Netopia 3346N-ENT User Guide (en)

Virtual Private Networks (VPNs)   5-29
ATMP example
To enable a firewall to allow ATMP traffic, you must provision the firewall to allow inbound and outbound UDP 
packets specifically destined for por t 5150. The source por t may be dynamic, so often it is not useful to apply 
a compare function on this por tion of the control/negotiation packets. You must also set the firewall to allow 
inbound and outbound GRE packets (Protocol 47, Internet Assigned Numbers Document, RFC 1700), enabling 
transpor t of the tunnel payload.
From the Main Menu navigate to Display/Change IP Filter Set, and from the pop-up menu select Basic Firewall.
Select Display/Change Input Filter.
Display/Change Input Filter screen
Select Input Filter 1 and press Return. In the Change Input Filter 1 screen, set the Destination Por t information 
as shown below.
Filter Set
   +--#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D.Port--On?-Fwd--+
   | 1            TCP   NC       =2000   Yes No    |
   | 2            TCP   NC       =6000   Yes No    |
   |                                                                           |
                            Change Input Filter 1
         Enabled:                           Yes
         Forward:                           Yes
         Call Placement/Idle Reset:         No Change
         Force Routing:                     No
         Source IP Address:       
         Source IP Address Mask:  
         Dest. IP Address:        
         Dest. IP Address Mask:   
         TOS:                               0
         TOS Mask:                          0
         Protocol Type:                     TCP
         Source Port Compare...             No Compare
         Source Port ID:                    0
         Dest. Port Compare...              Equal
         Dest. Port ID:                     1723
         Established TCP Conns. Only:       No
Return/Enter accepts * Tab toggles * ESC cancels.
Enter the packet specific information for this filter.