Home » Lantronix Manuals » Electronics Accessories » Lantronix X300 Series » Manual Viewer

Lantronix X300 Series X300 Series User Guide Rev B - Page 164

Traffic Rules, Network > Firewall > Traffic Rules

View all Lantronix X300 Series manuals

Add to My Manuals
Save this manual to your list of manuals

Page 164 highlights

11: Network Parameters Source MAC Address Source IP Address Source port External IP Address Enable NAT Loopback Extra arguments Description The rule will match incoming traffic from the specified source mac address. The rule will match incoming traffic from the specified source IP address. The rule will match incoming traffic from the specified source port number. Enter the external IP address of the gateway. Enable NAT loopback to allow one machine on the LAN network to access another machine on the LAN through the external IP address of the gateway Passes additional arguments to iptables. Should be used with care. Traffic Rules Network > Firewall > Traffic Rules Traffic rules are security policies that allow or restrict access to specific ports or hosts. Rule actions can be configured to accept, drop, or reject traffic. The following describes good practices for configuring traffic rules.  Block all traffic by default and explicitly enable specific traffic to known services.  Allow specific traffic, using the principle of least privilege.  Specify source IP address. It's okay to specify "any" if the service should be accessible to everyone on the Internet, otherwise, specify the source address.  Specify the destination IP address.  Specify the destination port. The value of the destination port should never be "any". Rule and zone matching The source and destination zones are tied to the target action.  If source and destination are given, the rule matches forwarded traffic.  If only source is given, the rule matches incoming traffic.  If only destination is given, the rule matches outgoing traffic.  If neither source nor destination are given, the rule defaults to an outgoing traffic rule. To view traffic rules, go to Network > Firewall > Traffic Rules. See Table 11-28 for a description. You can also enable or disable the traffic rule from this page view. Parameters Name Match Table 11-28 Firewall Zone Traffic Rules Description Displays the name of the traffic rule. Displays the details of the traffic rule configuration and the conditions in which the rule is applicable. X300 Series IoT Cellular Gateway User Guide 164

Section	Page
X300 Series IoT Cellular Gateway User Guide	1
Contents	4
List of Figures	10
List of Tables	11
1: About this Guide	15
Purpose	15
Summary of Chapters	15
Additional Documentation	17
2: Introduction	18
Key Features	18
InfiniShield™ Security	18
Software Features	18
Lantronix Software Services	19
Applications	19
SKU Information	19
Hardware Components	21
General Specification	21
Front Panel	22
Back Panel	24
LEDs	25
Cellular	26
SIM Slot	27
Antenna Connections	27
Certified Antennas	27
Antenna Selection	27
Ethernet Port (LAN)	28
Serial Port	29
Power Input	30
Power Consumption	30
Reset Button	30
Product Label	31
3: Installation	32
Package Contents	32
User Supplied Items	32
Accessories	33
Preparing to Install	34
Enabling DHCP Client on Your Computer	34
SIM Card Management	34
SIM Card Activation	34
SIM Management Portal	35
Second SIM Card	35
Lantronix Connectivity Services Links	35
Physical Installation	35
Insert SIM Card	35
Connect the Antennas	37
Connect the AC Power	37
Connect the Gateway to a Computer	38
Connect using Wi-Fi	38
Connect using Ethernet	38
Default Configuration	40
Web Admin Page	40
Wireless Access Point SSID	40
Default Interface Configuration	40
4: Web Administration Interface	41
Logging In	42
Change Passwords After Initial Login	43
Logging Out	44
5: Using Lantronix Provisioning Manager	45
Installing Lantronix Provisioning Manager	45
Accessing the Gateway Using Lantronix Provisioning Manager	45
6: Quick Setup	46
Quick Setup	46
7: Status	48
Overview (Page)	48
System Status	48
ConsoleFlow Status	49
Memory Status	50
MWAN Interfaces Status	50
Firewall Status	50
Network Status	51
Cellular Status	52
Network Status	53
Active DHCP and DHCPv6 Leases Status	53
Wireless Status	54
Dynamic DNS Status	54
Routes	55
System Log	56
Kernel Log	56
Processes	56
Realtime Graphs	57
Load	57
Traffic	58
Wireless	58
Connection	59
Load Balancing	61
Interface	61
Detail	61
Diagnostics	61
Troubleshooting	61
8: System	62
System	62
General Settings	62
Logging	63
Time Synchronization	64
Language and Style	65
Administration	65
Router Password	65
SSH Access	65
SSH-Keys	66
Software	66
Configure OPKG	67
Startup	68
Initscripts	68
Local Startup	69
Scheduled Tasks	69
LED Configuration	70
Backup / Flash Firmware	72
Actions	72
Configuration	73
Custom Commands	73
Write Custom Shell Command	73
Run Custom Shell Command	74
Reboot	74
Schedule a Reboot	74
9: VPN	76
IPsec (Internet Protocol Security)	76
OpenVPN	80
OpenVPN Instances	80
Template-based Configuration	82
Predefined templates	82
Edit the template-based configuration	82
OpenVPN Configuration File	82
Edit the OVPN Configuration File	82
10: Services	83
Agents	83
DOTA	84
Lantronix Server	84
Custom Server	84
Dynamic DNS	86
External Filesystems	89
GPS	90
Description of NMEA Messages	91
GPGGA Format	92
GPRMC Format	93
GPGSV Format	94
GPGSA Format	95
GPVTG Format	96
Keepalived	98
Keepalived Configuration	98
Logs Information	101
Page Selector	101
Reporting Agent	102
Sending Data	103
Data Format	104
Service Actions	104
SMS	105
SMS Configuration	105
SMS AT Commands	105
Ethernet SMS	108
Live Message	109
SNMPD	110
SNMP Architecture	110
SNMP Versions	110
SNMP Configuration	111
Agent Behavior	111
View-based Access Control Model (VACM)	111
SNMPv3 with User-based Security Model (USM)	112
System Information and Monitoring	112
Active Monitoring	112
Configure SNMPv1 or SNMPv2	113
Configure SNMPv3 with USM	113
SNMPTRAPD	120
SNMP-TRAP Configuration	120
uHTTPd	123
Web Server Configuration	123
Self-Signed SSL Certificate Parameters	125
11: Network	126
Interfaces	126
Interfaces Overview	126
Interface Status	128
Interface Protocols	129
Protocol Descriptions	130
Static Address	130
DHCP Client	132
DHCPv6 Client	134
PPPoE	135
QMI Cellular	138
CELLULAR Interface	140
LAN Interface	141
DHCP Server	141
WWAN and WWAN6 Interface	143
Add Virtual Interface	144
Relay Bridge	147
Wireless	148
Wireless Network Configuration	149
DHCP and DNS	152
General Settings	152
Resolv and Host Files	153
TFTP Settings	153
Advanced Settings	154
Static Leases	155
Hostnames	156
Static Routes	156
Static IPv4 Routes	156
Static IPv6 Routes	157
Diagnostics	159
Firewall	160
General Settings	160
Firewall Global Settings	160
Firewall Zones	161
Port Forwards	163
Add Port Forwarding Rule	163
Traffic Rules	164
Add Traffic Rule	165
Custom Rules	166
QoS	167
Load Balancing	169
How it works	169
Globals	169
Interfaces	170
Members	172
Policies	173
Rules	175
Notification	176
12: Bluetooth	177
Bluetooth Settings	177
Configure Bluetooth settings	177
Scan for and Pair a Device	177
Bluetooth SPP	178
Configure Bluetooth SPP Connection	179
Configure Tunnel SPP Slave	179
Configure Tunnel SPP Master	179
13: ConsoleFlow	181
Client	181
ConsoleFlow Line	182
14: Discovery	184
Query Port	184
15: Serial	185
Serial Line Statistics	185
Serial Line Configuration	185
16: SSL	187
Credentials	187
Trusted Authorities	188
17: Tunnel	190
Tunnel Statistics	190
Tunnel Modbus RTU to Modbus TCP	190
Tunnel Accept	191
Tunnel Connect	194
Hosts	195
Connecting Multiple Hosts	196
Tunnel Disconnect	197
A: Compliance Information	198
FCC Statement	199
Federal Communication Commission Interference Statement	199
ISED Statement	200
EU Declaration of Conformity	201
EU Statements	204
RF Output Power of X303F202S	210
RF Output Power of X304G002S	211
B: Power Cable Schematic	212
Power Cable Schematic	212
C: List of Acronyms and Protocols	213

Match case Limit results 1 per page

11: Network

X300 Series IoT Cellular Gateway User Guide

164

Traffic Rules

Network > Firewall > Traffic Rules

Traffic rules are security policies that allow or restrict access to specific ports or hosts. Rule

actions can be configured to accept, drop, or reject traffic.

The following describes good practices for configuring traffic rules.



Block all traffic by default and explicitly enable specific traffic to known services.



Allow specific traffic, using the principle of least privilege.



Specify source IP address. It’s okay to specify “any” if the service should be accessible to

everyone on the Internet, otherwise, specify the source address.



Specify the destination IP address.



Specify the destination port. The value of the destination port should never be “any”.

Rule and zone matching

The source and destination zones are tied to the target action.



If source and destination are given, the rule matches forwarded traffic.



If only source is given, the rule matches incoming traffic.



If only destination is given, the rule matches outgoing traffic.



If neither source nor destination are given, the rule defaults to an outgoing traffic rule.

To view traffic rules, go to Network > Firewall > Traffic Rules. See

Table 11-28

for a description.

You can also enable or disable the traffic rule from this page view.

Table 11-28

Firewall Zone Traffic Rules

Source MAC Address

The rule will match incoming traffic from the specified source mac

address.

Source IP Address

The rule will match incoming traffic from the specified source IP

address.

Source port

The rule will match incoming traffic from the specified source port

number.

External IP Address

Enter the external IP address of the gateway.

Enable NAT Loopback

Enable NAT loopback to allow one machine on the LAN network to

access another machine on the LAN through the external IP address of

the gateway

Extra arguments

Passes additional arguments to iptables. Should be used with care.

Parameters

Description

Name

Displays the name of the traffic rule.

Match

Displays the details of the traffic rule configuration and the conditions in

which the rule is applicable.

Parameters

Description