4 remote speedtouchtm610 ftp access, Appropriate firewall rules, Remote speedtouch – Technicolor - Thomson 610v User Manual

Page 14: 4 remote speedtouch, 610 ftp access

Advertising
background image

Application Note Ed. 01

2 SpeedTouch

TM

610 Remote Access

10

2.4 Remote SpeedTouch

TM

610 FTP Access

Appropriate firewall

rules

To allow remote access to the SpeedTouch

TM

610 File System via an FTP session from

the WAN to the SpeedTouch

TM

610, you must add two rules per chain: one rule for the

FTP control channel and one for the FTP data channel:

To the sink chain:

The first rule allows users from the WAN to contact the SpeedTouch

TM

610 FTP

server. The second rule allows data coming from the WAN to the
SpeedTouch

TM

610 file system.

The rules are both inserted after the first two rules (index=0 and index=1) as
none of the two rules apply to traffic coming from any WAN interface. However,
make sure (as in the example) to insert the rule before the last rule (which drops
all traffic not blocked by any preceding rule).

Note

If you want to allow remote access to the SpeedTouch

TM

610 CLI via Telnet

in a Bridged Ethernet Packet Service scenario, you must add the rules with
index=0 respectively index=1 (i.e. becoming the first two rules) to avoid that
the traffic coming from the WAN Bridge port and destined for the
SpeedTouch

TM

610 FTP server, or file system is dropped.

To the source chain:

The first rule allows control messages generated by the SpeedTouch

TM

610 FTP

server to pass through to the WAN. The second rule allows data coming from the
SpeedTouch

TM

610 file system and FTP server to pass through to the WAN. Both

rules are added after the first rule concerning all traffic towards the LAN as it has
no concern with it, but before the last rule (which drops all traffic not blocked by
any preceding rule).

The added rules will allow any user on the WAN to open an FTP session to the
SpeedTouch

TM

610 and accessing the file system after authentication.

Note

The access rights which apply to the SpeedTouch

TM

610 file system are not

controlled by the firewall. I.e. you can not change the access rights to the file
system root directory, nor to the /dl and /active subdirectories.
For more information on the access rights that apply to the
SpeedTouch

TM

610 file system, see the application note SpeedTouch

TM

610

Operation and Maintenance

.

[firewall rule]=>
create chain=sink index=2 prot=tcp dstport=ftp action=accept
[firewall rule]=>
create chain=sink index=3 prot=tcp dstport=ftp-data action=accept

[firewall rule]=>
create chain=source index=1 prot=tcp srcport=ftp-data action=accept
[firewall rule]=>
create chain=rule index=2 prot=tcp srcport=ftp-data action=accept

Advertising
This manual is related to the following products:

610, 610i, 610s

Popular Brands
Popular manuals