Firewall traffic rules: Difference between revisions
no edit summary
m (Fixed to fit.) |
No edit summary |
||
| Line 36: | Line 36: | ||
===Allow a single host to access a web server in WAN.=== | ===Allow a single host to access a web server in WAN.=== | ||
---- | |||
<br>Let’s imagine that we would like to restrict traffic for this LAN network (192.168.1.0/24) and only one host needs to have access to the web server (185.11.24.37) on the internet. To achieve this, traffic rules could be configured. | <br>Let’s imagine that we would like to restrict traffic for this LAN network (192.168.1.0/24) and only one host needs to have access to the web server (185.11.24.37) on the internet. To achieve this, traffic rules could be configured. | ||
| Line 113: | Line 114: | ||
===Opening a port on the device.=== | ===Opening a port on the device.=== | ||
---- | |||
To open a port on the device for WAN: | To open a port on the device for WAN: | ||
* In the add type field select the '''‘Open ports on router’''' option. | * In the add type field select the '''‘Open ports on router’''' option. | ||
| Line 133: | Line 135: | ||
===Open ports on the device for a specific LAN host.=== | ===Open ports on the device for a specific LAN host.=== | ||
---- | |||
To open a port for only one host on LAN you would need to create 2 traffic rules. One rule to block LAN traffic from accessing the port on device, and the second rule to allow only a single host to access that port. Both rules have similarities. The steps below describe how to create and configure both rules with differences mentioned. | To open a port for only one host on LAN you would need to create 2 traffic rules. One rule to block LAN traffic from accessing the port on device, and the second rule to allow only a single host to access that port. Both rules have similarities. The steps below describe how to create and configure both rules with differences mentioned. | ||
| Line 185: | Line 187: | ||
===Allow to remotely access the WebUI.=== | ===Allow to remotely access the WebUI.=== | ||
---- | |||
By default, all the traffic from WAN to the router is rejected. A traffic rule can be configured to allow a specific IP address to access the WebUI of the router. It is a bad practice to allow all devices on the internet to be able to connect to the router, so only a single IP address will be able to do that in this example. | By default, all the traffic from WAN to the router is rejected. A traffic rule can be configured to allow a specific IP address to access the WebUI of the router. It is a bad practice to allow all devices on the internet to be able to connect to the router, so only a single IP address will be able to do that in this example. | ||
| Line 220: | Line 222: | ||
===Block LAN network from accessing WAN on selected ports.=== | ===Block LAN network from accessing WAN on selected ports.=== | ||
---- | |||
In this scenario devices on the '''LAN''' will not be able to send traffic to '''WAN''' on selected ports.<br> | In this scenario devices on the '''LAN''' will not be able to send traffic to '''WAN''' on selected ports.<br> | ||
* In the '''‘Add type’''' field choose '''‘Add new forward rule’'''. | * In the '''‘Add type’''' field choose '''‘Add new forward rule’'''. | ||
| Line 248: | Line 251: | ||
In this scenario, the traffic coming from the '''LAN''' devices to '''WAN''' on any port from a range of '''1500-1700''' will be dropped. The '''‘Discard forward’''' indicates the action (drop). The slider on the right side shows that the rule is enabled.<br> | In this scenario, the traffic coming from the '''LAN''' devices to '''WAN''' on any port from a range of '''1500-1700''' will be dropped. The '''‘Discard forward’''' indicates the action (drop). The slider on the right side shows that the rule is enabled.<br> | ||
===Block specific host on the LAN from accessing WAN on certain times.=== | ===Block specific host on the LAN from accessing WAN on certain times.=== | ||
---- | |||
In this scenario, a specific PC will not be able to send traffic to '''WAN''' during specified time periods. To block a certain PC, a '''MAC''' address is used. This is an address of a physical device and can belong to that device only. This is opposed to IP addresses, which can be easily changed.<br> | In this scenario, a specific PC will not be able to send traffic to '''WAN''' during specified time periods. To block a certain PC, a '''MAC''' address is used. This is an address of a physical device and can belong to that device only. This is opposed to IP addresses, which can be easily changed.<br> | ||
* In the '''‘Add type’''' field choose '''‘Add new forward rule’'''. | * In the '''‘Add type’''' field choose '''‘Add new forward rule’'''. | ||