Firewall Settings
Last updated
Last updated
The router firewall controls the forward packet streams from incoming network interfaces to outgoing network interfaces. It adds another layer of granularity to what can be forwarded across interfaces and which packets can be inputted and outputted.
The firewall collects interfaces into zones to filter traffic logically. A zone can be configured to any set of interfaces. This simplifies the firewall rule logic somewhat by conceptually grouping the interfaces:
A rule for a packet originating in a zone must enter the router on one of the zone's interfaces,
A rule for a packet being forwarded to a zone must exit the router on one of the zone's interfaces.
To configure the firewall zones, go to "Network > Firewall" after accessing the router. The prime tab of "General Settings" allows the modification of the firewall zones. You can use the default firewall zone settings as shown below in most conditions.
Port forwarding is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another. It allows remote computers to connect to the outdoor router within a private local-area network (LAN).
To enable port forwards, "Forward" options must be allowed under the "General Settings" tab of the firewall zones. Then click the "Save & Apply" button to take effect.
➀ Replace "Forward" with "Accept" in the general settings section. ➁ Scroll down to the "Zones" section and update the Forward column in the WAN row to "Accept."
Click the second tab labeled "Port Forwards" to configure port forwarding rules. You can refer to the preset port forward rules. Below is the step-by-step guidance for setting a new port forward rule.
Name – Enter your custom reference name. e.g., Test
Protocol – Select from TCP, UDP, or both. Note: If you don't know the exact protocol, choose TCP+UDP. Please select TCP or UDP if you know whether it is TCP or UDP. It can effectively reduce resource consumption.
External Port – Set the port number you want to access from the external network Note: Suggest selecting the WAN port between 1025~25534. Do not use the standard ports occupied by the other services such as 23, 80, 433, 3389, 7700, 10080, etc.
Destination Zone – Select LAN
Internal IP Address – Select from the list of connected intranet hosts. If you can not find the host on the list, please recheck the IP settings on the host.
Internal Port – Choose the port number that needs to be forwarded from the intranet host
Click the "Save" button and then the "Save & Apply" button on the firewall page to execute the new settings.
Advanced Settings > NAT Loopback
NAT Loopback is turned on as the default setting. It allows intranet terminals to access local hosts using the public IP address of the routed external network interface. If you need to reduce the consumption of router resources, you can disable this function.
The 5G router supports access to another connected host through the router's IP address and port number. You can set up intranet local forwarding using iptables.
To configure local forwarding, go to the last "Custom Rules" tab to add new iptable rules. Below are example codes to forward 192.168.20.113:80 to the router's IP 192.168.20.1:1138.
The 5G router has no port restrictions in default settings. You may need to open a new port and configure custom rules in specific applications. Here is an essential guide for that.
Go to "Network > Firewall > Tab: Traffic Rules" after accessing the router.
Name – Enter your custom reference name.
Protocol – Choose from TCP or UDP.
Source Zone – Leave the default WAN value unchanged.
Source Address – Enter the IP according to your requirements.
Destination Zone – Leave the default LAN value unchanged.
Destination Address – Enter the IP according to your requirements.
Destination Port – Enter the port according to your requirements.
Action – Choose from "Accept" or "Reject".
After inputting the above parameters, click the "Save" button. Then click "Save & Apply". After that, you will find the newly created port on the "Traffic Rules" list.
