Page 66 / 145
Scroll up to view Page 61 - 65
66
7.5
VLAN
On this page you can configure your Virtual LAN settings, either Port based or Tag based.
7.5.1
VLAN Networks
7.5.1.1
VLAN Functionality
Field Name
Sample Value
Explanation
1.
VLAN mode
Disabled / Port based /
Tag based
Lets user to choose the VLAN mode or disable VLAN functionality.
7.5.1.2
VLAN Network List
If VLAN mode
–
Port based:
Field Name
Sample Value
Explanation
1.
VLAN ID
1
VLAN Identification number, allowed in range (1-4094)
2.
LAN ports
1 / 2 / 3
on
Switches each LAN port between ON, OFF or tagged state.
3.
Wireless
access points
Enabled / Disabled
Assign selected access point(s) to selected LAN.
4.
LAN
None
Select to which LAN to assign selected LAN ports and wireless access
points.
Page 67 / 145
67
If VLAN mode
–
Tag based:
Field Name
Sample Value
Explanation
1.
VLAN ID
2
VLAN Identification number, allowed in range (1-4094)
3.
Wireless
access points
Enabled / Disabled
Assign selected access point(s) to selected LAN.
4.
LAN
None
Select to which LAN to wireless access point(s).
7.5.2
LAN Networks
In this page you can create extra LAN networks, and assign them with LAN Ports and wireless access points. You
can get extra information on how to configure any of your LAN’s settings in section –
7.3 LAN
Field Name
Sample Value
Explanation
1.
LAN name
Lan
Specifies new LAN name
2.
Interface
name
eth0 tap0
Specifies LAN interface name
7.6
Firewall
In this section we will look over the various firewall features that come with RUT9.
7.6.1
General Settings
The routers firewall is a standard Linux iptables package, which uses routing chains and policies to facilitate
control over inbound and outbound traffic.
Page 68 / 145
68
Field Name
Sample value
Explanation
1.
Drop Invalid
packets
Checked/Unchecked
A “Drop” action is performed on a packet that is determined to be
invalid
2.
Input
Reject/Drop/Accept
DEFAULT* action that is to be performed for packets that pass through the
Input chain.
3.
Output
Reject/Drop/Accept
DEFAULT* action that is to be performed for packets that pass through the
Output chain.
4.
Forward
Reject/Drop/Accept
DEFAULT* action that is to be performed for packets that pass through the
Forward chain.
*DEFAULT: When a packet goes through a firewall chain it is matched against all the rules for that specific chain. If
no rule matches said packet, an according Action (either Drop or Reject or Accept) is performed.
Accept
–
Packet gets to continue down the next chain.
Drop
–
Packet is stopped and deleted.
Reject
–
Packet is stopped, deleted and, differently from Drop, an ICMP packet containing a message of rejection
is sent to the
source
of the dropped packet.
7.6.2
DMZ
By enabling DMZ for a specific internal host (for e.g.: your computer), you will expose that host and its services to
the routers WAN network (i.e. - internet).
Page 69 / 145
69
7.6.3
Port Forwarding
Here you can define your own port forwarding rules.
You can use port forwarding to set up servers and services on local LAN machines. The above picture shows how
you can set up a rule that would allow a website that is being hosted on 192.168.1.109, to be reached from the outside
by entering http://routersExternalIp:12345/.
Field Name
Sample value
Explanation
1.
Name
Enable_SSH_WAN_PASSTHROUGH
Name of the rule. Used purely to make it easier to
manage rules.
2.
Protocol
TCP/UDP/TCP+UDP/Other
Type of protocol of incoming packet.
3.
External Port
1-65535
From this port on the WAN network the traffic will be
forwarded.
4.
Internal IP address
IP address of some computer on
your LAN
The IP address of the internal machine that hosts
some service that we want to access from the outside.
5.
Internal port
1-65535
To that port on the internal machine the rule will
redirect the traffic.
When you click
edit
you can fine tune a rule to near perfection, if you should desire that.
Page 70 / 145
70
Field Name
Sample value
Explanation
1.
Name
ENABLE_SSH_WAN_PASSTHROUGH
Name of the rule. Used purely to make it easier to
manage rules.
2.
Protocol
TCP/UDP/TCP+
UDP/ICMP/Custom
You may specify multiple by selecting (custom) and
then entering protocols separated by space
3.
Source zone
LAN/VPN/WAN
Match incoming traffic from this zone only
4.
Source MAC address
any
Match incoming traffic from these MACs only
5.
Source IP address
any
Match incoming traffic from this IP or range only
7.
Source port
any
Match incoming traffic originating from the given
source port or port range on the client host only
8.
External IP address
any
Match incoming traffic directed at the given IP
address only
9.
External port
22
Match
incoming
traffic
directed
at
the
given
destination port or port range on this host only
10.
Internal zone
LAN/VPN/WAN
Redirect matched incoming traffic to the specified
internal zone
11.
Internal IP address
127.0.0.1
Redirect matched incoming traffic to the specified
internal host
12.
Internal port
any
Redirect matched incoming traffic to the given port
on the internal host
13.
Enable NAT loopback
Enable/Disable
NAT loopback enables your local network (i.e.
behind
your
router/modem)
to
connect
to a
forward-facing IP address (such as 208.112.93.73) of
a machine that it also on your local network
14.
Extra arguments
Passes additional arguments to iptables. Use with
care!