FreshTomato Wiki

User Tools

Site Tools

Trace:
advanced-access

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
advanced-access [2022/01/26 18:44] rs232advanced-access [2023/09/12 17:20] – [LAN Access Notes] -clarity on unidirectional nature of rule, formatting hogwild
Line 1: Line 1:
-===== LAN Access =====+====== LAN Access ======
  
-This page allows you to define LAN to LAN traffic communication where otherwise blocked. Let'assume we have two LANs one primary (LAN0/br0) and one secondary (LAN1/br1)devices in LAN0 will be able to communicate with devices in LAN1 (and all the way around).+This page allows you to define LAN-to-LAN traffic where it otherwise would be blocked. 
 + 
 + \\ 
 + 
 +For example, let'say we have two LANsone primary (LAN0/br0) and one secondary (LAN1/br1)
 + 
 +If you want devices on LAN0 to be able to communicate with devices on LAN1 (and vice versa), you might use these settings: 
 + 
 + \\ 
 + 
 +{{:pasted:20220126-183839.png}}\\   \\ 
 + 
 +**On:** Checking this enables the rule defined on this row of the table. 
 + 
 +**Src:** This displays/allows you to configure the (Logical) Source LAN for the rule on that row of the table. 
 + 
 +**Src Address:** This (optional) field narrows the rule to a specific IP address or set of addresses within the Src interface. 
 + 
 +**Dst:** Here, you specify the (logical) Destination LAN for the rule on this row of the table. 
 + 
 +**Dst Address: **(optional) narrows the rule to a specific IP address or set of addresses within the Dst interface. 
 + 
 +**Description:** This is a free text field in which to enter whatever you wish as a reminder, note etcetera. 
 + 
 + \\ 
 + 
 +\\ 
 + 
 + 
 +===== LAN Access Notes ===== 
 + 
 +Regardless of LAN Access rules, by default a LANx device is able to reach (e.g. ping) all the router's LAN interfaces (only). This is by design. 
 + 
 +All entries in LAN Access are one-way only.  
 +For example, if you want hosts on LAN0 to be able to communicate with hosts on LAN1, 
 +and hosts on LAN1 to be able to communicate with hosts on LAN0, you will need to have two entries in the table to achieve that.  
 + 
 +LAN Access is an IP-level access control.  
 +This means that **all ports/protocols are automatically enabled**. If additional fine tuning is required (for example, you wanted to allow only allow port 80/TCPyou will need to manually configure settings instead. 
 + 
 + \\ 
 + 
 + \\
  
-{{:pasted:20220126-183839.png}}\\ 
-**On**: Makes the defined rule active.\\ 
-**Src**: Source logical LAN for the rule.\\ 
-**Src Address**: (optional) narrows down the rule to a specific IP or set of within the Src interface.\\ 
-**Dst**: Destination logical LAN for the rule.\\ 
-**Dst Address**: (optional) narrows down the rile to a specific IP or set of within the Dst interface.\\ 
-**Description**: Free text field.\\ 
  
-Please note: regardless of the LAN Access rules, by default a LANx device is able to reach (e.g. ping) all the router's LAN interface (only). This is by design. 
advanced-access.txt · Last modified: 2023/09/12 17:20 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki