WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

RUT955 Can I create zones (to combine wan and openvpn interface for portforwarding rules)?

+1 vote
1,111 views 2 comments
by
Hi,

I need to set Portforwarding Rules both for wan and openvpn interface.

In the PF rule dialog, I can select only 1 zone as source.

Is there a way to create a new zone with both interfaces wan and openvpn?
Or can you modify the Port Forware rule settings page, so that I can select multiple source and destination zones?

Right now I need to create each rule twice, which takes a lot of time.

Thanks
Torsten

1 Answer

0 votes
by anonymous

Hello,

No, multiple zones cannot be used in single firewall rule. However, there are few things, which might ease the rule creating process:

 - To begin with, take note that in single port forwarding rule you can specify "port range" and not just single TCP/UDP port. (Example: instead of creating 5 separate rules for ports 5001, 5002, 5003, 5004, 5005, you can just create one rule with "5001-5005" ports specified in both "External port"/"Internal port" fields)

 - If you have to have a lot of port forwarding rules (e.g. each for specific device in router's LAN), you can either:

   a) create these rules once for one single interface (e.g. WAN) from WebUI, then connect to router via SSH and duplicate necessary rules and change their "Source zone"

   b) create all of the rules from SSH entirely. When doing so, I would recommend to create 2 port forwarding rules, each for each "Source zone". Then connect to router via SSH and configure adding desired amount of rules following previously created rule structure.

The process would look like this:

1. Connect to router via SSH (e.g. using "Putty" software for windows OS):

  • SSH login: root
  • SSH password: <your router's password>

2. Open "Firewall" configuration and inspect how rules, which you have created from WebUI, are described in router's configuration file:

  • cat /etc/config/firewall

3. Copy rule structure into, e.g. "notepad" application (since it is easier to edit rule in notepad, than from SSH). Keep duplicating same rule and then change IP address/Port number so that in the end you would have all your desired firewall rules listed in this "notepad" file.

4. Open firewall configuration file in editable format and copy all your firewall rules to it. Make sure to not duplicate the rules (i.e. so that rules, which you have already created from WebUI, would not be added again from SSH). To open firewall configuration file in editable format:

  • vi /etc/config/firewall
  • press "a" keyboard button
  • navigate with keyboard arrow keys to the bottom of configuration file
  • paste your firewall rules
  • press "esc" keyboard button
  • type ":x" and press enter
  • reboot the router for rules to take effect.

Would be waiting for your feedback if this method was relevant for you and, if yes, did it actually helped to configure port forwarding rules faster.

by anonymous
Thanks, it saved me a lot of time to copy, modify and paste the rules via SSH in the /etc/config/firewall file.
by anonymous
Ok thank you for the answer.

I suspected that there was not necessarily a quick way to do it but thank you anyway.