This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
advanced-firewall [2022/01/21 03:03] – formatting hogwild | advanced-firewall [2023/05/28 05:39] (current) – [Multicast] -condense, list/explain additional features of new IGMPv2 messages hogwild | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ===== Firewall ===== | + | ====== Firewall |
- | The Firewall page allows you to configure options to protect/facilitate | + | The Firewall page allows you to configure options to protect |
+ | |||
+ | |||
+ | ===== Firewall ===== | ||
{{: | {{: | ||
- | \\ | ||
- | **WAN interfaces respond to ping and traceroute** - If enabled, allows your device to reply to certain ICMP/UDP packets from Internet hosts so that //ping //and // | ||
- | **Limit communication | + | |
- | \\ | + | |
- | \\ | + | |
- | {{: | + | |
- | \\ | + | |
- | **Enable TCP SYN cookies** - Enabling this protects the router | + | |
- | **Enable DCSP Fix** - This enables a workaround for a well-known issue related to DSCP (packet marking) when connected | + | **Limit communication to: |
- | **IPv6 IPSec Passthrough** - FIXME\\ \\ | ||
\\ | \\ | ||
- | {{:pasted:20220118-184523.png}}\\ | + | |
- | \\ | + | **Enable TCP SYN cookies: |
- | **NAT loopback** | + | |
+ | **Enable DCSP Fix: | ||
+ | |||
+ | **Allow DHCP Spoofing: ** | ||
+ | |||
+ | **Smart MTU black hole detection: | ||
+ | |||
+ | |||
+ | ===== NAT ===== | ||
+ | |||
+ | **NAT loopback:** This technique allows LAN devices to access | ||
* All | * All | ||
Line 26: | Line 31: | ||
* Disabled | * Disabled | ||
- | **NAT target** - Defines | + | \\ |
+ | |||
+ | {{:: | ||
+ | |||
+ | **NAT target** - This defines | ||
\\ | \\ | ||
- | Multicast\\ {{: | ||
- | **Enable IGMP proxy** - Runs the IGMP (Internet Group Management Protocol) service on the router. | + | ===== Multicast ===== |
- | **LAN0/ | + | \\ \\ {{: |
- | **Enable | + | **Enable |
+ | |||
+ | LAN0 - LAN3 Specifies which bridges will participate in IGMP, with the router | ||
+ | |||
+ | * LAN0 - Checking this means the LAN0 bridge will participate in IGMP proxy. | ||
+ | * LAN1 - Checking this means the LAN1 bridge will participate in IGMP proxy. | ||
+ | * LAN2 - Checking this means the LAN2 bridge will participate in IGMP proxy. | ||
+ | * LAN3 - Checking this means the LAN3 bridge will participate in IGMP proxy. | ||
- | **Custom Configuration** - This option allows you to set up advanced parameters for the IGMP proxy daemon. Please consult the official IGMP documentation before finalizing these settings.\\ | ||
\\ | \\ | ||
+ | |||
+ | **Enable quick leave** - This is a feature of IGMP v2 and later. Enabling this allows the router to stop streaming multicast to an IP address as soon as that device sends a "quick leave" IGMP packet. | ||
+ | |||
+ | **Custom Configuration** - This option allows you to set advanced parameters for the IGMP proxy daemon. Consult official IGMP documentation before using this.\\ | ||
\\ {{: | \\ {{: | ||
- | **Enable Udpxy** - Like IGMP proxy, Udpxy allows multicast communications between | + | **Enable Udpxy** - Like IGMP proxy, Udpxy allows multicast communications between |
- | **Upstream interface** - Defines where the stream source is expected to live. (Default: blank). | + | **Upstream interface** - Here, enter the stream source is expected to live. (Default: blank). |
- | **LAN0/ | + | **LAN0/ |
- | **Enable client statistics** - Enabling this causes FreshTomato to collect | + | **Enable client statistics** - Enabling this causes FreshTomato to collect |
- | **Max clients -** Considering this is a lightwave | + | **Max clients - ** This represents the maximum number of simultaneous Udpxy clients. Udpxy is is a lightweight |
- | **Udpxy port**- This is where you can consult the Udpxy information | + | **Udpxy port**- This specifies the port on which you can recive |
- | \\ | + | |
- | \\ | + | |
- | {{: | + | |
- | \\ | + | |
- | **Efficient Multicast Forwarding (IGMP Snooping) -** IGMP snooping is a way to have the switch (router) facilitating the discovery of multicast (IGMP) clients. Beware that enabling IGMP snooping might interfere with some multicast-based applications/ | + | |
- | **Force IGMPv2** - IGMPv2 enhances | + | **Efficient Multicast Forwarding (IGMP Snooping) -** IGMP snooping makes the router' |
- | \\ | + | |
+ | However, caution is advised. IGMP Snooping can interfere with proper functioning of UPnP or DLNA. This can make Multicast configuration errors or deficiencies appear as UPnP issues. Enabling IGMP snooping on a router' | ||
+ | |||
+ | A common symptom of this is a network host (say, a Smart TV) which appears after it's powered on, but then " | ||
+ | |||
+ | **Force IGMPv2** - IGMPv2 enhances IGMP with additional messages/ | ||
+ | |||
+ | Other features of IGMPv2 include: | ||
+ | |||
+ | Group specific membership query. The router can now send a membership query for a specific group address. When the router receives a leave group message, it will use this query to check if there are still any hosts interested in receiving the multicast traffic. | ||
+ | |||
+ | MRT (Maximum Response Time) field. This new field in query messages specifies how much time hosts have to respond to the query. | ||
+ | |||
+ | Querier election process. When two routers are connected to the same subnet, only one of them should send query messages. Having an " | ||