This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
advanced-firewall [2023/05/28 03:56] – [NAT] -clarity, add subhead for Multicast subhead hogwild | advanced-firewall [2023/05/28 04:13] – [NAT] -resize "advanced-firewall-NAT.jpg" to 454x113 hogwild | ||
---|---|---|---|
Line 14: | Line 14: | ||
**Enable DCSP Fix: **Checking this enables a workaround for packet marking, a well-known issue related to DSCP when connected to Comcast. | **Enable DCSP Fix: **Checking this enables a workaround for packet marking, a well-known issue related to DSCP when connected to Comcast. | ||
- | **Allow DHCP Spoofing:** | + | **Allow DHCP Spoofing: ** |
- | IPv6 IPSec Passthrough - Enabling this allow IPSec tunnels to pass through the firewall. It opens port 500 and the " | + | **Smart MTU black hole detection: |
===== NAT ===== | ===== NAT ===== | ||
- | **NAT loopback:** This technique, also known as " | + | **NAT loopback:** This technique allows LAN devices to access each other via the router' |
* All | * All | ||
Line 27: | Line 27: | ||
* Disabled | * Disabled | ||
- | \\ | + | \\ |
+ | |||
+ | {{:: | ||
**NAT target** - This defines the way NAT is implemented for use during loopback. Masquerade is the default, but involves an additional lookup. ad the mapping of done towards an interface. SNAT is minutely faster, as the NAT mapping points directly to the destination IP and so it bypasses the lookup stage. However, SNAT is less reliable than Masquerade. | **NAT target** - This defines the way NAT is implemented for use during loopback. Masquerade is the default, but involves an additional lookup. ad the mapping of done towards an interface. SNAT is minutely faster, as the NAT mapping points directly to the destination IP and so it bypasses the lookup stage. However, SNAT is less reliable than Masquerade. | ||
\\ | \\ | ||
+ | |||
===== Multicast ===== | ===== Multicast ===== | ||
Line 37: | Line 40: | ||
\\ \\ {{: | \\ \\ {{: | ||
- | **Enable IGMP proxy** - Runs the IGMP (Internet Group Management Protocol) service | + | **Enable IGMP proxy** - Checking this enables |
- | **LAN0/ | + | LAN0 - LAN3 Specifies which bridges will be participate |
+ | |||
+ | * LAN0 - Checking this specifies the LAN0 bridge will participate in IGMP. | ||
+ | * LAN1 - Checking this specifies the LAN1 bridge will participate in IGMP. | ||
+ | * LAN2 - Checking this specifies the LAN2 bridge will participate in IGMP | ||
+ | * LAN3 - Checking this specifies the LAN3 bridge will participate in IGMP | ||
+ | |||
+ | \\ | ||
**Enable quick leave** - This is a feature of IGMP v2. This allows the router to stop the streaming of a multicast to an IP address as soon as that end device sends the quick leave IGMP packet. | **Enable quick leave** - This is a feature of IGMP v2. This allows the router to stop the streaming of a multicast to an IP address as soon as that end device sends the quick leave IGMP packet. |