Differences

This shows you the differences between two versions of the page.

--- advanced-firewall [2023/05/28 03:50] – [Firewall] -condense, fix subheads, formatting problems hogwild
+++ advanced-firewall [2023/05/28 04:13] – [NAT] -resize "advanced-firewall-NAT.jpg" to 454x113 hogwild
@@ Line 14: / Line 14: @@
 **Enable DCSP Fix:  **Checking this enables a workaround for packet marking, a well-known issue related to DSCP when connected to Comcast.
-**Allow DHCP Spoofing:**
+**Allow DHCP Spoofing: **
-IPv6 IPSec Passthrough - Enabling this allow IPSec tunnels to pass through the firewall. It opens port 500 and the "ESP" protocol(50) to accomplish this.
+**Smart MTU black hole detection:**
 ===== NAT =====
-NAT loopback - also known as "Hairpinning", this technique allows LAN devices to access another LAN device via the WAN interface of your router. This is common practice, for example, when connecting to the DDNS domain of your router from the LAN (for administration purposes). This legacy setting is rarely, if ever needed nowadays. It also can create a bottleneck on fast connections.
+**NAT loopback:** This technique allows LAN devices to access each other via the router's WAN interface. Also known as "Hairpinning", this is commonly used when connecting to the DDNS domain of your router from the LAN. These days, this legacy setting is almost never needed. It also can create speed bottlenecks.
   * All
@@ Line 27: / Line 27: @@
   * Disabled
-**NAT target** - Defines the way NAT is implemented for the sake of Hairpinning. Masquerade is the default, however this involves an additional lookup ad the mapping of done towards an interface. SNAT is minimally minutely faster as the NAT mapping points directly to the destination IP and so it bypasses the lookup stage.
+\\
+{{::advanced-firewall-nat.jpg?454}} \\ \\
+**NAT target** - This defines the way NAT is implemented for use during loopback. Masquerade is the default, but involves an additional lookup. ad the mapping of done towards an interface. SNAT is minutely faster, as the NAT mapping points directly to the destination IP and so it bypasses the lookup stage. However, SNAT is less reliable than Masquerade.
  \\
-\\ {{:pasted:20220118-185509.png}}\\  \\
-**Enable IGMP proxy** - Runs the IGMP (Internet Group Management Protocol) service on the router.
+===== Multicast =====
-**LAN0/LAN1/LAN2/LAN3** - Specifies which bridges will be subscribed to partecipate in IGMP using the router as a proxy between the LANs selected. Essentially, this allows IGMP to work between VLANs.
+ \\ \\ {{:pasted:20220118-185509.png}}\\  \\
+**Enable IGMP proxy** - Checking this enables the IGMP (Internet Group Management Protocol) service.
+LAN0 - LAN3 Specifies which bridges will be participate in IGMP using the router as a proxy between the LANs selected. This allows IGMP to work between VLANs.
+  * LAN0 - Checking this specifies the LAN0 bridge will participate in IGMP.
+  * LAN1 - Checking this specifies the LAN1 bridge will participate in IGMP.
+  * LAN2 - Checking this specifies the LAN2 bridge will participate in IGMP
+  * LAN3 - Checking this specifies the LAN3 bridge will participate in IGMP
+ \\
 **Enable quick leave** - This is a feature of IGMP v2. This allows the router to stop the streaming of a multicast to an IP address as soon as that end device sends the quick leave IGMP packet.

FreshTomato Wiki

User Tools

Site Tools

Differences

Page Tools