Differences

This shows you the differences between two versions of the page.

--- advanced-access [2023/09/12 17:16] – [LAN Access Notes] -add note that table entries only permit traffic in one direction hogwild
+++ advanced-access [2026/01/08 23:03] (current) – [LAN Access Notes and Troubleshooting] hogwild
@@ Line 1: / Line 1: @@
 ====== LAN Access ======
-This page allows you to define LAN-to-LAN traffic where it otherwise would be blocked.
+This menu allows you to define LAN-to-LAN traffic where it otherwise would be blocked.
  \\
-For example, let's say we have two LANs, one primary (LAN0/br0) and one secondary (LAN1/br1).
+For example, let's say we have two LANs, a primary one (LAN0/br0) and a secondary one (LAN1/br1). If you want devices on LAN0 to communicate with devices on LAN1 (and vice versa), you could use these settings:
-If you want devices on LAN0 to be able to communicate with devices on LAN1 (and vice versa), you might use these settings:
  \\
@@ Line 13: / Line 11: @@
 {{:pasted:20220126-183839.png}}\\   \\
-**On:** Checking this enables the rule defined on this row of the table.
+**On:** enables the rule defined on this row of the table.
-**Src:** This displays/allows you to configure the (Logical) Source LAN for the rule on that row of the table.
+ \\
-**Src Address:** This (optional) field narrows the rule to a specific IP address or set of addresses within the Src interface.
+**Src:** displays/lets you configure the (Logical) Source LAN for the rule on that row of the table.
-**Dst:** Here, you specify the (logical) Destination LAN for the rule on this row of the table.
+ \\
-**Dst Address: **(optional) narrows the rule to a specific IP address or set of addresses within the Dst interface.
+**Src Address:** lets you narrow the rule to a specific IP address/set of addresses within the Src interface.
-**Description:** This is a free text field in which to enter whatever you wish as a reminder, note etcetera.
+ \\
+**Dst:** here, specify the logical Destination LAN for the rule on this row of the table.
  \\
-\\
+**Dst Address: **(optionally), narrows the rule to a specific IP address/set of addresses within the Dst interface.
+ \\
+**Description:** a free text field in which you can enter whatever you wish, such as notes, reminders.
+ \\
+ \\
+===== LAN Access Notes and Troubleshooting =====
+  * On releases r2025.4 and earlier, regardless of LAN Access rules, a LANx device was able to reach (e.g. ping) all the router's LAN interfaces (only).
-===== LAN Access Notes =====
+  * On r2025.5 and later: FreshTomato LAN interfaces can only be reached from within the same subnet. Thus, a device at 192.168.10.10 can only reach the router at its address on the same subnet e.g. 192.168.10.1.
-Regardless of LAN Access rules, by default a LANx device is able to reach (e.g. ping) all the router's LAN interfaces (only). This is by design.
+  * All entries in this menu are one-way only. If you want hosts on LAN0 to communicate with hosts on LAN1, and vice versa, you'll need two entries in the table for that.
-All entries in the LAN Access table are one-way only. So, if you want hosts on LAN0 to be able to communicate with hosts on LAN1,
+  * LAN Access is an IP-level access control. Therefore, **all ports/protocols are automatically enabled**. If additional fine tuning is needed (for example, to allow only allow port 80/TCP) you'll need to manually configure the settings for that.
-you must create have entries in the table to achieve that. One allowing traffic from LAN0 to LAN1 and another allowing traffic from LAN1 to LAN0.
-LAN Access is an IP-level access control. This means that **all ports/protocols are automatically enabled**. If additional fine tuning is required (for example, you wanted to allow only allow port 80/TCP) you will need to manually configure settings instead.
  \\

FreshTomato Wiki

User Tools

Site Tools

Differences

Page Tools