Line 36: |
Line 36: |
| | | |
| ===Allow a single host to access a web server in WAN.=== | | ===Allow a single host to access a web server in WAN.=== |
| + | ---- |
| <br>Let’s imagine that we would like to restrict traffic for this LAN network (192.168.1.0/24) and only one host needs to have access to the web server (185.11.24.37) on the internet. To achieve this, traffic rules could be configured. | | <br>Let’s imagine that we would like to restrict traffic for this LAN network (192.168.1.0/24) and only one host needs to have access to the web server (185.11.24.37) on the internet. To achieve this, traffic rules could be configured. |
| | | |
Line 113: |
Line 114: |
| | | |
| ===Opening a port on the device.=== | | ===Opening a port on the device.=== |
| + | ---- |
| To open a port on the device for WAN: | | To open a port on the device for WAN: |
| * In the add type field select the '''‘Open ports on router’''' option. | | * In the add type field select the '''‘Open ports on router’''' option. |
Line 133: |
Line 135: |
| | | |
| ===Open ports on the device for a specific LAN host.=== | | ===Open ports on the device for a specific LAN host.=== |
− | | + | ---- |
| To open a port for only one host on LAN you would need to create 2 traffic rules. One rule to block LAN traffic from accessing the port on device, and the second rule to allow only a single host to access that port. Both rules have similarities. The steps below describe how to create and configure both rules with differences mentioned. | | To open a port for only one host on LAN you would need to create 2 traffic rules. One rule to block LAN traffic from accessing the port on device, and the second rule to allow only a single host to access that port. Both rules have similarities. The steps below describe how to create and configure both rules with differences mentioned. |
| | | |
Line 185: |
Line 187: |
| | | |
| ===Allow to remotely access the WebUI.=== | | ===Allow to remotely access the WebUI.=== |
− | | + | ---- |
| By default, all the traffic from WAN to the router is rejected. A traffic rule can be configured to allow a specific IP address to access the WebUI of the router. It is a bad practice to allow all devices on the internet to be able to connect to the router, so only a single IP address will be able to do that in this example. | | By default, all the traffic from WAN to the router is rejected. A traffic rule can be configured to allow a specific IP address to access the WebUI of the router. It is a bad practice to allow all devices on the internet to be able to connect to the router, so only a single IP address will be able to do that in this example. |
| | | |
Line 220: |
Line 222: |
| | | |
| ===Block LAN network from accessing WAN on selected ports.=== | | ===Block LAN network from accessing WAN on selected ports.=== |
| + | ---- |
| In this scenario devices on the '''LAN''' will not be able to send traffic to '''WAN''' on selected ports.<br> | | In this scenario devices on the '''LAN''' will not be able to send traffic to '''WAN''' on selected ports.<br> |
| * In the '''‘Add type’''' field choose '''‘Add new forward rule’'''. | | * In the '''‘Add type’''' field choose '''‘Add new forward rule’'''. |
Line 248: |
Line 251: |
| In this scenario, the traffic coming from the '''LAN''' devices to '''WAN''' on any port from a range of '''1500-1700''' will be dropped. The '''‘Discard forward’''' indicates the action (drop). The slider on the right side shows that the rule is enabled.<br> | | In this scenario, the traffic coming from the '''LAN''' devices to '''WAN''' on any port from a range of '''1500-1700''' will be dropped. The '''‘Discard forward’''' indicates the action (drop). The slider on the right side shows that the rule is enabled.<br> |
| ===Block specific host on the LAN from accessing WAN on certain times.=== | | ===Block specific host on the LAN from accessing WAN on certain times.=== |
| + | ---- |
| In this scenario, a specific PC will not be able to send traffic to '''WAN''' during specified time periods. To block a certain PC, a '''MAC''' address is used. This is an address of a physical device and can belong to that device only. This is opposed to IP addresses, which can be easily changed.<br> | | In this scenario, a specific PC will not be able to send traffic to '''WAN''' during specified time periods. To block a certain PC, a '''MAC''' address is used. This is an address of a physical device and can belong to that device only. This is opposed to IP addresses, which can be easily changed.<br> |
| * In the '''‘Add type’''' field choose '''‘Add new forward rule’'''. | | * In the '''‘Add type’''' field choose '''‘Add new forward rule’'''. |