IPX Routing
IPX Routing |
|
The Windows 2000 Router IPX packet filtering is based on exceptions. You can either configure the Windows 2000 Router to pass all IPX traffic except those disallowed by filters or to discard all IPX traffic except those allowed by filters. For example, you might want to set up output filters to forward all traffic except for SAP advertisements. Or, you might want to set up an input filter on a dedicated SQL server to disregard all but SQL-based Sequenced Packet Exchange (SPX) traffic.
The Windows 2000 Router allows configuration of IPX filters based on the following fields:
Note
Both the Source and Destination Network numbers can be configured with a network mask allowing a range of IPX network numbers to be specified with a single filter entry. To determine whether the network number of an IPX packet matches the filter, the Windows 2000 Router uses AND to combine the Network Mask and the network number in the IPX packet and compares the result to the filter network number. The digit 0 can be used as a wildcard for a hexadecimal digit and F for a specific hexadecimal digit.
You can configure IPX input or output filtering by selecting a filter action and adding a series of filters using the IPX Packet Filters Configuration dialog box, as shown in Figure 5.4.
Figure 5.4 IPX Packet Filters Configuration Dialog Box
Note
You cannot configure separate active filters for Receive all packets except those that meet the criteria below and Drop all packets except those that meet the criteria below.
You can specify the parameters of an input or output filter using the Add IPX Filter or Edit IPX Filter dialog box shown in Figure 5.5. If multiple parameters are configured, the logical operation, AND, combines the parameters of the filter during the filtering process. For example, if the Packet Type and Destination Socket are specified in the filter, the IPX packet passes the filter if both the IPX packet's Packet Type and its Destination Socket match those of the filter.
Note
All numbers in the Add IPX Filter or Edit IPX Filter dialog box shown in Figure 5.5 are entered in hexadecimal.
Figure 5.5 Add IPX Filter Dialog Box
The following two sample IPX filters provide examples of IPX filtering scenarios and the implementation of IPX filtering using the fields in the Add IPX Filter or Edit IPX Filter dialog box. These examples are provided to illustrate how IPX filters are configured, not as a recommendation of specific IPX filtering for your network.
To configure an IPX input filter using the network mask (Example)
To allow only the processing of received IPX packets with the Destination Network number starting with the hexadecimal digits AB, configure the input filter as follows:
This filter uses the network mask to express a range of IPX network numbers from AB000000 to ABFFFFFF.
To configure an IPX output filter using the network mask (Example)
To prevent the transmission or forwarding of all IPX traffic from the Source Network number of CC000001, configure the output filter as follows:
This filter uses the network mask to express the single IPX network number CC000001.
Note
The network mask in the Add IPX Filter or Edit IPX Filter dialog box is used only as an administrative convenience to express a range of IPX network IDs. This does not mean that the Windows 2000 Router is implementing a subnetting scheme for IPX internetworks. RIP for IPX internetworks use a flat network addressing space and do not support subnetting or route summarization.
