Filter Example

A filter for blocking the FTP connections from WAN


The Prestige 324 supports the firmware and configuration files upload using FTP connections via LAN and WAN. So, it is possible that anyone can make a FTP connection over the Internet to your Prestige 324. To prevent outside users from connecting to your Prestige 324 via FTP, you can configure a filter to block FTP connections from WAN.

Before configuring a filter, you need to know the following information:

  1. The inbound packet type (protocol & port number): In this case, it is TCP(06) protocol with port 20 or 21.
  2. The source IP address: In this case, we block all connections from outside so the source IP is 0.0.0.0.
  3. The destination IP address:  It is the Prestige 324's IP address, but it is not available in SUA case since most WAN IP address is dynamically assigned by the ISP. So, we can only enter 0.0.0.0 as the destination IP in the filter rule. Once 0.0.0.0 is set as the destination IP, no FTP connections are allowed to reach the Prestige 324 nor the FTP server on the LAN. For the LAN-to-LAN connection, you enter the Prestige 324's LAN IP as the destination IP in the filter rule. After the FTP filter is applied to the remote node, it only blocks the FTP connection to the Prestige 324 but still permits the FTP connection to the local FTP server.


All contents copyright © 1999 ZyXEL Communications Corporation.