NAT Router configuration

EdgeRouterNATSettings_2021-09-29_14-46-22.png


NAT Router Firewall configuration

As of Aug 15, 2023

Policy:

1 Firewall screen

2 Configure an IP group for the banned IPs.

In Fiwewall/NAT Groups tab, the IP groups can be configured. The listed IPs here is used to ban the access to the local machines including PortFowarded services (e.g., elog). One can add more IPs here when necessary.

FW_IP_GROUP.png

3-1 Firewall Policies for LAN to WAN access. There is only one policy registered. It blocks outgoing packets to the banned IPs. It is probably not necessary in a usual case. Still, at the time of the configuration, it seemed that there were established connections to these IPs needed to block outgoing packets.

FW_LAN1.png

3-2 Rejection setting to the banned IP group. It is important to enable it to make it active. (When you remove the rule, it needs to be disabled.)

FW_LAN2.png

3-3 Advanced Tab: It is important to check these states to make this filter work.

FW_LAN3.png

3-4 Destination Tab: Use "Address Group" to specify the destination. (Remember this is the outgoing packets)

FW_LAN4.png

4 In

FW_WAN_THROUGH1.png FW_WAN_IN1.png FW_WAN_IN2.png FW_WAN_IN3.png FW_WAN_IN4.png FW_WAN_IN5.png FW_WAN_IN6.png FW_WAN_IN7.png FW_WAN_IN8.png