66

7.5

VLAN

On this page you can configure your Virtual LAN settings, either Port based or Tag based.

7.5.1

VLAN Networks

7.5.1.1

VLAN Functionality

Field Name

Sample Value

Explanation

1.

VLAN mode

Disabled / Port based /

Tag based

Lets user to choose the VLAN mode or disable VLAN functionality.

7.5.1.2

VLAN Network List

If VLAN mode

–

Port based:

Field Name

Sample Value

Explanation

1.

VLAN ID

1

VLAN Identification number, allowed in range (1-4094)

2.

LAN ports

1 / 2 / 3

on

Switches each LAN port between ON, OFF or tagged state.

3.

Wireless

access points

Enabled / Disabled

Assign selected access point(s) to selected LAN.

4.

LAN

None

Select to which LAN to assign selected LAN ports and wireless access

points.

67

If VLAN mode

–

Tag based:

Field Name

Sample Value

Explanation

1.

VLAN ID

2

VLAN Identification number, allowed in range (1-4094)

3.

Wireless

access points

Enabled / Disabled

Assign selected access point(s) to selected LAN.

4.

LAN

None

Select to which LAN to wireless access point(s).

7.5.2

LAN Networks

In this page you can create extra LAN networks, and assign them with LAN Ports and wireless access points. You

can get extra information on how to configure any of your LAN’s settings in section –

7.3 LAN

Field Name

Sample Value

Explanation

1.

LAN name

Lan

Specifies new LAN name

2.

Interface

name

eth0 tap0

Specifies LAN interface name

7.6

Firewall

In this section we will look over the various firewall features that come with RUT9.

7.6.1

General Settings

The routers firewall is a standard Linux iptables package, which uses routing chains and policies to facilitate

control over inbound and outbound traffic.

68

Field Name

Sample value

Explanation

1.

Drop Invalid

packets

Checked/Unchecked

A “Drop” action is performed on a packet that is determined to be

invalid

2.

Input

Reject/Drop/Accept

DEFAULT* action that is to be performed for packets that pass through the

Input chain.

3.

Output

Reject/Drop/Accept

DEFAULT* action that is to be performed for packets that pass through the

Output chain.

4.

Forward

Reject/Drop/Accept

DEFAULT* action that is to be performed for packets that pass through the

Forward chain.

*DEFAULT: When a packet goes through a firewall chain it is matched against all the rules for that specific chain. If

no rule matches said packet, an according Action (either Drop or Reject or Accept) is performed.

Accept

–

Packet gets to continue down the next chain.

Drop

–

Packet is stopped and deleted.

Reject

–

Packet is stopped, deleted and, differently from Drop, an ICMP packet containing a message of rejection

is sent to the

source

of the dropped packet.

7.6.2

DMZ

By enabling DMZ for a specific internal host (for e.g.: your computer), you will expose that host and its services to

the routers WAN network (i.e. - internet).

69

7.6.3

Port Forwarding

Here you can define your own port forwarding rules.

You can use port forwarding to set up servers and services on local LAN machines. The above picture shows how

you can set up a rule that would allow a website that is being hosted on 192.168.1.109, to be reached from the outside

by entering http://routersExternalIp:12345/.

Field Name

Sample value

Explanation

1.

Name

Enable_SSH_WAN_PASSTHROUGH

Name of the rule. Used purely to make it easier to

manage rules.

2.

Protocol

TCP/UDP/TCP+UDP/Other

Type of protocol of incoming packet.

3.

External Port

1-65535

From this port on the WAN network the traffic will be

forwarded.

4.

Internal IP address

IP address of some computer on

your LAN

The IP address of the internal machine that hosts

some service that we want to access from the outside.

5.

Internal port

1-65535

To that port on the internal machine the rule will

redirect the traffic.

When you click

edit

you can fine tune a rule to near perfection, if you should desire that.

70

Field Name

Sample value

Explanation

1.

Name

ENABLE_SSH_WAN_PASSTHROUGH

Name of the rule. Used purely to make it easier to

manage rules.

2.

Protocol

TCP/UDP/TCP+

UDP/ICMP/Custom

You may specify multiple by selecting (custom) and

then entering protocols separated by space

3.

Source zone

LAN/VPN/WAN

Match incoming traffic from this zone only

4.

Source MAC address

any

Match incoming traffic from these MACs only

5.

Source IP address

any

Match incoming traffic from this IP or range only

7.

Source port

any

Match incoming traffic originating from the given

source port or port range on the client host only

8.

External IP address

any

Match incoming traffic directed at the given IP

address only

9.

External port

22

Match

incoming

traffic

directed

at

the

given

destination port or port range on this host only

10.

Internal zone

LAN/VPN/WAN

Redirect matched incoming traffic to the specified

internal zone

11.

Internal IP address

127.0.0.1

Redirect matched incoming traffic to the specified

internal host

12.

Internal port

any

Redirect matched incoming traffic to the given port

on the internal host

13.

Enable NAT loopback

Enable/Disable

NAT loopback enables your local network (i.e.

behind

your

router/modem)

to

connect

to a

forward-facing IP address (such as 208.112.93.73) of

a machine that it also on your local network

14.

Extra arguments

Passes additional arguments to iptables. Use with

care!