FreshTomato Wiki

User Tools

Site Tools

Trace: advanced-access advanced-routing
advanced-access

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
advanced-access [2023/06/05 02:04] – [LAN Access] hogwildadvanced-access [2024/11/27 01:30] (current) – [LAN Access] -Condense, formatting hogwild
Line 5: Line 5:
  \\  \\
  
-For example, let'say we have two LANs, one primary (LAN0/br0) and one secondary (LAN1/br1).+For example, say we have two LANs, one primary (LAN0/br0) and one secondary (LAN1/br1).
  
-If we want devices on LAN0 to  will be able to communicate with devices on LAN1 (and vice versa), we might use these settings:+If you want devices on LAN0 to communicate with devices on LAN1 (and vice versa), you might use these settings:
  
  \\  \\
Line 13: Line 13:
 {{:pasted:20220126-183839.png}}\\   \\ {{:pasted:20220126-183839.png}}\\   \\
  
-**On:** Checking this enables the rule defined on this row of the table.+**On:** checking this enables the rule defined on this row of the table.
  
-**Src:** This displays/allows you to configure the (Logical) Source LAN for the rule on that row of the table.+ \\
  
-**Src Address:** This (optionalfield narrows the rule to a specific IP address or set of addresses within the Src interface.+**Src:** displays/lets you configure the (LogicalSource LAN for the rule on that row of the table.
  
-**Dst:** Here, you specify the (logical) Destination LAN for the rule on this row of the table.+ \\
  
-**Dst Address: **(optional) narrows the rule to a specific IP address or set of addresses within the Dst interface.+**Src Address:** lets you narrow the rule to a specific IP address/set of addresses within the Src interface.
  
-**Description:** This is a free text field in which to enter whatever you wish as a remindernote etcetera.+ \\ 
 + 
 +**Dst:** here, you specify the (logical) Destination LAN for the rule on this row of the table. 
 + 
 + \\ 
 + 
 +**Dst Address: **(optionally), narrows the rule to a specific IP address/set of addresses within the Dst interface. 
 + 
 + \\ 
 + 
 +**Description:** a free text field in which you can enter whatever you wish, such as notesreminders.
  
  \\  \\
Line 32: Line 42:
 ===== LAN Access Notes ===== ===== LAN Access Notes =====
  
-Regardless of LAN Access rules, by default a LANx device is able to reach (e.g. ping) all the router's LAN interfaces (only). This is by design.+  * Regardless of LAN Access rules, by default a LANx device is able to reach (e.g. ping) all the router's LAN interfaces (only). This is by design. 
 +  * All entries in LAN Access are one-way only. For example, if you want hosts on LAN0 to be able to communicate with hosts on LAN1, and vice versa, you'll need two entries in the table to achieve that. 
 +  * LAN Access is an IP-level access control. Therefore, **all ports/protocols are automatically enabled**. If additional fine tuning is needed (for example, you want to allow only allow port 80/TCP) you'll need to manually configure settings instead. 
 + 
 + \\ 
 + 
 + \\
  
  
advanced-access.1685927044.txt.gz · Last modified: 2023/06/05 02:04 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki