Bridge network, Firewall – Ubiquiti Networks PowerBridgM User Manual
Page 49
46
Chapter 5: Network Tab
airOS
™
v5.5.4 User Guide
Ubiquiti Networks, Inc.
Action
You have the following options:
•
Add
Add a VLAN.
•
Edit
Make changes to a VLAN. Click Save to save your
changes.
•
Del
Delete a VLAN.
Bridge Network
(Available in Advanced view.) You can create one or
more bridge networks if you need complete Layer 2
transparency. This is similar to using a switch – all traffic
flows through a bridge, in one port and out another
port, regardless of VLANs or IP addresses. For example,
if you want to use the same IP subnet on both sides of a
device, then you create a bridge network. There are many
different scenarios that could require bridged interfaces,
so the Bridge Network section is designed to allow
flexibility.
Click the + button to display the Bridge Network section.
Enabled
Enables the specific bridge network. All
the added bridge networks are saved in the system
configuration file; however, only the enabled bridge
networks are active on the device.
Interface
The interface is automatically displayed.
STP
Multiple interconnected bridges create larger
networks using IEEE 802.1d Spanning Tree Protocol
(STP), which is used for finding the shortest path within a
network and eliminating loops from the topology.
If enabled, the device bridge communicates with other
network devices by sending and receiving Bridge Protocol
Data Units (BPDU). STP should be disabled (default setting)
when the device is the only bridge on the LAN or when
there are no loops in the topology, as there is no need for
the bridge to use STP in this case.
Ports
Select the appropriate ports for your bridge
network. (Virtual ports are available if you have created
VLANs.)
•
Add
Select a port.
•
Del
Delete a port.
Comment
You can enter a brief description of the
purpose for the bridge network.
Action
You have the following options:
•
Add
Add a bridge network.
•
Del
Delete a bridge network.
Firewall
(Available in Advanced view.) You can configure firewall
rules for the local and external network interfaces. Click
the + button to display the Firewall section.
Enable
Enables firewall functionality.
Enabled
Enables the specific firewall rule. All the added
firewall rules are saved in the system configuration file;
however, only the enabled firewall rules are active on the
device.
Target
To allow packets to pass through the firewall
unmodified, select ACCEPT. To block packets and send no
response, select DROP.
Interface
Select the appropriate interface where the
firewall rule is applied. To apply the firewall rule to all
interfaces, select ANY.
IP Type
Sets which specific Layer 3 protocol type (IP, ICMP,
TCP, UDP) should be filtered.
!
Can be used to invert the Source IP/Mask, Source Port,
Destination IP/Mask, and Destination Port filtering criteria.
For example, if you enable ! (Not) for the specified
Destination Port value 443, then the filtering criteria will
be applied to all the packets sent to any Destination Port
except port 443, which is commonly used by HTTPS.
Source IP/Mask
Check the box and specify the source IP
of the packet (specified within the packet header). Usually
it is the IP of the host system that sends the packets. For
example, if you enter 192.168.1.0/24, you are entering the
range of 192.168.1.0 to 192.168.1.255.
Source Port
Check the box and specify the source port of
the packet (specified within the packet header). Usually it
is the port of the host system application that sends the
packets.
Destination IP/Mask
Check the box and specify the
destination IP of the packet (specified within the packet
header). Usually it is the IP of the system which the packet
is addressed to. For example, if you enter 192.168.1.0/24,
you are entering the range of 192.168.1.0 to 192.168.1.255.
Destination Port
Check the box and specify the
destination port of the packet (specified within the
packet header). Usually it is the port of the host system
application which the packet is addressed to.
Comment
You can enter a brief description of the
purpose for the firewall rule.
All active firewall entries are stored in the FIREWALL chain
of the iptables filter table.