FreshTomato Wiki

User Tools

Site Tools

Trace:
advanced-firewall

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
advanced-firewall [2023/05/28 03:56] – [Firewall] -condense hogwildadvanced-firewall [2023/05/28 04:13] – [NAT] -resize "advanced-firewall-NAT.jpg" to 454x113 hogwild
Line 14: Line 14:
 **Enable DCSP Fix:  **Checking this enables a workaround for packet marking, a well-known issue related to DSCP when connected to Comcast. **Enable DCSP Fix:  **Checking this enables a workaround for packet marking, a well-known issue related to DSCP when connected to Comcast.
  
-**Allow DHCP Spoofing:**+**Allow DHCP Spoofing: **
  
-IPv6 IPSec Passthrough - Enabling this allows IPSec tunnels to pass through the firewall. It opens port 500 and the "ESP" protocol(50) to do so.+**Smart MTU black hole detection:**
  
  
 ===== NAT ===== ===== NAT =====
  
-**NAT loopback:** This technique, also known as "Hairpinning", allows LAN devices to access each other via the router's WAN interface. This is common practice when connecting to the DDNS domain of your router from the LAN. This legacy setting is almost never needed these adays. It also can create speed bottlenecks.+**NAT loopback:** This technique allows LAN devices to access each other via the router's WAN interface. Also known as "Hairpinning", this is commonly used when connecting to the DDNS domain of your router from the LAN. These days, this legacy setting is almost never needed. It also can create speed bottlenecks.
  
   * All   * All
Line 27: Line 27:
   * Disabled   * Disabled
  
- \\+\\ 
 + 
 +{{::advanced-firewall-nat.jpg?454}} \\ \\
  
 **NAT target** - This defines the way NAT is implemented for use during loopback. Masquerade is the default, but involves an additional lookup. ad the mapping of done towards an interface. SNAT is minutely faster, as the NAT mapping points directly to the destination IP and so it bypasses the lookup stage. However, SNAT is less reliable than Masquerade. **NAT target** - This defines the way NAT is implemented for use during loopback. Masquerade is the default, but involves an additional lookup. ad the mapping of done towards an interface. SNAT is minutely faster, as the NAT mapping points directly to the destination IP and so it bypasses the lookup stage. However, SNAT is less reliable than Masquerade.
  
  \\  \\
 +
  
 ===== Multicast ===== ===== Multicast =====
Line 37: Line 40:
  \\ \\ {{:pasted:20220118-185509.png}}\\  \\  \\ \\ {{:pasted:20220118-185509.png}}\\  \\
  
-**Enable IGMP proxy** - Runs the IGMP (Internet Group Management Protocol) service on the router.+**Enable IGMP proxy** - Checking this enables the IGMP (Internet Group Management Protocol) service.
  
-**LAN0/LAN1/LAN2/LAN3** - Specifies which bridges will be subscribed to partecipate in IGMP using the router as a proxy between the LANs selected. Essentially, this allows IGMP to work between VLANs.+LAN0 - LAN3 Specifies which bridges will be participate in IGMP using the router as a proxy between the LANs selected. This allows IGMP to work between VLANs. 
 + 
 +  * LAN0 - Checking this specifies the LAN0 bridge will participate in IGMP. 
 +  * LAN1 - Checking this specifies the LAN1 bridge will participate in IGMP. 
 +  * LAN2 - Checking this specifies the LAN2 bridge will participate in IGMP 
 +  * LAN3 - Checking this specifies the LAN3 bridge will participate in IGMP 
 + 
 + \\
  
 **Enable quick leave** - This is a feature of IGMP v2. This allows the router to stop the streaming of a multicast to an IP address as soon as that end device sends the quick leave IGMP packet. **Enable quick leave** - This is a feature of IGMP v2. This allows the router to stop the streaming of a multicast to an IP address as soon as that end device sends the quick leave IGMP packet.
advanced-firewall.txt · Last modified: 2023/05/28 05:39 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki