This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
advanced-firewall [2023/05/28 04:13] – [NAT] -resize "advanced-firewall-NAT.jpg" to 454x113 hogwild | advanced-firewall [2023/05/28 04:44] – [Multicast] -clarity-IGMP snooping hogwild | ||
---|---|---|---|
Line 6: | Line 6: | ||
===== Firewall ===== | ===== Firewall ===== | ||
- | {{: | + | {{: |
- | **Limit communication | + | |
- | | + | **Limit communication to: **This specifies the maximum number of requests per second to which the Firewall will reply. Setting a limit number is recommended to prevent DDoS attacks.\\ |
+ | |||
+ | \\ | ||
+ | |||
+ | **Enable TCP SYN cookies: | ||
**Enable DCSP Fix: **Checking this enables a workaround for packet marking, a well-known issue related to DSCP when connected to Comcast. | **Enable DCSP Fix: **Checking this enables a workaround for packet marking, a well-known issue related to DSCP when connected to Comcast. | ||
Line 42: | Line 46: | ||
**Enable IGMP proxy** - Checking this enables the IGMP (Internet Group Management Protocol) service. | **Enable IGMP proxy** - Checking this enables the IGMP (Internet Group Management Protocol) service. | ||
- | LAN0 - LAN3 Specifies which bridges will be participate in IGMP using the router as a proxy between | + | LAN0 - LAN3 Specifies which bridges will participate in IGMP, with the router |
- | * LAN0 - Checking this specifies | + | * LAN0 - Checking this means the LAN0 bridge will participate in IGMP proxy. |
- | * LAN1 - Checking this specifies | + | * LAN1 - Checking this means the LAN1 bridge will participate in IGMP proxy. |
- | * LAN2 - Checking this specifies | + | * LAN2 - Checking this means the LAN2 bridge will participate in IGMP proxy/ |
- | * LAN3 - Checking this specifies | + | * LAN3 - Checking this means the LAN3 bridge will participate in IGMP proxy. |
\\ | \\ | ||
- | **Enable quick leave** - This is a feature of IGMP v2. This allows the router to stop the streaming | + | **Enable quick leave** - This is a feature of IGMP v2 and later. Enabling this allows the router to stop streaming multicast to an IP address as soon as that device sends a "quick leave" |
- | **Custom Configuration** - This option allows you to set up advanced parameters for the IGMP proxy daemon. | + | **Custom Configuration** - This option allows you to set advanced parameters for the IGMP proxy daemon. |
\\ {{: | \\ {{: | ||
- | **Enable Udpxy** - Like IGMP proxy, Udpxy allows multicast communications between | + | **Enable Udpxy** - Like IGMP proxy, Udpxy allows multicast communications between |
+ | |||
+ | **Upstream interface** - Here, enter the stream source is expected to live. (Default: blank). | ||
+ | |||
+ | **LAN0/ | ||
- | **Upstream interface** - Defines where the stream source is expected | + | **Enable client statistics** - Enabling this causes FreshTomato |
- | **LAN0/ | + | **Max clients - ** This represents |
- | **Enable client statistics** - Enabling this causes FreshTomato to collect statistical information about Udpxy clients. | + | **Udpxy port**- This specifies the port on which you can recive |
- | **Max clients | + | **Efficient Multicast Forwarding (IGMP Snooping) |
- | **Udpxy port**- This is where you can consult | + | Caution is advised, as often, UPnP is the only significant multicast application in use on a home network. Thus, multicast configuration issues or other deficiencies can appear as UPnP issues, when they' |
- | **Efficient Multicast Forwarding (IGMP Snooping) -** IGMP snooping is a way to have the switch (part of the router) facilitating the discovery of multicast (IGMP) clients. The idea is to only multicast traffic towards ethernet ports where there' | + | If IGMP snooping is enabled on a (wireless router)/switch, it will interfere with UPnP/DLNA device discovery (SSDP) if incorrectly or incompletely configured (e.g. without an active querier or IGMP proxy), making UPnP appear unreliable. Typical scenarios observed include a server or client (e.g. smart TV) appearing after power on, and then disappearing after a few minutes (often 30 by default configuration) due to IGMP group membership expiring. On this very topic please beware of the wireless multicast forwarding under [[advanced-wireless|Advanced Wireless]] |
**Force IGMPv2** - IGMPv2 enhances the IGMP communication supporting additional messages/ | **Force IGMPv2** - IGMPv2 enhances the IGMP communication supporting additional messages/ | ||