Firewall Settings
The router firewall controls the forward packet streams from incoming network interfaces to outgoing network interfaces.
Last updated
The router firewall controls the forward packet streams from incoming network interfaces to outgoing network interfaces.
Last updated
Firewall rules add another layer of granularity to what is allowed to be forwarded across interfaces and which packets are allowed to be inputted and outputted.
The firewall can collect interfaces into zones to filter traffic logically. A zone can be configured to any set of interfaces. This simplifies the firewall rule logic somewhat by conceptually grouping the interfaces:
A rule for a packet originating in a zone must enter the router on one of the zone's interfaces,
A rule for a packet being forwarded to a zone must exit the router on one of the zone's interfaces.
After accessing the router, go to Network
> Firewall
to enter the Firewall - Zone Settings
.The SYN-flood protection
is enabled by default. You can use the default firewall zone settings below in most conditions.
Port forwarding is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another. Port Forwarding allows remote computers to connect the outdoor router within a private local-area network (LAN).
Log in to the router, go to Network
> Firewall
.
➀ Under the tab of General Settings
, change forward to accept
.
➁ In the Zones section, change the Forward on the row of WAN from reject
to accept
.
Click the Save & Apply button on the bottom right corner.
Click the tab Port Forwards
to enter the configure section on the New port forward section:
Name
: Enter the reference name. e.g., Test
Protocol
: Select from TCP
, UDP
, and TCP+UDP
📌 If you don't know the protocol, please choose TCP+UDP. Please select TCP or UDP if you are aware of whether it is TCP or UDP. It can effectively reduce resource consumption.
External zone
: Select WAN
External port
: Set the port number you want to access from the external network
📌 Suggest selecting the WAN port between 1025~25534. Do not use the standard ports occupied by the other services such as 23, 80, 433, 3389, 7700, 10080, etc.
Internal zone
: Select LAN
Internal IP Address
: Select from the list of connected intranet hosts
📌 If you can not find the host on the list, please recheck the IP settings on the host.
Internal port
: Choose the port number that needs to be forwarded from the intranet host
Click the button Save & Apply
The below example was forwarded to localhost 192.168.30.113:80 to WAN port 1180. You can access the 80 port on the host of 192.168.30.113 from the public IP address plus port 1180. It's NOT accessible from the router's local IP, e.g., 192.168.30.1:1180.
NAT Loopback is turned on after saving a new port forward rule. It allows the intranet terminal to access the local hosts by using the public IP address of the routed external network interface. To reduce the consumption of router resources, you can click the Edit button on the saved port forward rule list to disable it.
To access another host from the router IP address, we can set up intranet forwarding based on iptables
. Go to the tab Custom Rules
, add the new iptable rules. Below are the example codes to forward 192.168.30.113:80 to router IP 192.168.30.1:1180.
iptables -t nat -A PREROUTING -d 192.168.30.1 -p tcp --dport 1180 -j DNAT --to-destination 192.168.30.113:80 iptables -t nat -A POSTROUTING -d 192.168.30.113 -p tcp --dport 80 -j SNAT --to 192.168.30.1
After accessing the router, go to Network > Firewall > Traffic Rules: Open port on router
. You can add a new port to the router.
Name: Input name of the new port
Protocol: Choose from TCP or UDP
External port: The new port number
After inputting the above parameters, click the Add
button. Then click Save & Apply
the button on the bottom right corner. You will find the new port on the Traffic Rules
list.