[TriLUG] ATT fiber installed and gateway/routing problem

Wes Garrison via TriLUG trilug at trilug.org
Sun Dec 4 17:22:31 EST 2016 

Can you create individual firewall rules on the 5268AC?

It may be possible to do NAT reflection by manually creating rules:
https://blog.laslabs.com/2013/06/nat-reflection-ubiquiti-edgerouter-lite-vyatta-and-dynamic-ip/

This is for the EdgeRouter Lite from UBNT, but may be possible with other
routers.  I didn't read through it very well, though.

_________________________________
Wesley S. Garrison
Network Engineer
Xitech Communications, Inc.
phone:  (919) 260-0803
fax:       (919) 932-5051
__________________________________
"Lead us not into temptation, but deliver us from email."

On Sun, Dec 4, 2016 at 5:14 PM, Christopher Merrill via TriLUG <
trilug at trilug.org> wrote:

> On Sun, Dec 4, 2016 at 4:54 AM, David Burton via TriLUG <trilug at trilug.org
> >
> wrote:
>
> > The 5268AC apparently does support a "DMZ+" mode, in which external
> traffic
> > is all routed to a particular LAN IP address. That's probably sufficient
> > for some people. However, that would not be sufficient for me, since I
> need
> > to route different ports to different LAN addresses.
> >
>
> Well, the on-screen docs for the AT&T-supplied Pace 5268AC say:
>
> "Allow all applications (DMZplus mode) - Set the selected computer in
> DMZplus mode. All inbound traffic, except traffic which has been
> specifically assigned to another computer using the "Allow individual
> applications" feature, will automatically be directed to this computer. The
> DMZplus-enabled computer is less secure because all unassigned firewall
> ports are opened for that computer."
>
> So you can still route specific ports to other computers. If those services
> also need the NAT reflection, then you'd still be out of luck.
>
> Chris
>
>
> --
> ------------------------------------------------------------------------ -
> Chris Merrill                           |  Web Performance, Inc.
> chris at webperformance.com                |  http://webperformance.com
> 919-845-7601 x701                       |  919-845-7601
>
> Web Performance: Website Load Testing Software & Services
> ------------------------------------------------------------------------ -
> --
> This message was sent to: Wes <wes at xitechusa.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  : http://www.trilug.org/mailman/
> options/trilug/wes%40xitechusa.com
> Welcome to TriLUG: http://trilug.org/welcome
>

More information about the TriLUG mailing list