Our employees used to go online independently-buy a cat and dial up the Internet. This method is not only inefficient, uncontrollable, but also less secure, making the LAN vulnerable to Internet intrusion. To this end, I applied for an ISDN line for the Organization, added a Zyxel P100IH dial-up router, unified the egress of the LAN Internet access, and strengthened the management of the Internet users of the Organization. This solution not only reduces the phone bill, but also improves the efficiency, and some possible security problems are fully controlled by the Administrator. In this article, the author will discuss some difficult problems encountered during the setup of the dial-up router. The process of installing a dial-up router is relatively simple and I will not repeat it here. After the ISDN Router is installed, you will find that the default configuration of the ISDN Router gives the LAN users great power, and users can use any Internet services at will, such: WWW, FTP, E-mail, Telnet, IRC, etc. You can also access any Web site and set a valid IP address to access the Internet through the ISDN Router without permission, such problems make administrators very difficult. How can I prevent users in a LAN from accessing illegal Web sites? How to prevent a single machine from accessing the internet? How do I set a firewall? These questions are the focus of this article. You can set P100IH in three ways: 1) First, use the terminal simulation software, such as the Super Terminal in Win 9X, which requires your computer to be directly connected to the control port of the router; 2) use the Telnet tool. Using It is different from the first method, as long as your computer can Ping the router; 3) The third is to use Zyxel's PNC software, which runs on the Win 9x/NT platform and provides online help on the graphic operation interface, it is a good router configuration tool. The software can be found on the P100IH Supporting Disc, using the condition that your computer can Ping the router through the LAN. The following uses the Telnet menu to describe how to set up an ISDN Router. Block unauthorized local users from accessing the Internet You can use this method to prevent a specified user from accessing the internet in the LAN.
1. First, create a filter item in men211. |
Menu 21-Filter Set Configuration Filter Set # Comments 1 Block a client 7 2 8 3 9 4 10 5 11 6 12 Enter Filter Set Number to Configure = 0 Edit Comments = Press ENTER to Confirm or ESC to Cancel:
|
2. Create a filter rule to reject data packets sent by the user.
Menu 21.1.1-TCP/IP Filter Rule Filter #: 1, 1 Filter Type = TCP/IP Filter Rule Active = Yes IP Protocol = 0 IP Source Route = No Destination: IP Addr = 0.0.0.0 IP Mask = 0.0.0.0 Port # = Port # Comp = None Source: IP Addr = 192.168.1.5 IP Mask = 255.255.255.255.255 Port # = Port # Comp = None TCP Estab = N/ More = No Log = None Action Matched = Drop Action Not Matched = Forward Press ENTER to Confirm or ESC to Cancel:
|
Filter Type: |
Filter rule types: TCP/IP and Generic; |
Active: |
Whether to activate this rule; |
IP Protocol: |
Data Packet communication protocol, ICMP = 1, TCP = 6, UDP = 17; |
Source IP addr: |
Enter the IP address of the local user that you want to prevent from accessing the Internet; |
IP Mask: |
Set the IP mask according to 'source IP Addr = '. The IP mask should be set to 255.255.255.255; |
Action Matched: |
Set to 'drop' to reject the data packets sent by the user; |
Action Not Matched: |
Set to 'forward 'to accept data packets sent from other workstations. |
3. Activate the filter item created above: Enter Menu3.1, and enter the filter item code in 'Protocol filter '. |
|