Setting Up a Telnet Filter

You can set up a Telnet filter on your server's public interface to filter Telnet packets in the inbound or outbound direction. An inbound Telnet filter might be required if public users establish Telnet sessions to a server in your private network. An outbound Telnet filter might be required to allow users to establish a Telnet session on the public network.

This section contains the following tasks:


Setting Up a Stateful Telnet Filter

To set up a stateful Telnet filter exception,

  1. Select Configure TCP/IP Filters > Packet Forwarding Filters > Exceptions.

    2.

  2. Press Ins to define a new exception.

    3.

  3. If you are creating an inbound exception:

    1. Specify All Interfaces for the Source Interface parameter.

      2.

    2. Specify the server's public interface for the Destination Interface parameter.

      3.

    3. Press Enter for Packet Type and select telnet-st.

      4.

    4. If you want the server to forward Telnet packets from certain public hosts only, specify Host or Network for the Src Addr Type parameter > enter the IP address for the Src IP Address parameter; otherwise, leave the setting for Src Addr Type as Any Address.

      5.

    5. If you want the server to forward Telnet packets addressed to certain private hosts only, specify Host or Network for the Dest Addr Type parameter > enter the IP address for the Dest IP Address parameter; otherwise, leave the setting for Dest Addr Type as Any Address.

      6.

    6. Press Esc > select Yes to save the filter.

      7.

  4. If you are creating an outbound exception, do the following:

    1. Specify the server's private interface for the Source Interface parameter.

      2.

    2. Specify the server's public interface for the Destination Interface parameter.

      3.

    3. Press Enter for Packet Type and select telnet-st.

      4.

    4. If you want the server to forward Telnet packets from certain private hosts only, specify Host or Network for the Src Addr Type parameter > enter the IP address for the Src IP Address parameter; otherwise, leave the setting for Src Addr Type as Any Address.

      5.

    5. If you want the server to forward Telnet packets addressed to certain public hosts only, specify Host or Network for the Dest Addr Type parameter > enter the IP address for the Dest IP Address parameter; otherwise, leave the setting for Dest Addr Type as Any Address.

      6.

    6. Press Esc > select Yes to save the filter.

      7.

    IMPORTANT:  The outbound stateful Telnet filter does not allow packets for DNS name resolution to be forwarded to a DNS server on the public network. Users establishing a Telnet session must use IP addresses unless you set up a DNS filter.


Setting Up Static Filters for Telnet

If you do not want to configure a stateful Telnet exception, you can create static filters instead. Simply create a static Telnet filter exception in both the inbound and outbound directions. Make sure you enable ACK bit filtering for the exception in the inbound direction.

IMPORTANT:  These filters do not allow users to establish Telnet sessions using a server's DNS name. A DNS filter is required.



  Previous Page: Setting Up an FTP Filter  Next Page: Setting Up an SMTP Filter