Advanced settings of the ISDN Router (1)

Our employees used to go online independently-buy a cat and dial up the Internet. This method is not only inefficient, uncontrollable, but also less secure, making the LAN vulnerable to Internet intrusion. To this end, I applied for an ISDN line for the Organization, added a Zyxel P100IH dial-up router, unified the egress of the LAN Internet access, and strengthened the management of the Internet users of the Organization. This solution not only reduces the phone bill, but also improves the efficiency, and some possible security problems are fully controlled by the Administrator. In this article, the author will discuss some difficult problems encountered during the setup of the dial-up router. The process of installing a dial-up router is relatively simple and I will not repeat it here. After the ISDN Router is installed, you will find that the default configuration of the ISDN Router gives the LAN users great power, and users can use any Internet services at will, such: WWW, FTP, E-mail, Telnet, IRC, etc. You can also access any Web site and set a valid IP address to access the Internet through the ISDN Router without permission, such problems make administrators very difficult. How can I prevent users in a LAN from accessing illegal Web sites? How to prevent a single machine from accessing the internet? How do I set a firewall? These questions are the focus of this article. You can set P100IH in three ways: 1) First, use the terminal simulation software, such as the Super Terminal in Win 9X, which requires your computer to be directly connected to the control port of the router; 2) use the Telnet tool. Using It is different from the first method, as long as your computer can Ping the router; 3) The third is to use Zyxel's PNC software, which runs on the Win 9x/NT platform and provides online help on the graphic operation interface, it is a good router configuration tool. The software can be found on the P100IH Supporting Disc, using the condition that your computer can Ping the router through the LAN. The following uses the Telnet menu to describe how to set up an ISDN Router. Block unauthorized local users from accessing the Internet You can use this method to prevent a specified user from accessing the internet in the LAN. 1. First, create a filter item in men211. Menu 21-Filter Set Configuration Filter Set # Comments 1 Block a client 7 2 8 3 9 4 10 5 11 6 12 Enter Filter Set Number to Configure = 0 Edit Comments = Press ENTER to Confirm or ESC to Cancel: 2. Create a filter rule to reject data packets sent by the user. Menu 21.1.1-TCP/IP Filter Rule Filter #: 1, 1 Filter Type = TCP/IP Filter Rule Active = Yes IP Protocol = 0 IP Source Route = No Destination: IP Addr = 0.0.0.0 IP Mask = 0.0.0.0 Port # = Port # Comp = None Source: IP Addr = 192.168.1.5 IP Mask = 255.255.255.255.255 Port # = Port # Comp = None TCP Estab = N/ More = No Log = None Action Matched = Drop Action Not Matched = Forward Press ENTER to Confirm or ESC to Cancel: Keyword explanation Filter Type: Filter rule types: TCP/IP and Generic; Active: Whether to activate this rule; IP Protocol: Data Packet communication protocol, ICMP = 1, TCP = 6, UDP = 17; Source IP addr: Enter the IP address of the local user that you want to prevent from accessing the Internet; IP Mask: Set the IP mask according to 'source IP Addr = '. The IP mask should be set to 255.255.255.255; Action Matched: Set to 'drop' to reject the data packets sent by the user; Action Not Matched: Set to 'forward 'to accept data packets sent from other workstations. 3. Activate the filter item created above: Enter Menu3.1, and enter the filter item code in 'Protocol filter '.

Menu 3.1-General Ethernet Setup Input Filter Sets: Protocol filters = 1 Device filters = Output Filter Sets: Protocol filters = Device filters =

Identify the NIC address to prevent computer access to the Internet

In the above example, the IP address filtering method is used to prevent local users from logging on to the Internet. What should the Administrator do if they change the blocked IP address to another valid value without authorization? No problem. We know that each network card has a unique network card address code when it leaves the factory. P100IH can filter Internet users based on this address. You only need to add the NIC address to the filter condition to prevent unauthorized users from logging on to the Internet unless they change the NIC ).

1. Obtain the NIC address

Obtain the NIC address of the Local Machine: run the Winipcfg command in the Windows 9X operating system. The "adapter address" is the NIC address. Run the Ipconfig/ALL command in Win NT, "Physical Address" is the NIC Address. Assume that the NIC address in this example is [00 80 c8 4c ea 63].

2. Create a filter item first, and then create a filter rule in the filter item.

Menu 21.1.1-Generic Filter Rule Filter #: 1, 1 Filter Type = Generic Filter Rule Active = Yes Offset = 6 Length = 6 Mask = ffffffffffff Value = 0080c84cea63 More = No Log = None Action Matched = Drop Action Not Matched = Forward

Keyword explanation

Filter Type:	Set the filtering type to 'generic Filter rule'. Note the difference between the above example );
Active:	Activation rule, set to 'yes ';
Offset (in bytes ):	The offset is set to '6', and the starting position of the NIC address in the data packet;
Length (in bytes ):	Set the NIC address length to '6 ';
Mask (represented by 12 hexadecimal numbers ):	The default value is 'ffffffffff ';
Value (expressed in hexadecimal notation ):	NIC address. In this example, it is set to [00 80 c8 4c ea 63].
Action Matched:	Set to 'drop'. When the NIC address is the same as the set value, the user's data packets are rejected;
Action Not Matched:	Set to 'forward 'to receive data packets sent from other workstations.

3. Activate the Filter item created above: Enter Menu3.1 and enter the Filter item code in 'device filter'. Note that it is not 'Protocol filter ').

Menu 3.1-General Ethernet Setup Input Filter Sets: Protocol filters = Device filters = 1 Output Filter Sets: Protocol filters = Device filters =