FreshTomato Wiki

User Tools

Site Tools

Trace: adblock_dns_filtering bwlimit jffs sidebar qos-settings custom_ssl_cert_local_cert_authority web-nginx mac_address admin-tomatoanon logout
advanced-access

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
advanced-access [2023/09/11 18:36] – [LAN Access] -grammar, condense hogwildadvanced-access [2026/01/08 23:03] (current) – [LAN Access Notes and Troubleshooting] hogwild
Line 1: Line 1:
 ====== LAN Access ====== ====== LAN Access ======
  
-This page allows you to define LAN-to-LAN traffic where it otherwise would be blocked.+This menu allows you to define LAN-to-LAN traffic where it otherwise would be blocked.
  
  \\  \\
  
-For example, let's say we have two LANs, one primary (LAN0/br0) and one secondary (LAN1/br1). +For example, let's say we have two LANs, primary one (LAN0/br0) and a secondary one (LAN1/br1). If you want devices on LAN0 to communicate with devices on LAN1 (and vice versa), you could use these settings:
- +
-If you want devices on LAN0 to be able to communicate with devices on LAN1 (and vice versa), you might use these settings:+
  
  \\  \\
Line 13: Line 11:
 {{:pasted:20220126-183839.png}}\\   \\ {{:pasted:20220126-183839.png}}\\   \\
  
-**On:** Checking this enables the rule defined on this row of the table.+**On:** enables the rule defined on this row of the table.
  
-**Src:** This displays/allows you to configure the (Logical) Source LAN for the rule on that row of the table.+ \\
  
-**Src Address:** This (optionalfield narrows the rule to a specific IP address or set of addresses within the Src interface.+**Src:** displays/lets you configure the (LogicalSource LAN for the rule on that row of the table.
  
-**Dst:** Here, you specify the (logical) Destination LAN for the rule on this row of the table.+ \\
  
-**Dst Address: **(optional) narrows the rule to a specific IP address or set of addresses within the Dst interface.+**Src Address:** lets you narrow the rule to a specific IP address/set of addresses within the Src interface.
  
-**Description:** This is a free text field in which to enter whatever you wish as a remindernote etcetera.+ \\ 
 + 
 +**Dst:** herespecify the logical Destination LAN for the rule on this row of the table.
  
  \\  \\
  
-\\+**Dst Address: **(optionally), narrows the rule to a specific IP address/set of addresses within the Dst interface. 
 + 
 + \\ 
 + 
 +**Description:** a free text field in which you can enter whatever you wish, such as notes, reminders. 
 + 
 + \\ 
 + 
 + \\ 
 + 
 + 
 +===== LAN Access Notes and Troubleshooting =====
  
 +  * On releases r2025.4 and earlier, regardless of LAN Access rules, a LANx device was able to reach (e.g. ping) all the router's LAN interfaces (only).
  
-===== LAN Access Notes =====+  * On r2025.5 and later: FreshTomato LAN interfaces can only be reached from within the same subnet. Thus, a device at 192.168.10.10 can only reach the router at its address on the same subnet e.g. 192.168.10.1.
  
-Regardless of LAN Access rulesby default a LANx device is able to reach (e.g. ping) all the router's LAN interfaces (only). This is by design.+  * All entries in this menu are one-way only. If you want hosts on LAN0 to communicate with hosts on LAN1and vice versa, you'll need two entries in the table for that.
  
-LAN Access is an IP-level access control. This means that **all ports/protocols are automatically enabled**. If additional fine tuning is required (for example, you wanted to allow only allow port 80/TCP) you will need to manually configure settings instead.+  * LAN Access is an IP-level access control. Therefore, **all ports/protocols are automatically enabled**. If additional fine tuning is needed (for example, to allow only allow port 80/TCP) you'll need to manually configure the settings for that.
  
  \\  \\
advanced-access.1694453802.txt.gz · Last modified: by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki