FreshTomato Wiki

User Tools

Site Tools

Trace:
advanced-access

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
advanced-access [2022/02/10 23:16] – Added subheading "Lan Access Notes", clarity hogwildadvanced-access [2023/09/12 17:20] (current) – [LAN Access Notes] hogwild
Line 1: Line 1:
 ====== LAN Access ====== ====== LAN Access ======
  
-This page allows you to define LAN-to-LAN traffic where it otherwise would be blocked. For example, assume we have two LANs, one primary (LAN0/br0) and one secondary (LAN1/br1). Devices on LAN0 will be able to communicate with devices on LAN1 (and the other way around).+This page allows you to define LAN-to-LAN traffic where it otherwise would be blocked. 
 + 
 + \\ 
 + 
 +For example, let's say we have two LANs, one primary (LAN0/br0) and one secondary (LAN1/br1). 
 + 
 +If you want devices on LAN0 to be able to communicate with devices on LAN1 (and vice versa), you might use these settings:
  
  \\  \\
Line 7: Line 13:
 {{:pasted:20220126-183839.png}}\\   \\ {{:pasted:20220126-183839.png}}\\   \\
  
-**On**Checking this enables the defined rule.+**On:** Checking this enables the rule defined on this row of the table.
  
-**Src**(Logical) Source LAN for the rule on that row of the table.+**Src:** This displays/allows you to configure the (Logical) Source LAN for the rule on that row of the table.
  
-**Src Address**This (optional) field narrows the rule to a specific IP address or set of addresses within the Src interface.+**Src Address:** This (optional) field narrows the rule to a specific IP address or set of addresses within the Src interface.
  
-**Dst**Here, you specifies the (logical) Destination LAN for the rule in this row of the table.+**Dst:** Here, you specify the (logical) Destination LAN for the rule on this row of the table.
  
-**Dst Address**(optional) narrows the rule to a specific IP address or set of addresses within the Dst interface.+**Dst Address**(optional) narrows the rule to a specific IP address or set of addresses within the Dst interface. 
 + 
 +**Description:** This is a free text field in which to enter whatever you wish as a reminder, note etcetera. 
 + 
 + \\ 
 + 
 +\\
  
-**Description**: This is a free text field in which to enter whatever you wish as a reminder, note etctera.\\ 
  
 ===== LAN Access Notes ===== ===== LAN Access Notes =====
  
 Regardless of LAN Access rules, by default a LANx device is able to reach (e.g. ping) all the router's LAN interfaces (only). This is by design. Regardless of LAN Access rules, by default a LANx device is able to reach (e.g. ping) all the router's LAN interfaces (only). This is by design.
 +
 +All entries in LAN Access are one-way only. \\ 
 +For example, if you want hosts on LAN0 to be able to communicate with hosts on LAN1,
 +and hosts on LAN1 to be able to communicate with hosts on LAN0, you will need to have two entries in the table to achieve that. 
 +
 +LAN Access is an IP-level access control. \\ 
 +This means that **all ports/protocols are automatically enabled**. If additional fine tuning is required (for example, you wanted to allow only allow port 80/TCP) you will need to manually configure settings instead.
 +
 + \\
 +
 + \\
  
  
advanced-access.1644535003.txt.gz · Last modified: 2022/02/10 23:16 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki