7855 questions

9275 answers

14928 comments

12723 members

0 votes
36 views 3 comments
by
Ive asked this in another question, and am amazed that even two distributers of teltonika actually dont know. They have been looking for days...Teltonika refuse to also answer the question, as per support model..I find this totally crazy!

I simply have an 'interface' i call a LAN interface. This interface is assocated to a firewall zone called 'LAN'.

Any dhcp client gets a local address from the LAN 'iinterface' and gets access to the internet. OK great. Now, lets say i want to block (as a test) any pings to go from any DHCP client in the LAN 'zone' for exampl 192.168.1.5, to reach 1.1.1.1 in the wan zone?

Does anyone know the steps to do that? anyone...I have tried adding a rule but there is something not right.

In the GUI under firewall, you can only seem to set forwarding rules, almost as if the firewall is only dealing with incoming connections. What about filtering/dropping etc 'outbound' connections 'from' a DHCP client in private ip, 'out' to public ip addresses? How is this done??

HELP!! :-000

1 Answer

0 votes
by

Hello,

try this:

by
nah...this router is terrible in basic firewall config. The rule above works, BUT, lets say i change the 'source' address to a spcific IP in the LAN zone, (currently its blank as you example, i mean who knows what 'blank' means,) eg i put 192.168.1.20 in the source IP address, and leave all else alone, the LAN client at 192.168.1.20 can still ping 1.1.1.1.... Its totally hit and miss with this thing...now i see why distributers refuse to stock or support it..
by
whats in your general settings screen? clearly something is not right with the interaction between the 'rules' and the general settings...
by
having messed about for nearly 4 hours to do a basic outgoing rule, it seems that somewhere on this router there is an overaching rule that essentially allows ALL outbound traffic irrespective of rules in the traffic rules section, what zone its in or anything..

This is the easiest way to get a router working out of the box, but unless its clearly shown where the top rule to allow everything by default is located, and how to disable this, then work backwards to 'open up' the router, which is better for security, then its just a time waste.