92
edits
Changes
RUTX12 Traffic control with Firewall WANzone Splitting (view source)
Revision as of 12:09, 15 September 2023
, 12:09, 15 September 2023no edit summary
==Introduction==
==Introduction==
This article contains instructions on how to configure mobile SIM traffic effectively, The configuration ensures that when SIM1 is active, it provides internet connectivity to all end devices. However, when SIM2 is being used, the configuration should impose restrictions on the traffic flow from PC2 and only traffic from.
This article contains instructions on how to configure mobile SIM traffic effectively, The configuration ensures that when SIM1 is active, it provides internet connectivity to all end devices. However, when SIM2 is being used, the configuration should impose restrictions on the traffic flow from PC2 and only traffic from.
[[File:Topology..png|border|center|class=tlt-border]]
==Prerequisites==
==Prerequisites==
For this configuration you will need:
For this configuration you will need:
To establish the traffic rule according to the zones you've set up, follow these steps '''Navigate to Network –> Firewall -> Traffic Rule''' to begin creating the rule. Create and set up the rule to enable the host's access to the web server.
To establish the traffic rule according to the zones you've set up, follow these steps '''Navigate to Network –> Firewall -> Traffic Rule''' to begin creating the rule. Create and set up the rule to enable the host's access to the web server.
* In the '''<nowiki/>'Add type'''' field, select 'Add new forward rule'.
* In the '''<nowiki/>'''Add type field, select '''<nowiki/>'Add new forward rule''''.
* Assign a '''Name''' of your choosing to this rule.
* Assign a Name of your choosing to this rule.
* Choose "'''LAN'''" as the source zone.
* Choose "'''LAN'''" as the source zone.
* Select "'''WAN'''" as the destination zone.
* Select "'''WAN2'''" as the destination zone.
* Click the 'Add' button to confirm and add the rule.
* Click the ''''Add'''<nowiki/>' button to confirm and add the rule.
[[File:Add NewInstance.png|center|class=tlt-border|alt=|border]]
[[File:Add new Instance.png|border|center|class=tlt-border]]
=== Specify the source zone ===
=== Specify the source zone ===
Upon clicking '''<nowiki/>'Add'''' in the previous step, a new window will appear, enabling you to define additional configurations.
Upon clicking '''<nowiki/>'Add'''' in the previous step, a new window will appear, enabling you to define additional configurations.
* Specify the source zone for which the SIM Interface is intended. In the provided instance, this would be '''SIM2''' labelled as "'''mob2s1a1'''".
* Source zone change to "'''WAN2:mob1s2a1"'''
* Specify the source zone for which the SIM Interface is intended. In the provided instance, this would be '''SIM2''' labelled as "'''mob1s2a1'''".
* Choose the '''MAC address''' associated with the host to which the rule is to be applied in the source MAC address section. If needed, you can input a custom MAC address.
* Choose the '''MAC address''' associated with the host to which the rule is to be applied in the source MAC address section. If needed, you can input a custom MAC address.
* Input the '''IP address''' of the host in the source IP address field.
* Input the '''IP address''' of the host in the source IP address field.
* Within the action field, opt for '''<nowiki/>'Accept''''.
* Within the action field, opt for '''<nowiki/>'Reject''''.
* Click on '''<nowiki/>'Save and Apply''''.
* Click on '''<nowiki/>'Save and Apply''''.
[[File:FirewallTraffic Rule.png|border|center|class=tlt-border]]
== Testing the configuration ==
If you have followed all the provided steps to test the firewall traffic rules and verify the configuration, here is the revised description:
# Initially, ensure that your router's WAN is connected to SIM1.
# From PC1, access the web UI and navigate to "Service" -> "CLI."
# Log in using the username "root" and the router's admin password.
# In the CLI, ping the IP address 8.8.8.8. If you receive a response, it confirms that internet connectivity is established through SIM1 mobile connectivity on PC1.
# Perform the same procedure on PC2 by logging into the CLI and pinging the IP address 8.8.8.8. If you receive a response, it also confirms that internet connectivity is established via SIM1 on PC2.
Next, switch the router's WAN connection to SIM2 and conduct the following tests:
# Ping 8.8.8.8 from PC1. After logging into the CLI and pinging the IP address 8.8.8.8 If you receive a response, it indicates that SIM2 has internet connectivity.
# Ping 8.8.8.8 from PC2. when pinging the IP address 8.8.8.8 from PC2 and If you experience 100% packet loss, it means that PC2 does not have internet connectivity via SIM2.
These tests serve to validate the functionality of the firewall rules and the connectivity of the router's WAN connections.
[[File:Testing Traffic rules.png|border|center|class=tlt-border]]
You can specify additional settings as you wish. For example, you can set times when this rule should apply. This way, the host will be able to access the web server only at certain times.
You can specify additional settings as you wish. For example, you can set times when this rule should apply. This way, the host will be able to access the web server only at certain times.