This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
advanced-firewall [2022/01/21 01:50] – hogwild | advanced-firewall [2023/05/28 04:37] – [Firewall] -condense hogwild | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Firewall ====== | ||
+ | |||
+ | The Firewall page allows you to configure options to protect or facilitate various types of network communications. | ||
+ | |||
+ | |||
===== Firewall ===== | ===== Firewall ===== | ||
- | The Firewall page allows you to configure options to protect/ | + | {{: |
- | {{: | + | \\ **WAN interfaces respond to ping and traceroute: |
- | **WAN interfaces respond | + | **Limit communication |
- | **Limit communication to **- Specifies | + | \\ |
+ | |||
+ | **Enable TCP SYN cookies: | ||
+ | |||
+ | **Enable DCSP Fix: **Checking this enables a workaround for packet marking, a well-known issue related to DSCP when connected to Comcast. | ||
+ | |||
+ | **Allow DHCP Spoofing: ** | ||
+ | |||
+ | **Smart MTU black hole detection: | ||
+ | |||
+ | |||
+ | ===== NAT ===== | ||
+ | |||
+ | **NAT loopback:** This technique allows LAN devices to access each other via the router' | ||
+ | |||
+ | * All | ||
+ | * Forwarded Only | ||
+ | * Disabled | ||
+ | |||
+ | \\ | ||
+ | |||
+ | {{:: | ||
+ | |||
+ | **NAT target** - This defines the way NAT is implemented for use during loopback. Masquerade is the default, but involves an additional lookup. ad the mapping of done towards an interface. SNAT is minutely faster, as the NAT mapping points directly to the destination IP and so it bypasses the lookup stage. However, SNAT is less reliable than Masquerade. | ||
\\ | \\ | ||
- | {{: | ||
- | **Enable | + | ===== Multicast ===== |
+ | |||
+ | \\ \\ {{: | ||
+ | |||
+ | **Enable | ||
+ | |||
+ | LAN0 - LAN3 Specifies which bridges will participate in IGMP, with the router | ||
+ | |||
+ | * LAN0 - Checking this means the LAN0 bridge will participate in IGMP proxy. | ||
+ | * LAN1 - Checking this means the LAN1 bridge will participate in IGMP proxy. | ||
+ | * LAN2 - Checking this means the LAN2 bridge will participate in IGMP proxy/ | ||
+ | * LAN3 - Checking this means the LAN3 bridge will participate in IGMP proxy. | ||
+ | |||
+ | \\ | ||
+ | |||
+ | **Enable quick leave** - This is a feature of IGMP v2 and later. Enabling | ||
+ | |||
+ | **Custom Configuration** | ||
+ | |||
+ | \\ {{: | ||
+ | |||
+ | **Enable Udpxy** - Like IGMP proxy, Udpxy allows multicast communications between devices on different VLANs. Since their behavior is very similar, you are advised to use either Udpxy or IGMP proxy, but not both at once. | ||
- | **Enable DCSP Fix** - This enables a workaround for a well-known issue related | + | **Upstream interface** - Here, enter the stream source is expected |
- | **IPv6 IPSec Passthrough** - FIXME\\ | + | **LAN0/ |
- | {{: | + | **Enable client statistics** |
- | **NAT loopback** - also known as " | + | **Max clients - ** This represents |
- | **NAT target** - Defines | + | **Udpxy port**- This specifies |
- | Multicast\\ | + | **Efficient Multicast Forwarding (IGMP Snooping) -** IGMP snooping |
- | {{: | + | therefore, multicast network misconfiguration or other deficiencies can appear as UPnP issues rather than underlying network issues. If IGMP snooping |
- | {{: | + | **Force IGMPv2** - IGMPv2 enhances the IGMP communication supporting additional messages/ |