FreshTomato Wiki

User Tools

Site Tools

Trace:
advanced-access

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
advanced-access [2023/06/05 02:04] – [LAN Access] hogwildadvanced-access [2023/09/12 17:16] – [LAN Access Notes] -add note that table entries only permit traffic in one direction hogwild
Line 7: Line 7:
 For example, let's say we have two LANs, one primary (LAN0/br0) and one secondary (LAN1/br1). For example, let's say we have two LANs, one primary (LAN0/br0) and one secondary (LAN1/br1).
  
-If we want devices on LAN0 to  will be able to communicate with devices on LAN1 (and vice versa), we might use these settings:+If you want devices on LAN0 to be able to communicate with devices on LAN1 (and vice versa), you might use these settings:
  
  \\  \\
Line 33: Line 33:
  
 Regardless of LAN Access rules, by default a LANx device is able to reach (e.g. ping) all the router's LAN interfaces (only). This is by design. Regardless of LAN Access rules, by default a LANx device is able to reach (e.g. ping) all the router's LAN interfaces (only). This is by design.
 +
 +All entries in the LAN Access table are one-way only. So, if you want hosts on LAN0 to be able to communicate with hosts on LAN1,
 +you must create have entries in the table to achieve that. One allowing traffic from LAN0 to LAN1 and another allowing traffic from LAN1 to LAN0. 
 + 
 +LAN Access is an IP-level access control. This means that **all ports/protocols are automatically enabled**. If additional fine tuning is required (for example, you wanted to allow only allow port 80/TCP) you will need to manually configure settings instead.
 +
 + \\
 +
 + \\
  
  
advanced-access.txt · Last modified: 2023/09/12 17:20 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki