FreshTomato Wiki

User Tools

Site Tools

Trace:
advanced-access

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
advanced-access [2022/01/05 12:46] – created rs232advanced-access [2023/09/12 17:20] (current) – [LAN Access Notes] hogwild
Line 1: Line 1:
 +====== LAN Access ======
  
 +This page allows you to define LAN-to-LAN traffic where it otherwise would be blocked.
  
-    Src - Source LAN bridge+ \\ 
-    Src Address (optional) - Source address allowedEx"1.2.3.4""1.2.3.4 - 2.3.4.5""1.2.3.0/24"+ 
-    Dst Destination LAN bridge+For example, let's say we have two LANs, one primary (LAN0/br0) and one secondary (LAN1/br1). 
-    Dst Address (optional- Destination address inside the LAN.+ 
 +If you want devices on LAN0 to be able to communicate with devices on LAN1 (and vice versa), you might use these settings: 
 + 
 + \\ 
 + 
 +{{:pasted:20220126-183839.png}}\\   \\ 
 + 
 +**On:** Checking this enables the rule defined on this row of the table. 
 + 
 +**Src:** This displays/allows you to configure the (Logical) Source LAN for the rule on that row of the table
 + 
 +**Src Address:** This (optional) field narrows the rule to a specific IP address or set of addresses within the Src interface. 
 + 
 +**Dst:** Here, you specify the (logical) Destination LAN for the rule on this row of the table. 
 + 
 +**Dst Address: **(optional) narrows the rule to a specific IP address or set of addresses within the Dst interface. 
 + 
 +**Description:** This is a free text field in which to enter whatever you wish as a reminder, note etcetera. 
 + 
 + \\ 
 + 
 +\\ 
 + 
 + 
 +===== LAN Access Notes ===== 
 + 
 +Regardless of LAN Access rulesby default a LANx device is able to reach (e.gping) all the router's LAN interfaces (only)This is by design. 
 + 
 +All entries in LAN Access are one-way only\\  
 +For exampleif you want hosts on LAN0 to be able to communicate with hosts on LAN1, 
 +and hosts on LAN1 to be able to communicate with hosts on LAN0, you will need to have two entries in the table to achieve that.  
 + 
 +LAN Access is an IP-level access control\\  
 +This means that **all ports/protocols are automatically enabled**. If additional fine tuning is required (for example, you wanted to allow only allow port 80/TCPyou will need to manually configure settings instead. 
 + 
 + \\ 
 + 
 + \\
  
  
advanced-access.1641386792.txt.gz · Last modified: 2022/01/05 12:46 by rs232

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki