Manualshelf

User's Manual

ManualsBrandsTranzeo Wireless Technologies ManualsElectronicsWIRELESS MESH ROUTER
71727374757677787980
EnRoute500 User’s Guide
TR0149 Rev. C5
78
12 Controlling Access to the EnRoute500
The EnRoute500 supports the following methods for restricting access to the node and the
network that it is connected to:
Firewall
Gateway firewall
Client-to-client communication blocking
White lists / black lists
12.1 Firewall
The EnRoute500 has a firewall that blocks traffic to the EnRoute500. This prevents client
devices attached to a node and devices on the mesh gateway WAN from connecting to the
node.
The firewall only affects packets destined for the EnRoute500. All traffic destined for
devices ‘past’ the EnRoute500 is not affected by the firewall. This means the firewall
needs to be enabled on every EnRoute500 or connected clients will have full access
to the EnRoute500’s private ports.
The firewall is enabled by selecting the ‘firewall’ interface and setting the ‘node.enable’
parameter.
> use firewall
firewall> set node.enable=yes
Lists of allowed source and destination ports for inbound TCP and UDP traffic can be
specified. These lists can be set with the following parameters in the ‘firewall’ interface:
node.tcp.allow.dest
node.tcp.allow.source
node.udp.allow.dest
node.udp.allow.source
The list of allowed ports must be a space-delimited string enclosed by quotes. The example
below shows how to set the TCP source ports parameters.
> use firewall
firewall> set node.tcp.allow.dest=”22 23 80 5280”
By default, the ports listed in Table 13 are set to be allowed.