User manual
20: Configuring firewall
_______________________________________________________________________________________________________
hides the local network from the Internet, SNAT hides the Internet from the local
network.
Source NAT and destination NAT are combined and used dynamically in IP
masquerading to make computers with private (192.168.x.x, etc.) IP addresses
appear on the Internet with the system's public WAN IP address.
20.10.4 True destination port forwarding
This usage is similar to SNAT, but as the destination IP address is not changed,
machines on the destination network need to be aware that they'll receive and
answer requests from a public IP address that is not necessarily theirs. Port
forwarding in this fashion is typically used for load balancing.
config redirect
option src wan
option src_dport 80
option dest lan
option dest_port 80
option proto tcp
20.10.5 Block access to a specific host
The following rule blocks all connection attempts to the specified host address.
config rule
option src lan
option dest wan
option dest_ip 123.45.67.89
option target REJECT
20.10.6 Block access to the internet using MAC
The following rule blocks all connection attempts from the client to the internet.
config rule
option src lan
option dest wan
option src_mac 00:00:00:00:00:00
option target REJECT
20.10.7 Block access to the internet for specific IP on certain times
The following rule blocks all connection attempts to the internet from
192.168.1.27 on weekdays between 21:00pm and 09:00am.
_______________________________________________________________________________________________________
© Virtual Access 2015
GW1000 Series User Manual
Issue: 2.4 Page 137 of 255