Changes

RUT230 Firewall (view source)

Revision as of 10:57, 7 December 2018

12,697 bytes added ,  10:57, 7 December 2018
m
Reverted edits by Audronė (talk) to last revision by Dziugas
Line 11: Line 11:       −
<table class="nd-mantable">
+
{| class="wikitable"
    <tr>
+
|+
        <th>field name</th>
+
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | FIELD NAME
      <th>value</th>
+
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | VALUE
      <th>description</th>
+
! style="width: 579px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | DESCRIPTION
    </tr>
+
|-
    <tr>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Drop invalid packets
      <td>Drop invalid packets</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''no'''
      <td>yes {{!}} no; Default: '''no'''</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | A “Drop” action is performed on a packet that is determined to be invalid
      <td>A “Drop” action is performed on a packet that is determined to be invalid</td>
+
|-
    </tr>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Input
    <tr>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Reject {{!}} Drop {{!}} Accept; Default: '''Accept'''
      <td>Input</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Action<span style="color: #0054A6;">'''*'''</span> that is to be performed for packets that pass through the Input chain
      <td>Reject {{!}} Drop {{!}} Accept; Default: '''Accept'''</td>
+
|-
      <td>Action<span style="color: #0054A6;">'''*'''</span> that is to be performed for packets that pass through the Input chain</td>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Output
    </tr>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Reject {{!}} Drop {{!}} Accept; Default: '''Accept'''
    <tr>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Action<span style="color: #0054A6;">'''*'''</span> that is to be performed for packets that pass through the Output chain
    <td>Output</td>
+
|-
        <td>Reject {{!}} Drop {{!}} Accept; Default: '''Accept'''</td>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Forward
        <td>Action<span style="color: #0054A6;">'''*'''</span> that is to be performed for packets that pass through the Output chain</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Reject {{!}} Drop {{!}} Accept; Default: '''Reject'''
    </tr>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Action<span style="color: #0054A6;">'''*'''</span> that is to be performed for packets that pass through the Forward chain
    <tr>
+
|-
    <td>Forward</td>
+
|}
        <td>Reject {{!}} Drop {{!}} Accept; Default: '''Reject'''</td>
  −
        <td>Action<span style="color: #0054A6;">'''*'''</span> that is to be performed for packets that pass through the Forward chain</td>
  −
    </tr>
  −
</table>
   
'''*When a packet goes through a firewall chain it is matched against all the rules of that specific chain. If no rule matches said packet, an according Action (Drop, Reject or Accept) is performed'''
 
'''*When a packet goes through a firewall chain it is matched against all the rules of that specific chain. If no rule matches said packet, an according Action (Drop, Reject or Accept) is performed'''
   Line 54: Line 50:       −
<table class="nd-mantable">
+
{| class="wikitable"
    <tr>
+
|+
        <th>field name</th>
+
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | FIELD NAME
      <th>value</th>
+
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | VALUE
      <th>description</th>
+
! style="width: 579px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | DESCRIPTION
    </tr>
+
|-
    <tr>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Source zone
      <td>Source zone</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''no'''
      <td>yes {{!}} no; Default: '''no'''</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Toggles DMZ On or Off
      <td>Toggles DMZ On or Off</td>
+
|-
    </tr>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | DMZ host IP address
    <tr>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | ip; Default: " "
      <td>DMZ host IP address</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Internal host to which the DMZ rule will be applied  
      <td>ip; Default: " "</td>
+
|-
      <td>Internal host to which the DMZ rule will be applied </td>
+
|}
    </tr>
  −
</table>
      
===Zone Forwarding===
 
===Zone Forwarding===
Line 80: Line 74:       −
<table class="nd-mantable">
+
{| class="wikitable"
    <tr>
+
|+
        <th>field name</th>
+
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | FIELD NAME
      <th>value</th>
+
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | VALUE
      <th>description</th>
+
! style="width: 579px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | DESCRIPTION
    </tr>
+
|-
    <tr>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Source zone
      <td>Source zone</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | <span style="background:#9DB6BA"> gre: gre tunnel </span>  |  <span style="background:#FD9589"> hotspot: </span>  {{!}}  <span style="background:#CEF58F"> l2tp: l2tp </span>  {{!}}  <span style="background:#9BEAC3"> pptp: pptp </span>  {{!}}  <span style="background:#96EBE8"> vpn: openvpn </span>  {{!}}  <span style="background:#D0E1EF"> wan: ppp </span>  {{!}}  <span style="background:#DDDDDD"> lan: lan </span>
      <td><span style="background:#9DB6BA"> gre: gre tunnel </span>  |  <span style="background:#FD9589"> hotspot: </span>  {{!}}  <span style="background:#CEF58F"> l2tp: l2tp </span>  {{!}}  <span style="background:#9BEAC3"> pptp: pptp </span>  {{!}}  <span style="background:#96EBE8"> vpn: openvpn </span>  {{!}}  <span style="background:#D0E1EF"> wan: ppp </span>  {{!}}  <span style="background:#DDDDDD"> lan: lan </span></td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | The source zone from which data packets will redirected from
      <td>The source zone from which data packets will redirected from</td>
+
|-
    </tr>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Destination zones
    <tr>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | <span style="background:#9DB6BA"> gre: gre tunnel </span>  |  <span style="background:#FD9589"> hotspot: </span>  {{!}}  <span style="background:#CEF58F"> l2tp: l2tp </span>  {{!}}  <span style="background:#9BEAC3"> pptp: pptp </span>  {{!}}  <span style="background:#96EBE8"> vpn: openvpn </span>  {{!}}  <span style="background:#D0E1EF"> wan: ppp </span>  {{!}}  <span style="background:#DDDDDD"> lan: lan </span>
      <td>Destination zones</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | The destination zone to which data packets will be redirected to
      <td><span style="background:#9DB6BA"> gre: gre tunnel </span>  |  <span style="background:#FD9589"> hotspot: </span>  {{!}}  <span style="background:#CEF58F"> l2tp: l2tp </span>  {{!}}  <span style="background:#9BEAC3"> pptp: pptp </span>  {{!}}  <span style="background:#96EBE8"> vpn: openvpn </span>  {{!}}  <span style="background:#D0E1EF"> wan: ppp </span>  {{!}}  <span style="background:#DDDDDD"> lan: lan </span></td>
+
|-
      <td>The destination zone to which data packets will be redirected to</td>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Default forwarding action
    </tr>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Reject {{!}} Drop {{!}} Accept
    <tr>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Action to be performed with the redirected packets  
    <td>Default forwarding action</td>
+
|-
        <td>Reject {{!}} Drop {{!}} Accept</td>
+
|}
        <td>Action to be performed with the redirected packets </td>
  −
    </tr>
  −
</table>
      
==Port Forwarding==
 
==Port Forwarding==
Line 116: Line 107:  
[[Image:Network firewall port forwarding new.PNG]]
 
[[Image:Network firewall port forwarding new.PNG]]
   −
<table class="nd-mantable">
+
{| class="wikitable"
    <tr>
+
|+
        <th>field name</th>
+
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | FIELD NAME
      <th>value</th>
+
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | VALUE
      <th>description</th>
+
! style="width: 579px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | DESCRIPTION
    </tr>
+
|-
    <tr>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Name
      <td>Name</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | string; Default: " "
      <td>string; Default: " "</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Name of the rule, used purely for easier management purposes
      <td>Name of the rule, used purely for easier management purposes</td>
+
|-
    </tr>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Protocol
    <tr>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | TCP+UDP {{!}} TCP {{!}} UDP {{!}} ICMP {{!}} -- custom --; Default: '''TCP+UDP'''
      <td>Protocol</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Type of protocol of incoming packet
      <td>TCP+UDP {{!}} TCP {{!}} UDP {{!}} ICMP {{!}} -- custom --; Default: '''TCP+UDP'''</td>
+
|-
      <td>Type of protocol of incoming packet</td>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | External port
    </tr>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer [0..65535] {{!}} range of integers [0..65534] - [1..65535]; Default: " "
    <tr>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Traffic will be forwarded from this port on the WAN network
    <td>External port</td>
+
|-
        <td>integer [0..65535] {{!}} range of integers [0..65534] - [1..65535]; Default: " "</td>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Internal IP address
        <td>Traffic will be forwarded from this port on the WAN network</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | ip; Default: " "
    </tr>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | The IP address of the internal machine that hosts some service that you want to access from the outside
    <tr>
+
|-
    <td>Internal IP address</td>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Internal port
        <td>ip; Default: " "</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer [0..65535] {{!}} range of integers [0..65534] - [1..65535]; Default: " "
        <td>The IP address of the internal machine that hosts some service that you want to access from the outside</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | The rule will redirect the traffic to this port on the internal machine
    </tr>
+
|-
    <tr>
+
|}
    <td>Internal port</td>
  −
        <td>integer [0..65535] {{!}} range of integers [0..65534] - [1..65535]; Default: " "</td>
  −
        <td>The rule will redirect the traffic to this port on the internal machine</td>
  −
    </tr>
  −
</table>
      
Once you have submitted the required information, click the '''Add''' button located in the New Port Forward Rule tab.
 
Once you have submitted the required information, click the '''Add''' button located in the New Port Forward Rule tab.
Line 159: Line 145:       −
<table class="nd-mantable">
+
{| class="wikitable"
    <tr>
+
|+
        <th>field name</th>
+
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | FIELD NAME
      <th>value</th>
+
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | VALUE
      <th>description</th>
+
! style="width: 579px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | DESCRIPTION
    </tr>
+
|-
    <tr>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Enable
      <td>Enable</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''no'''
      <td>yes {{!}} no; Default: '''no'''</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Toggles a rule ON or OFF
      <td>Toggles a rule ON or OFF</td>
+
|-
    </tr>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Name
    <tr>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | string; Default: " "
      <td>Name</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | The name of the rule. This is used for easier management purposes
      <td>string; Default: " "</td>
+
|-
      <td>The name of the rule. This is used for easier management purposes </td>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Protocol
    </tr>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | TCP+UDP {{!}} TCP {{!}} UDP {{!}} ICMP {{!}} -- custom --; Default: '''TCP+UDP'''
    <tr>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Specifies to which protocols the rule should apply
    <td>Protocol</td>
+
|-
        <td>TCP+UDP {{!}} TCP {{!}} UDP {{!}} ICMP {{!}} -- custom --; Default: '''TCP+UDP'''</td>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Source zone
        <td>Specifies to which protocols the rule should apply </td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | <span style="background:#9DB6BA"> gre: gre tunnel </span> <span style="background:#FD9589"> hotspot: </span> {{!}} <span style="background:#CEF58F"> l2tp: l2tp </span> {{!}}  <span style="background:#9BEAC3"> pptp: pptp </span> {{!}}  <span style="background:#96EBE8"> vpn: openvpn </span> {{!}}  <span style="background:#D0E1EF"> wan: ppp </span> {{!}}  <span style="background:#DDDDDD"> lan: lan </span> ; Default: '''<span style="background:#DDDDDD"> wan: ppp </span>'''
    </tr>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | The source zone from which data packets will redirected from
    <tr>
+
|-
    <td>Source zone</td>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Source MAC address
        <td><span style="background:#9DB6BA"> gre: gre tunnel </span>  | <span style="background:#FD9589"> hotspot: </span>  {{!}}  <span style="background:#CEF58F"> l2tp: l2tp </span>  {{!}}  <span style="background:#9BEAC3"> pptp: pptp </span>  {{!}}  <span style="background:#96EBE8"> vpn: openvpn </span>  {{!}}  <span style="background:#D0E1EF"> wan: ppp </span>  {{!}}  <span style="background:#DDDDDD"> lan: lan </span> ; Default: '''<span style="background:#DDDDDD"> wan: ppp </span>'''</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | mac; Default: " "
        <td>The source zone from which data packets will redirected from</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Matches incoming traffic from these MACs only
    </tr>
+
|-
    <tr>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Source IP address
      <td>Source MAC address</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | ip; Default: " "
      <td>mac; Default: " "</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Matches incoming traffic from this IP or range of IPs only
      <td>Matches incoming traffic from these MACs only</td>
+
|-
    </tr>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Source port
    <tr>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer [0..65535] {{!}} range of integers [0..65534] - [1..65535]; Default: " "
      <td>Source IP address</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Matches incoming traffic originating from the given source port or port range on the client host only
      <td>ip; Default: " "</td>
+
|-
      <td>Matches incoming traffic from this IP or range of IPs only</td>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | External IP address
    </tr>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | ip; Default: " "
    <tr>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Matches incoming traffic directed at the given IP address only
    <td>Source port</td>
+
|-
        <td>integer [0..65535] {{!}} range of integers [0..65534] - [1..65535]; Default: " "</td>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | External port
        <td>Matches incoming traffic originating from the given source port or port range on the client host only</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer [0..65535] {{!}} range of integers [0..65534] - [1..65535]; Default: " "
    </tr>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Specifies the external port, i.e., the port from which the third party is connecting
    <tr>
+
|-
    <td>External IP address</td>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Internal zone
        <td>ip; Default: " "</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | <span style="background:#9DB6BA"> gre: gre tunnel </span>  |  <span style="background:#FD9589"> hotspot: </span>  {{!}}  <span style="background:#CEF58F"> l2tp: l2tp </span>  {{!}}  <span style="background:#9BEAC3"> pptp: pptp </span>  {{!}}  <span style="background:#96EBE8"> vpn: openvpn </span>  {{!}}  <span style="background:#D0E1EF"> wan: ppp </span>  {{!}}  <span style="background:#DDDDDD"> lan: lan </span> ; Default: '''<span style="background:#DDDDDD"> lan: lan </span>'''
        <td>Matches incoming traffic directed at the given IP address only</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Specifies the internal zone, i.e., the zone where the incoming connection will be redirected to
    </tr>
+
|-
    <tr>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Internal IP address
      <td>External port</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | ip; Default: " "
      <td>integer [0..65535] {{!}} range of integers [0..65534] - [1..65535]; Default: " "</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Specifies the internal IP address, i.e., the IP address to which the incoming connection will be redirected to
      <td>Specifies the external port, i.e., the port from which the third party is connecting </td>
+
|-
    </tr>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Internal port
    <tr>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | integer [0..65535] {{!}} range of integers [0..65534] - [1..65535]; Default: " "
      <td>Internal zone</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Specifies the internal port, i.e., the port to which the incoming connection will be redirected to
      <td><span style="background:#9DB6BA"> gre: gre tunnel </span>  |  <span style="background:#FD9589"> hotspot: </span>  {{!}}  <span style="background:#CEF58F"> l2tp: l2tp </span>  {{!}}  <span style="background:#9BEAC3"> pptp: pptp </span>  {{!}}  <span style="background:#96EBE8"> vpn: openvpn </span>  {{!}}  <span style="background:#D0E1EF"> wan: ppp </span>  {{!}}  <span style="background:#DDDDDD"> lan: lan </span> ; Default: '''<span style="background:#DDDDDD"> lan: lan </span>'''</td>
+
|-
      <td>Specifies the internal zone, i.e., the zone where the incoming connection will be redirected to</td>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Enable NAT loopback
    </tr>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | yes {{!}} no; Default: '''no'''
    <tr>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | NAT loopback enables your local network (i.e., behind your router/modem) to connect to a forward-facing IP address (such as 208.112.93.73) of a machine that it also on your local network
    <td>Internal IP address</td>
+
|-
        <td>ip; Default: " "</td>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Extra arguments
        <td>Specifies the internal IP address, i.e., the IP address to which the incoming connection will be redirected to</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | string; Default: " "
    </tr>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Passes additional arguments to iptables. '''Use with care!'''
    <tr>
+
|-
    <td>Internal port</td>
+
|}
        <td>integer [0..65535] {{!}} range of integers [0..65534] - [1..65535]; Default: " "</td>
  −
        <td>Specifies the internal port, i.e., the port to which the incoming connection will be redirected to</td>
  −
    </tr>
  −
    <tr>
  −
    <td>Enable NAT loopback</td>
  −
        <td>yes {{!}} no; Default: '''no'''</td>
  −
        <td>NAT loopback enables your local network (i.e., behind your router/modem) to connect to a forward-facing IP address (such as  208.112.93.73) of a machine that it also on your local network </td>
  −
    </tr>
  −
    <tr>
  −
    <td>Extra arguments</td>
  −
        <td>string; Default: " "</td>
  −
        <td>Passes additional arguments to iptables. '''Use with care!'''</td>
  −
    </tr>
  −
</table>
      
==Traffic Rules==
 
==Traffic Rules==
Line 245: Line 217:       −
<table class="nd-othertables">
+
{| class="wikitable"
    <tr>
+
|+
        <th style="width: 250px">FIELD NAME</th>
+
! style="width: 250px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | FIELD NAME
      <th style="width: 1450px">DESCRIPTION</th>
+
! style="width: 1450px; border: 1px solid white; border-bottom: 2px solid #0054A6; background: white; color: #0054A6; text-align: left;" | DESCRIPTION
    </tr>
+
|-
    <tr>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Name
      <td>Name</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Name of the rule, used purely for easier management purposes
      <td>Name of the rule, used purely for easier management purposes</td>
+
|-
    </tr>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Protocol
    <tr>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Type of protocol of incoming packet
      <td>Protocol</td>
+
|-
      <td>Type of protocol of incoming packet</td>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Source
    </tr>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | The source zone from which data packets will redirected from
    <tr>
+
|-
    <td>Source</td>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Destination
        <td>The source zone from which data packets will redirected from</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Redirect matched traffic to the given IP address and destination port
    </tr>
+
|-
    <tr>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Action
    <td>Destination</td>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Action to be performed with the packet if it matches the rule
        <td>Redirect matched traffic to the given IP address and destination port</td>
+
|-
    </tr>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Enable
    <tr>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Toggles the rule ON or OFF. If unchecked, the rule will not be deleted, but it also will not be loaded into the firewall
    <td>Action</td>
+
|-
        <td>Action to be performed with the packet if it matches the rule</td>
+
! style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | Sort
    </tr>
+
| style="border: 1px solid white; border-bottom: 2px solid #E8E8E8; text-align: left; vertical-align: top; background: white;" | When a packet arrives, it gets checked for a matching rule. If there are several matching rules, only the first one is applied, i.e., the order of the rule list impacts how your firewall operates, therefore you are given the ability to sort your list however you deem fit
    <tr>
+
|-
    <td>Enable</td>
+
|}
        <td>Toggles the rule ON or OFF. If unchecked, the rule will not be deleted, but it also will not be loaded into the firewall</td>
+
 
    </tr>
+
===Traffic Rule Configuration===
    <tr>
+
----
    <td>Sort</td>
+
To customize a Traffic Rule, click the '''Edit''' button located next to it. This way you can fine tune a rule to near perfection, if you should desire that. The figure below is an example of the "Allow-DHCP-Relay" default rule editing. All rules are configured in an identical manner but with different settings.
        <td>When a packet arrives, it gets checked for a matching rule. If there are several matching rules, only the first one is applied, i.e., the order of the rule list impacts how your firewall operates, therefore you are given the ability to sort your list however you deem fit</td>
  −
    </tr>
  −
</table>
       
Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/24473"

Navigation menu