RRAS router with ICF requires port/ip mapping?

Discussion in 'Server Security' started by Ondrej Sevecek, Oct 29, 2004.

  1. Hello,

    I would like only to enable ICF for RRAS router (not NAT) and to set up
    allowed ports and some ICMP traffic passing through.

    But the configuration allowes me to only set up MAPPING of ports to some
    internal network address. Is there some option to create ICF filter to pass
    all traffic targeted to the port regardless the target host address?

    O.
     
    Ondrej Sevecek, Oct 29, 2004
    #1
    1. Advertisements

  2. ICF does not have that option but since you are using rras you might try to
    configure packet filtering on your interface. Go to IP routing/general and
    select your network interface. Then select properties/general and configure
    inbound and outbound filters to see if that works for you. --- Steve
     
    Steven L Umbach, Oct 29, 2004
    #2
    1. Advertisements

  3. I suppose, packet filtering is the same NON-state filtering as can be
    achieved with TCP/IP filters on Network Adapter configuration, right? So
    e.g. DNS responses (generally UDP) are dropped.

    O.
     
    Ondøej ©eveèek, Oct 30, 2004
    #3
  4. I have not used them enough to know but my guess is that it is stateful.
    Tcp/ip filtering is stateful for tcp but not udp. At least with the choice
    for inbound and outbound filters, you could configure both if need be to
    allow access for proper port/protocol similar to an ipsec mirrored filter
    entry.. --- Steve
     
    Steven L Umbach, Oct 31, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.