Connection state New
List box {Off; On}, default = "Off" - active only for TCP protocolRelates to the first packet when a
TCP connection starts (Request from TCP client to TCP server for opening a new TCP connection).
Used e.g. for allowing to open TCP only from RipEX2 network to outside.
Connection state Established
List box {Off; On}, default = "Off" - active only for TCP protocolRelates to an already existing TCP
connection. Used e.g. for allowing to get replies for TCP connections created from RipEX2 network
to outside.
Connection state Related
List box {Off; On} default = "Off", active only for TCP protocolA connection related to the "Established"
one. e.g. FTP typically uses 2 TCP connections control and data, where data connection is created
automatically by using dynamic ports.
Note
L2/L3 firewall settings do not impact the local ETH access, i.e. settings never deny access
to a locally connected RipEX2 (web interface, ping, ...).
Note
Ports 443 and 8889 are used (by default, can be overridden) internally for service access.
Exercise caution when making rules which may affect datagrams to/from these ports in L3
Firewall settings. Management connection to a remote RipEX2 may be lost, when another
RipEX2 acts as a router along the management packets route and port 443 (or 8889) is
disabled in firewall settings of that routing RipEX2 (RipEX2 units uses iptables "forward").
Note
L3 Firewall settings do not impact packets received and redirected from/to Radio channel.
The problem described in NOTE 2 will not happen, if the affected RipEX2 router is a radio
repeater, i.e. when it uses solely the radio channel for input and output.
7.3.3. NAT - Network address translation
Network address and port translation
(
NAPT
) is a method of mapping an IP address (or port) space
into another by modifying network address information in the IP header of packets while they are in
transit across a traffic routing device.
7.3.3.1. Source NAT
Source Network Address Translation (SNAT) - rewrites the source address and/or port within the
leaving connection. It also performs opposite changes for returning packets. SNAT also:
• Allows to pretend, that the packets come from a device, that performs SNAT.
• Performs during packet output from a device (after routing and filtering in firewall) .
RipEX2 Radio modem & Router – © RACOM s.r.o.
126
Settings