Hi,
can someone help me clarify a few questions around the usage of the following (if possible in the context of RT-AX58U)
Setup (mulit-layer network)
We have two routers - a private network ("primariy" wirth RT-AX58U - WAN 192.... - LAN 10.1.10.1) and another private network ("sub" also with RT-AX58U - Local WAN: 10.1.10.2 and LAN 10.2.10.1) within that one.
ad1
When I have no firewall on, I can reach a specific service on the subnet just fine. My undersanding thus is that without a firewall, the subnet is just "wide open". Is that correct? <-
When I turn the firewall off, I cannot reach the service anymore, so only outbound requests would go out and be answered?
If I wanted to reach the service I would need a port forwarding, correct (and not just inbound rules)? <-
ad2 - what are the IP4 inbound rules?
I didn't find any description, thus was thinking these are "allow connection" rules, but it seems that they are further "disallow" rules?
I found the following:
with the comment from Colyn Taylor
How do I know that those rules are "disallow"? Where is some official note on that? <-
ad3 - port forwarding
In terms of the multi-layer network: Does that mean, that I will not be able to use port forwarding to access devices on the sub network IN THE CASE when the firewall is on (yes, I would like to have the firewall on, as the primary network is more of a "employee" network and the "sub" has very restictive access)? <-
Thank you for helping me learn and understand!
can someone help me clarify a few questions around the usage of the following (if possible in the context of RT-AX58U)
- firewall
- inbound firewall rules
- port forwarding
Setup (mulit-layer network)
We have two routers - a private network ("primariy" wirth RT-AX58U - WAN 192.... - LAN 10.1.10.1) and another private network ("sub" also with RT-AX58U - Local WAN: 10.1.10.2 and LAN 10.2.10.1) within that one.
ad1
When I have no firewall on, I can reach a specific service on the subnet just fine. My undersanding thus is that without a firewall, the subnet is just "wide open". Is that correct? <-
When I turn the firewall off, I cannot reach the service anymore, so only outbound requests would go out and be answered?
If I wanted to reach the service I would need a port forwarding, correct (and not just inbound rules)? <-
ad2 - what are the IP4 inbound rules?
I didn't find any description, thus was thinking these are "allow connection" rules, but it seems that they are further "disallow" rules?
I found the following:
IPv4 Firewall/Port-Forwarding - Appear to be the same thing on Asuswrt
I'm (fairly) new to Asuswrt-Merlin and I'm a little confused by the 'Firewall' and 'Port Forwarding' configuration. I'm coming from using a Draytek Vigor router where you have to set up both firewall and port-forwarding in IPv4 to get incoming ssh and smtp connections to work. It would appear...
www.snbforums.com
with the comment from Colyn Taylor
The Firewall - General > IPv4 Inbound Firewall Rules blocks all incoming traffic from specific sources.
Normally you would only use WAN - Virtual Server / Port Forwarding if you want to expose a LAN server to the internet. You can restrict incoming connections to this server to those from specific source ranges using CIDR notation (or multiple rules).
How do I know that those rules are "disallow"? Where is some official note on that? <-
ad3 - port forwarding
Please note that if the router is using a private WAN IP address (such as connected behind another router/switch/modem with built-in router/Wi-Fi feature), could potentially place the router under a multi-layer NAT network. Port Forwarding will not function properly under such environment.
In terms of the multi-layer network: Does that mean, that I will not be able to use port forwarding to access devices on the sub network IN THE CASE when the firewall is on (yes, I would like to have the firewall on, as the primary network is more of a "employee" network and the "sub" has very restictive access)? <-
Thank you for helping me learn and understand!