5.1 Firewall Settings
The router firewall controls the forward packet streams from incoming network interfaces to outgoing network interfaces.
Firewall rules add another layer of granularity to what is allowed to be forwarded across interfaces and additionally which packets are allowed to be inputted and outputted.
5.1.1 - Firewall Zones
The firewall can collect interfaces into zones to filter traffic logically. A zone can be configured to any set of interfaces. This simplifies the firewall rule logic somewhat by conceptually grouping the interfaces:
A rule for a packet originating in a zone must be entering the router on one of the zone's interfaces,
A rule for a packet being forwarded to a zone must be exiting the router on one of the zone's interfaces.
After accessing the router, go to Network
> Firewall
to enter the Firewall - Zone Settings
.The SYN-flood protection
is enabled by default. You can use the below default firewall zone settings in most of the conditions.
5.1.2 - Port Forwards
Port forwarding is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another. Port Forwarding allows remote computers to connect the outdoor router within a private local-area network (LAN).
i. General Settings
Log in to the router, go to Network
> Firewall
.
➀ Under the tab of General Settings
, change forward to accept
.
➁ In the Zones section, change the Forward on the row of WAN from reject
to accept
.
Click Save & Apply button on the bottom right corner.
ii. Port Forwards (WAN)
Click the tab Port Forwards
to enter the configure section, on the New port forward section:
Name
: Enter the reference name. e.g.,Test
Protocol
: Select fromTCP
,UDP
, andTCP+UDP
📌 If you don't know the protocol, please choose TCP+UDP. Please select TCP or UDP if you are aware of whether it is TCP or UDP, it can effectively reduce resource consumption.
External zone
: SelectWAN
External port
: Set the port number want to access from the external network 📌 Suggest selecting the WAN port between 1025~25534. Do not use the standard ports occupied by the other services such as 23, 80, 433, 3389, 7700, 10080, etc.Internal zone
: SelectLAN
Internal IP Address
: Select from the list of connected intranet hosts 📌 If can not find the host on the list, please recheck the IP settings on the host.Internal port
: Choose the port number which needs to forward from the intranet hostClick the button
Save & Apply
The below example was forwarded localhost 192.168.30.113:80 to WAN port 1180. You can access the 80 port on the host of 192.168.30.113 from the public IP address plus port number 1180. It's NOT accessible from the router's local IP, eg. 192.168.30.1:1180.
NAT Loopback is turned on after saved a new port forward rule. It allows the intranet terminal to access the local hosts by using the public IP address of the routed external network interface. To reduce the consumption of router resources, you can click the Edit button on the saved port forward rule list to disable it.
iii. Intranet Forwards
To access another host from the router IP address, we can set up intranet forwarding base on iptables
. Go to the tab Custom Rules
, add the new iptable rules. Below is the example codes to forward 192.168.30.113:80 to router IP 192.168.30.1:1180.
iptables -t nat -A PREROUTING -d 192.168.30.1 -p tcp --dport 1180 -j DNAT --to-destination 192.168.30.113:80 iptables -t nat -A POSTROUTING -d 192.168.30.113 -p tcp --dport 80 -j SNAT --to 192.168.30.1
5.1.3 - Open New Port
After accessing the router, go to Network > Firewall > Traffic Rules: Open port on router
. You can add a new port on the router.
Name: Input name of the new port
Protocol: Choose from TCP or UDP
External port: The new port number
After input the above parameters, click the Add
button. Then click Save & Apply
button on the bottom right corner. You will find the new port on the Traffic Rules
list.
Last updated