Differences

This shows you the differences between two versions of the page.

doc:uci:firewall [2014/03/03 13:45]
ayaka more security
doc:uci:firewall [2014/08/22 17:21] (current)
zorun Fix SSH redirection example
Line 90: Line 90:
//Redirects are also commonly known as "port forwarding", and "virtual servers".// //Redirects are also commonly known as "port forwarding", and "virtual servers".//
 +
 +Port ranges are specified as ''start:stop'', for instance ''6666:6670''.  This is similar to the iptables syntax.
The options below are valid for //redirects//: The options below are valid for //redirects//:
Line 134: Line 136:
  * If only ''dest'' is given, the rule matches //outgoing// traffic   * If only ''dest'' is given, the rule matches //outgoing// traffic
  * If neither ''src'' nor ''dest'' are given, the rule defaults to an //outgoing// traffic rule   * If neither ''src'' nor ''dest'' are given, the rule defaults to an //outgoing// traffic rule
 +
 +Port ranges are specified as ''start:stop'', for instance ''6666:6670''.  This is similar to the iptables syntax.
Valid options for this section are: Valid options for this section are:
Line 261: Line 265:
This example enables machines on the internet to use SSH to access your router. This example enables machines on the internet to use SSH to access your router.
-==== Forwarding ports (Destination NAT/DNAT) ====+==== Port forwarding for IPv4 (Destination NAT/DNAT) ====
This example forwards http (but not HTTPS) traffic to the webserver running on 192.168.1.10: This example forwards http (but not HTTPS) traffic to the webserver running on 192.168.1.10:
Line 277: Line 281:
<code> <code>
-config 'redirect' +config redirect 
-        option 'name' 'ssh' +        option src      wan 
-        option 'src' 'wan' +        option src_dport 5555 
-        option 'proto' 'tcpudp' +        option proto     tcp 
-        option 'src_dport' '5555' +        option dest      lan 
-        option 'dest_ip' '192.168.1.100' +        option dest_ip   192.168.1.100 
-        option 'dest_port' '22+        option dest_port 22 
-        option 'target' 'DNAT' +</code> 
-        option 'dest' 'lan'+ 
 +==== Port forwarding for IPv6 ==== 
 + 
 +To open port 80 so that a local webserver at ''2001:db8:42::1337'' can be reached from the Internet: 
 + 
 +<code> 
 +config rule 
 +        option src      wan 
 +        option proto    tcp 
 +        option dest      lan 
 +        option dest_ip  2001:db8:42::1337 
 +        option dest_port 80 
 +        option family    ipv6 
 +        option target   ACCEPT 
 +</code> 
 + 
 +To open SSH access to all IPv6 hosts in the local network: 
 + 
 +<code> 
 +config rule 
 +        option src      wan 
 +        option proto    tcp 
 +        option dest     lan 
 +        option dest_port 22 
 +        option family    ipv6 
 +        option target    ACCEPT 
 +</code> 
 + 
 +To open all TCP/UDP port between 1024 and 65535 towards the local IPv6 network: 
 + 
 +<code> 
 +config rule 
 +        option src      wan 
 +        option proto    tcpudp 
 +        option dest      lan 
 +        option dest_port 1024:65535 
 +        option family    ipv6 
 +        option target    ACCEPT
</code> </code>

Back to top

doc/uci/firewall.1393850717.txt.bz2 · Last modified: 2014/03/03 13:45 by ayaka