1,108
edits
Changes
no edit summary
===Allow a single host to access a web server in WAN.===
===Allow a single host to access a web server in WAN.===
----
<br>Let’s imagine that we would like to restrict traffic for this LAN network (192.168.1.0/24) and only one host needs to have access to the web server (185.11.24.37) on the internet. To achieve this, traffic rules could be configured.
<br>Let’s imagine that we would like to restrict traffic for this LAN network (192.168.1.0/24) and only one host needs to have access to the web server (185.11.24.37) on the internet. To achieve this, traffic rules could be configured.
===Opening a port on the device.===
===Opening a port on the device.===
----
To open a port on the device for WAN:
To open a port on the device for WAN:
* In the add type field select the '''‘Open ports on router’''' option.
* In the add type field select the '''‘Open ports on router’''' option.
===Open ports on the device for a specific LAN host.===
===Open ports on the device for a specific LAN host.===
----
To open a port for only one host on LAN you would need to create 2 traffic rules. One rule to block LAN traffic from accessing the port on device, and the second rule to allow only a single host to access that port. Both rules have similarities. The steps below describe how to create and configure both rules with differences mentioned.
To open a port for only one host on LAN you would need to create 2 traffic rules. One rule to block LAN traffic from accessing the port on device, and the second rule to allow only a single host to access that port. Both rules have similarities. The steps below describe how to create and configure both rules with differences mentioned.
===Allow to remotely access the WebUI.===
===Allow to remotely access the WebUI.===
----
By default, all the traffic from WAN to the router is rejected. A traffic rule can be configured to allow a specific IP address to access the WebUI of the router. It is a bad practice to allow all devices on the internet to be able to connect to the router, so only a single IP address will be able to do that in this example.
By default, all the traffic from WAN to the router is rejected. A traffic rule can be configured to allow a specific IP address to access the WebUI of the router. It is a bad practice to allow all devices on the internet to be able to connect to the router, so only a single IP address will be able to do that in this example.
===Block LAN network from accessing WAN on selected ports.===
===Block LAN network from accessing WAN on selected ports.===
----
In this scenario devices on the '''LAN''' will not be able to send traffic to '''WAN''' on selected ports.<br>
In this scenario devices on the '''LAN''' will not be able to send traffic to '''WAN''' on selected ports.<br>
* In the '''‘Add type’''' field choose '''‘Add new forward rule’'''.
* In the '''‘Add type’''' field choose '''‘Add new forward rule’'''.
In this scenario, the traffic coming from the '''LAN''' devices to '''WAN''' on any port from a range of '''1500-1700''' will be dropped. The '''‘Discard forward’''' indicates the action (drop). The slider on the right side shows that the rule is enabled.<br>
In this scenario, the traffic coming from the '''LAN''' devices to '''WAN''' on any port from a range of '''1500-1700''' will be dropped. The '''‘Discard forward’''' indicates the action (drop). The slider on the right side shows that the rule is enabled.<br>
===Block specific host on the LAN from accessing WAN on certain times.===
===Block specific host on the LAN from accessing WAN on certain times.===
----
In this scenario, a specific PC will not be able to send traffic to '''WAN''' during specified time periods. To block a certain PC, a '''MAC''' address is used. This is an address of a physical device and can belong to that device only. This is opposed to IP addresses, which can be easily changed.<br>
In this scenario, a specific PC will not be able to send traffic to '''WAN''' during specified time periods. To block a certain PC, a '''MAC''' address is used. This is an address of a physical device and can belong to that device only. This is opposed to IP addresses, which can be easily changed.<br>
* In the '''‘Add type’''' field choose '''‘Add new forward rule’'''.
* In the '''‘Add type’''' field choose '''‘Add new forward rule’'''.