beautypg.com

Asus RX3141 User Manual

Page 58

background image

Chapter 9. Configuring Firewall/NAT Settings

RX3141 User’s Manual

48

the packet is dropped; otherwise, the packet is either dropped or forwarded based on the action defined in the
matched ACL rule.

9.1.3.2

ACL Rule and Connection State Tracking

The stateful packet inspection engine in the firewall keeps track of the state, or progress, of a network
connection. By storing information about each connection in a state table, RX3141 is able to quickly determine
if a packet passing through the firewall belongs to an already established connection. If it does, it is passed
through the firewall without going through ACL rule evaluation.

For example, an ACL rule allows outbound ICMP packet from 192.168.1.1 to 192.168.2.1. When 192.168.1.1
sends an ICMP echo request (i.e. a ping packet) to 192.168.2.1, 192.168.2.1 will respond with an ICMP echo
reply to 192.168.1.1. In the RX3141, you don’t need to create another inbound ACL rule because stateful
packet inspection engine tracks the connection state and allows the ICMP echo reply to pass through the
firewall

9.1.4

Default ACL Rules

The RX3141 supports three types of default access rules:

f Inbound Access Rules: for controlling incoming access to your LAN.
f Outbound Access Rules: for controlling outbound access to external networks for hosts on your LAN.
f Self-Access Rules: for controlling access to the RX3141 itself.

Default Inbound Access Rules

No default inbound access rule is configured. That is, all traffic from external hosts to the internal hosts is
denied.

Default Outbound Access Rules

The default outbound access rule allows all the traffic originated from your LAN to be forwarded to the external
network using NAT.

Default Self Access Rules

The default self access rules allow http, ping, DNS, DHCP access to the RX3141 router from the LAN.

WARNING

It is not necessary to remove the default ACL rule from the ACL
rule table! It is better to create higher priority ACL rules to override
the default rule.