|
General service description
The service option "Address Translation and Filtering" combines
the possibilities of private network addressing and the usage of IP packet
filters. This offers our customers a good basic security for their Internet
access.
The advantage of the function "Address Translation" is that
fewer publically routable IP addresses are required by offering customers
the possibility to address their company network with private IP addresses.
With the function "Filtering" customers can additionally limit
the access to open ports within their company network. On our web interface
customers can find different filter levels with which they can define the
flow of their data traffic from the Internet into their company network or
vice versa.
Configuration
For the private addressing there are the following address ranges
available (according to RFC 1918):
- 10.0.0.0/8 to 10.255.255.255
- 172.16.0.0/12 to 172.31.255.255
- 192.168.0.0/16 to 192.168.255.255
For the port filtering there are different filter levels available.
Using our web interface at
http://my.ip-plus.net/nav.en.mpl/network customers can at any time
independently adjust their basic configuration of the service option
"Address Translation and Filtering" according to their personal
needs. The access to the web interface is password and User ID protected.
Security levels Internet -> LAN
| Services |
Ports |
Security levels |
| 0 |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
| Spoofing |
any |
x |
x |
x |
x |
x |
x |
x |
x |
| ICMP |
Ping/Traceroute Reply |
ok |
ok |
ok |
ok |
ok |
ok |
ok |
ok |
| ICMP |
Ping/Traceroute Request |
ok |
x |
x |
x |
x |
x |
x |
x |
| ICMP |
All messages |
ok |
x |
x |
x |
x |
x |
x |
x |
| Netbios |
137-139/tcp, 137-139/udp |
ok |
ok |
x |
x |
x |
x |
x |
x |
| FTP |
20/tcp, 21/tcp |
ok |
ok |
ok |
! |
x |
! |
x |
x |
| SSH |
22/tcp |
ok |
ok |
ok |
x |
x |
x |
x |
x |
| Telnet |
23/tcp |
ok |
x |
x |
x |
x |
x |
x |
x |
| Mail |
25/tcp (smtp), 110/tcp (pop3), 143/tcp (imap4), 993/tcp (imap4secure) |
ok |
ok |
ok |
ok |
ok |
x |
x |
x |
| DNS |
53/tcp, 53/udp |
ok |
ok |
ok |
ok |
x |
x |
x |
x |
| DNS IP-Plus |
53/tcp, 53/udp |
- |
- |
- |
- |
- |
- |
- |
- |
| Web |
80/tcp (http), 443/tcp (https/ssl) |
ok |
ok |
ok |
ok |
ok |
ok |
ok |
x |
| News |
119/tcp |
ok |
ok |
ok |
x |
x |
x |
x |
x |
| UDP |
0-52, 54-1023 |
ok |
ok |
ok |
x |
x |
x |
x |
x |
| UDP |
1024-65536 |
ok |
ok |
ok |
ok |
ok |
ok |
ok |
ok |
| TCP |
0-19, 24, 26-52, 54-79, 81-109, 111-118, 120-136, 140-142, 144-442, 444-992, 994-1023 |
ok |
ok |
ok |
x |
x |
x |
x |
x |
| TCP |
established 0-65536 |
x |
x |
x |
ok |
ok |
ok |
ok |
ok |
| TCP |
high ports |
ok |
ok |
ok |
x |
x |
x |
x |
x |
| x | = Service is blocked, therefore not possible |
| ok | = Service is allowed, therefore possible |
| ! | = Internet -> Lan
(FTP Server in internal Lan): Only Active FTP connections are possible
|
| = Lan -> Internet
(FTP Client in internal Lan): Only Passive FTP connections are possible
|
Security levels LAN -> Internet
| Services |
Ports |
Security levels |
| 0 |
1 |
2 |
3 |
| Spoofing |
any |
ok |
- |
- |
- |
| ICMP |
Ping/Traceroute Reply |
ok |
x |
x |
x |
| ICMP |
Ping/Traceroute Request |
ok |
ok |
x |
x |
| ICMP |
All messages |
ok |
x |
x |
x |
| Netbios |
137-139/tcp, 137-139/udp |
ok |
x |
x |
x |
| FTP |
20/tcp, 21/tcp |
ok |
ok |
x |
x |
| SSH |
22/tcp |
ok |
ok |
x |
x |
| Telnet |
23/tcp |
ok |
ok |
x |
x |
| Mail |
25/tcp (smtp), 110/tcp (pop3), 143/tcp (imap4), 993/tcp (imap4secure) |
ok |
ok |
ok |
x |
| DNS |
53/tcp, 53/udp |
ok |
x |
x |
x |
| DNS IP-Plus |
53/tcp, 53/udp |
ok |
ok |
ok |
ok |
| Web |
80/tcp (http), 443/tcp (https/ssl) |
ok |
ok |
ok |
ok |
| News |
119/tcp |
ok |
ok |
x |
x |
| UDP |
0-52, 54-1023 |
ok |
x |
x |
x |
| UDP |
1024-65536 |
ok |
x |
x |
x |
| TCP |
0-19, 24, 26-52, 54-79, 81-109, 111-118, 120-136, 140-142, 144-442, 444-992, 994-1023 |
ok |
x |
x |
x |
| TCP |
established 0-65536 |
ok |
x |
x |
x |
| TCP |
high ports |
ok |
ok |
ok |
ok |
| x | = Service is blocked, therefore not possible |
| ok | = Service is allowed, therefore possible
|
Prices
The following prices apply for this service option:
| One time installation costs |
none |
| Monthly recurring costs |
CHF 79.00 |
All prices without VAT or any other taxes.
Information
For further information on the service option "Address Translation and Filtering" please
contact your local Swisscom sales representative or call 0800 800 900.
|
