FreshTomato Wiki

User Tools

Site Tools

Trace: advanced-vlan advanced-access
advanced-access

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
advanced-access [2024/11/27 01:30] – [LAN Access] -Condense, formatting hogwildadvanced-access [2026/01/08 23:03] (current) – [LAN Access Notes and Troubleshooting] hogwild
Line 1: Line 1:
 ====== LAN Access ====== ====== LAN Access ======
  
-This page allows you to define LAN-to-LAN traffic where it otherwise would be blocked.+This menu allows you to define LAN-to-LAN traffic where it otherwise would be blocked.
  
  \\  \\
  
-For example, say we have two LANs, one primary (LAN0/br0) and one secondary (LAN1/br1). +For example, let'say we have two LANs, primary one (LAN0/br0) and secondary one (LAN1/br1). If you want devices on LAN0 to communicate with devices on LAN1 (and vice versa), you could use these settings:
- +
-If you want devices on LAN0 to communicate with devices on LAN1 (and vice versa), you might use these settings:+
  
  \\  \\
Line 13: Line 11:
 {{:pasted:20220126-183839.png}}\\   \\ {{:pasted:20220126-183839.png}}\\   \\
  
-**On:** checking this enables the rule defined on this row of the table.+**On:** enables the rule defined on this row of the table.
  
  \\  \\
Line 25: Line 23:
  \\  \\
  
-**Dst:** here, you specify the (logicalDestination LAN for the rule on this row of the table.+**Dst:** here, specify the logical Destination LAN for the rule on this row of the table.
  
  \\  \\
Line 37: Line 35:
  \\  \\
  
-\\+ \\ 
 + 
 + 
 +===== LAN Access Notes and Troubleshooting ===== 
 + 
 +  * On releases r2025.4 and earlier, regardless of LAN Access rules, a LANx device was able to reach (e.g. ping) all the router's LAN interfaces (only).
  
 +  * On r2025.5 and later: FreshTomato LAN interfaces can only be reached from within the same subnet. Thus, a device at 192.168.10.10 can only reach the router at its address on the same subnet e.g. 192.168.10.1.
  
-===== LAN Access Notes =====+  * All entries in this menu are one-way only. If you want hosts on LAN0 to communicate with hosts on LAN1, and vice versa, you'll need two entries in the table for that.
  
-  * Regardless of LAN Access rules, by default a LANx device is able to reach (e.g. ping) all the router's LAN interfaces (only). This is by design. +  * LAN Access is an IP-level access control. Therefore, **all ports/protocols are automatically enabled**. If additional fine tuning is needed (for example, to allow only allow port 80/TCP) you'll need to manually configure the settings for that.
-  * All entries in LAN Access are one-way only. For example, if you want hosts on LAN0 to be able to communicate with hosts on LAN1, and vice versa, you'll need two entries in the table to achieve that. +
-  * LAN Access is an IP-level access control. Therefore, **all ports/protocols are automatically enabled**. If additional fine tuning is needed (for example, you want to allow only allow port 80/TCP) you'll need to manually configure settings instead.+
  
  \\  \\
advanced-access.1732671033.txt.gz · Last modified: by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki