beautypg.com

Router port forwarding configuration – B&B Electronics WLNN-AN(ER,SE,SP.EK)-DP551 - Manual User Manual

Page 49

background image

Airborne Enterprise CLI Reference Manual

49

eth-route udp port 55899 accept
Allows all UDP traffic on port 55899 to be forwarded to the wireless network.

eth-route bcast ip 255.255.255.255 port 55899 relay
Allows UDP broadcast traffic on port 55899 to be forwarded to the wireless
network.

eth-route icmp ip 192.168.1.100 accept
Allows all ICMP traffic for IP address 192.168.1.100 to be relayed to the
wireless network.

When using the Ethernet firewall it is recommended that the eth-route-
default be set to drop and rules entered to address the exceptions. For
instance where an Ethernet client on the modules wired interface needs to
access a data server at 192.168.1.100 on port 2929 and a FTP server at
192.168.1.200, while allowing the Ethernet client to ping the data server, the
firewall configuration should look like the following:

eth-route-default drop
eth-route tcp ip 192.168.1.100 port 2929 allow
eth-route tcp ip 192.168.1.200 port 21 allow
eth-route icmp ip 192.168.1.100 allow

9.4

Router Port Forwarding Configuration

The modules Ethernet interface supports multiple Ethernet clients at one time.
The built-in DHCP server will provide IP addresses for multiple devices when the
appropriate DHCP requests are seen. When those client wish to access
resources on the wireless interface (public network) they can initiate the
connection (TCP, UDP, ICMP) and the router will handle all packet forwarding to
and from the Ethernet interface. When a resource on the public network wants to
access one of the clients on the Ethernet interface this can only be done, in case
where there is more than one client, if power forwarding is enabled and an
appropriate rule is configured.

To access a specific device on the Ethernet interface, from the public network, it
is necessary to create a rule which maps a port on the public interface to an
individual IP and port configuration on the Ethernet interface. Since this is a static
mapping (is part of a predefined rule) it is recommended that static IP addresses
be used on the Ethernet interface when port forwarding is being used.

When configured the public network IP interface will have a number of ports
defined and mapped to a group of IP/Port combinations. A single IP address can
have multiple rules; there is no restriction on the number of public ports linked to
any specific IP/Port combination on the Ethernet interface. Figure 7
demonstrates the use of this.

See also other documents in the category B&B Electronics Accessories communication: