 24.11	255
30.1 Command Interpreter Mode	255
30.1.1 Command Syntax	255
30.1.2 Command Usage	256
30.2 Call Control Support	256
30.2.1 Budget Management	256
30.3 Time and Date Setting	257
30.4 Remote Management	259
30.4.1 Remote Management Limitations	260
IP Routing Policy Setup	261
31.1 Policy Route	261
31.2 Benefits	261
31.3 Routing Policy	261
31.4 IP Routing Policy Setup	262
31.5 IP Routing Policy Setup	262
31.6 IP Routing Policy	264
31.7 IP Policy Routing Example	265
Schedule Setup	269
32.1 Schedule Set Overview	269
32.2 Schedule Setup	269
32.3 Schedule Set Setup	270
Troubleshooting	273
33.1 Power, Hardware Connections, and LEDs	273
33.2 ZyXEL Device Access and Login	274
33.3 Internet Access	276
33.4 Reset the ZyXEL Device to Its Factory Defaults	277
Appendices and Index	279
Product Specifications	281
Setting up Your Computer’s IP Address	287
Pop-up Windows, JavaScripts and Java Permissions	303
IP Addresses and Subnetting	309
IP Address Assignment Conflicts	317
Common Services	321
Command Interpreter	325
Log Descriptions	331
NetBIOS Filter Commands	343
Legal Information	345
Customer Support	349

Match case Limit results 1 per page

Chapter 25 Filter Configuration

P-791R v2 User’s Guide

221

For generic rules, the ZyXEL Device treats a packet as a byte stream as opposed to an IP or

IPX packet. You specify the portion of the packet to check with the

Offset

(from 0) and the

Length

fields, both in bytes. The ZyXEL Device applies the Mask (bit-wise ANDing) to the

data portion before comparing the result against the Value to determine a match. The

Mask

and

Value

are specified in hexadecimal numbers. Note that it takes two hexadecimal digits to

represent a byte, so if the length is 4, the value in either field will take 8 digits, for example,

FFFFFFFF

To configure a generic rule, select

Generic Filter Rule

in the

Filter Type

field in menu

21.1.1 and press

[ENTER]

to open Generic Filter Rule. Menu 21.1.1 is shown below as an

example.

Figure 141

Menu 21.1.1: Generic Filter Rule

The following table describes the fields in the

Generic Filter Rule

menu.

Menu 21.1.1 - Generic Filter Rule

Filter #: 1,1

Filter Type= Generic Filter Rule

Active= No

Offset= 0

Length= 0

Mask= N/A

Value= N/A

More= No

Log= None

Action Matched= Check Next Rule

Action Not Matched= Check Next Rule

Table 78

Menu 21.1.1: Generic Filter Rule

FIELD

DESCRIPTION

Filter #

This is the filter set, filter rule co-ordinates, in other words 2,3 refers to the second filter

set and the third rule of that set.

Filter Type

Use [SPACE BAR] and then [ENTER] to select a rule type. Parameters displayed below

each type will be different.

TCP/IP filter rules are used to filter IP packets while generic

filter rules allow filtering of non-IP packets.

Options are

Generic Filter Rule

and

TCP/IP Filter Rule

Active

Select

Yes

to turn on the filter rule or

to turn it off.

Offset

Enter the starting byte of the data portion in the packet that you wish to compare. The

range for this field is from 0 to 255.

Length

Enter the byte count of the data portion in the packet that you wish to compare. The range

for this field is 0 to 8.

Mask

Enter the mask (in Hexadecimal notation) to apply to the data portion before comparison.

Value

Enter the value (in Hexadecimal notation) to compare with the data portion.

Yes

, a matching packet is passed to the next filter rule before an action is taken; else

the packet is disposed of according to the action fields.

Yes

, then Action Matched and Action Not Matched will be

Log

Select the logging option from the following:

None

- No packets will be logged.

Action Matched

- Only packets that match the rule parameters will be logged.

Action Not Matched

- Only packets that do not match the rule parameters will be logged.

Both

– All packets will be logged.