27: Configuring firewall
_______________________________________________________________________________________________________
_____________________________________________________________________________________________________
© Virtual Access 2017
GW1000 Series User Manual
Issue: 1.9 Page 261 of 350
If it is routable through the interface from which it came, then the machine will accept
the packet
If it is not routable through the interface, which it came, then the machine will drop that
packet.
config interface 'Vlan12'
option type 'bridge'
option proto 'static'
option monitored '0'
option ipaddr '10.1.28.122'
option netmask '255.255.0.0'
option ifname 'eth1 eth3.12'
option ipv4_rp_filter '1'
27.7.11 Simple DMZ rule
The following rule redirects all WAN ports for all protocols to the internal host
192.168.1.2.
config redirect
option src wan
option proto all
option dest_ip 192.168.1.2
27.7.12 Transparent proxy rule (external)
The following rule redirects all outgoing HTTP traffic from LAN through an external proxy
at 192.168.1.100 listening on port 3128. It assumes the router LAN address to be
192.168.1.1 - this is needed to masquerade redirected traffic towards the proxy.
config redirect
option src lan
option proto tcp
option src_ip !192.168.1.100
option src_dport 80
option dest_ip 192.168.1.100
option dest_port 3128
option target DNAT
config redirect
option dest lan
option proto tcp
To Next Page
Loading...