Advanced settings of the ISDN Router (1)

Source: Internet
Author: User

Our employees used to go online independently-buy a cat and dial up the Internet. This method is not only inefficient, uncontrollable, but also less secure, making the LAN vulnerable to Internet intrusion. To this end, I applied for an ISDN line for the Organization, added a Zyxel P100IH dial-up router, unified the egress of the LAN Internet access, and strengthened the management of the Internet users of the Organization.

This solution not only reduces the phone bill, but also improves the efficiency, and some possible security problems are fully controlled by the Administrator.

In this article, the author will discuss some difficult problems encountered during the setup of the dial-up router. The process of installing a dial-up router is relatively simple and I will not repeat it here.

After the ISDN Router is installed, you will find that the default configuration of the ISDN Router gives the LAN users great power, and users can use any Internet services at will, such: WWW, FTP, E-mail, Telnet, IRC, etc. You can also access any Web site and set a valid IP address to access the Internet through the ISDN Router without permission, such problems make administrators very difficult.

How can I prevent users in a LAN from accessing illegal Web sites? How to prevent a single machine from accessing the internet? How do I set a firewall? These questions are the focus of this article.

You can set P100IH in three ways:

1) First, use the terminal simulation software, such as the Super Terminal in Win 9X, which requires your computer to be directly connected to the control port of the router;

2) use the Telnet tool. Using It is different from the first method, as long as your computer can Ping the router;

3) The third is to use Zyxel's PNC software, which runs on the Win 9x/NT platform and provides online help on the graphic operation interface, it is a good router configuration tool. The software can be found on the P100IH Supporting Disc, using the condition that your computer can Ping the router through the LAN. The following uses the Telnet menu to describe how to set up an ISDN Router.

Block unauthorized local users from accessing the Internet

You can use this method to prevent a specified user from accessing the internet in the LAN.

1. First, create a filter item in men211.
Menu 21-Filter Set Configuration
Filter
Set # Comments
1 Block a client 7
2 8
3 9
4 10
5 11
6 12
Enter Filter Set Number to Configure = 0
Edit Comments =
Press ENTER to Confirm or ESC to Cancel:

2. Create a filter rule to reject data packets sent by the user.

Menu 21.1.1-TCP/IP Filter Rule
Filter #: 1, 1
Filter Type = TCP/IP Filter Rule
Active = Yes
IP Protocol = 0 IP Source Route = No
Destination: IP Addr = 0.0.0.0
IP Mask = 0.0.0.0
Port # =
Port # Comp = None
Source: IP Addr = 192.168.1.5
IP Mask = 255.255.255.255.255
Port # =
Port # Comp = None
TCP Estab = N/
More = No Log = None
Action Matched = Drop
Action Not Matched = Forward
Press ENTER to Confirm or ESC to Cancel:

Keyword explanation
Filter Type: Filter rule types: TCP/IP and Generic;
Active: Whether to activate this rule;
IP Protocol: Data Packet communication protocol, ICMP = 1, TCP = 6, UDP = 17;
Source IP addr: Enter the IP address of the local user that you want to prevent from accessing the Internet;
IP Mask: Set the IP mask according to 'source IP Addr = '. The IP mask should be set to 255.255.255.255;
Action Matched: Set to 'drop' to reject the data packets sent by the user;
Action Not Matched: Set to 'forward 'to accept data packets sent from other workstations.
3. Activate the filter item created above: Enter Menu3.1, and enter the filter item code in 'Protocol filter '.
Menu 3.1-General Ethernet Setup
Input Filter Sets:
Protocol filters = 1
Device filters =
Output Filter Sets:
Protocol filters =
Device filters =

Identify the NIC address to prevent computer access to the Internet

In the above example, the IP address filtering method is used to prevent local users from logging on to the Internet. What should the Administrator do if they change the blocked IP address to another valid value without authorization? No problem. We know that each network card has a unique network card address code when it leaves the factory. P100IH can filter Internet users based on this address. You only need to add the NIC address to the filter condition to prevent unauthorized users from logging on to the Internet unless they change the NIC ).

1. Obtain the NIC address

Obtain the NIC address of the Local Machine: run the Winipcfg command in the Windows 9X operating system. The "adapter address" is the NIC address. Run the Ipconfig/ALL command in Win NT, "Physical Address" is the NIC Address. Assume that the NIC address in this example is [00 80 c8 4c ea 63].

2. Create a filter item first, and then create a filter rule in the filter item.
Menu 21.1.1-Generic Filter Rule
Filter #: 1, 1
Filter Type = Generic Filter Rule
Active = Yes
Offset = 6
Length = 6
Mask = ffffffffffff
Value = 0080c84cea63
More = No Log = None
Action Matched = Drop
Action Not Matched = Forward
Keyword explanation
Filter Type: Set the filtering type to 'generic Filter rule'. Note the difference between the above example );
Active: Activation rule, set to 'yes ';
Offset (in bytes ): The offset is set to '6', and the starting position of the NIC address in the data packet;
Length (in bytes ): Set the NIC address length to '6 ';
Mask (represented by 12 hexadecimal numbers ): The default value is 'ffffffffff ';
Value (expressed in hexadecimal notation ): NIC address. In this example, it is set to [00 80 c8 4c ea 63].
Action Matched: Set to 'drop'. When the NIC address is the same as the set value, the user's data packets are rejected;
Action Not Matched: Set to 'forward 'to receive data packets sent from other workstations.

3. Activate the Filter item created above: Enter Menu3.1 and enter the Filter item code in 'device filter'. Note that it is not 'Protocol filter ').
Menu 3.1-General Ethernet Setup
Input Filter Sets:
Protocol filters =
Device filters = 1
Output Filter Sets:
Protocol filters =
Device filters =


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.