Firewall
The router firewall controls the forward packet streams from incoming network interfaces to outgoing network interfaces.
Last updated
The router firewall controls the forward packet streams from incoming network interfaces to outgoing network interfaces.
Last updated
Firewall rules add another layer of granularity to what can be forwarded across interfaces and which packets can be inputted and outputted.
The firewall can collect interfaces into zones to filter traffic logically. A zone can be configured to any set of interfaces. This simplifies the firewall rule logic somewhat by conceptually grouping the interfaces:
A rule for a packet originating in a zone must enter the router on one of the zone's interfaces,
A rule for a packet being forwarded to a zone must be exiting the router on one of the zone's interfaces.
After accessing the router, go to "Network > Firewall" to enter the "Firewall - Zone Settings". The "SYN-Flood Protection" is enabled by default. You can use the default firewall zone settings in most conditions.
Port forwarding applies network address translation (NAT) and redirects a communication request from one address and port number combination. Port Forwarding allows remote computers to connect the outdoor router within a private local-area network (LAN).
Log in to the router and go to "Network > Firewall."
Under the tab of "General Settings," change forward to "Accept."
In the Zones section, change the Forward on the row of WAN from "Reject" to "Accept."
Click the Save & Apply button on the bottom right corner.
Click the tab "Port Forwards" to enter the configure section on the New port forward section:
Name: Enter the reference name. e.g., Test
Protocol: Select "TCP, UDP, or TCP+UDP."
If you don't know the protocol, please choose TCP+UDP. Select TCP or UDP if you know whether it is TCP or UDP. It can effectively reduce resource consumption.
External Zone: Select "WAN"
External Port: Set the port number you want to access from the external network Suggest selecting the WAN port between 1025~25534. Do not use the standard ports occupied by the other services such as 23, 80, 433, 3389, 7700, 10080, etc.
Internal Zone: Select "LAN"
Internal IP Address: Select from the list of connected intranet hosts.
Internal Port: Enter the port number that needs to be forwarded from the intranet host
Click the button "Save & Apply" to execute the new settings.
The above example is forwarding a localhost 192.168.30.113:80 to WAN port 1180. So we can access the 80 port on the host of 192.168.30.113 from the public IP address plus port number 1180.
The public port forward does not change the accessing port in the local networks.
NAT Loopback is turned on after saving a new port forward rule. It allows the intranet terminal to access the local hosts using the public IP address of the routed external network interface. To reduce the consumption of router resources, you can click the "Edit" button on the saved port forward rule list to disable it.
The public port forwarding relies on a public IP address. Most 4G internet connections require a private IP address. Please get the public IP from the 4G carrier to activate the public port forwarding.
Use a WAN port; the 4G carrier has not been blocked.
Except for a public 4G IP address, you can also try to forward it to OpenVPN or WireGuard server through the VPN tunnel.
To access another host from the local network, we can set up intranet forwarding based on iptables on the firewall settings.
Go to "Network > Firewall," click the tab of "Custom Rules." Add the new iptable rules. Below are the example codes to forward 192.168.30.113:80 to router IP 192.168.30.1:1180.
iptables -t nat -A PREROUTING -d 192.168.30.1 -p tcp --dport 1180 -j DNAT --to-destination 192.168.30.113:80
iptables -t nat -A POSTROUTING -d 192.168.30.113 -p tcp --dport 80 -j SNAT --to 192.168.30.1
After accessing the router, go to "Network > Firewall > Traffic Rules: Open port on router" to add a new port on the 4G router.
Name: Input name of the new port
Protocol: Choose from TCP or UDP
External port: The new port number
After entering the above parameters, click the "Add" button. Then click the "Save & Apply" button on the bottom right corner. You will find the new port on the "Traffic Rules" list.