![]() Header: family inet hashsize 1024 maxelem 65536 Verify that the WAN2 interface is UP and that it is assigned an IP address by running the following command: show interfaces sudo ipset list ADDRv4_eth2Ĭodes: S - State, L - Link, u - Up, D - Down, A - Admin Down Connect to the USG via SSH.SSH using WindowsSSH using macOSĨ. SSH access to your devices must be enabled within Settings > System Settings > Controller Configuration > Device SSH Authentication.ħ. The next step is to access the USG using the Command Line Interface (CLI) and add a custom Destination NAT (DNAT) rule. Port Group: https (select from any previously created firewall port groups)Ħ.Match all protocols except for this: disabled.Rule Applied: After (after predefined rules).Enabled: turned on when ready to take this rule live.Fill in the information, selecting the previously created Port Group and apply changes. Navigate to Settings > Security > Internet Threat Management > Firewall > Internet and create new rule.ĥ. ![]() Fill in the information and specify the port that needs to be allowed through the firewall (443 in this example) and apply changes.Ĥ. Create a new Firewall Port Group by clicking Create New Group.ģ. Begin by creating a new custom Firewall Rule within Settings > Security > Internet Threat Management > Firewall > Internet section.Ģ. Afterwards, the file needs to be created or updated to incorporate the custom configuration into UniFi Network.ġ. It is necessary to manually create a Destination NAT (DNAT) rule using the Command Line Interface (CLI) and a custom Firewall Rule using the UniFi Network application. See the UniFi – USG/USG-Pro: Advanced Configuration Using JSON article for more information on using the JSON file.įollow the steps below to forward ports on the WAN2 interface of the USG models. USG/USG-Pro: Forwarding Ports on WAN2 using Destination NATĪTTENTION: This is an advanced configuration that requires creating and modifying the file. You can verify the automatically created rules in the Settings > Security > Internet Threat Management > Firewall > Internet section. The firewall rule(s) needed for the new Port Forwarding rule you created are automatically added.ĥ. Note: On the USG models, it is necessary to manually configure a Destination NAT (DNAT) + WAN firewall rule to forward ports on the WAN2 interface, see the section below.Ĥ. The port used by the internal LAN host, for example TCP port 443. The IP address used by the internal LAN host, for example 192.168.1.10. You can forward TCP port 10443 to TCP port 443, for example. This does not need to match the port used on the internal LAN host. The WAN port that the clients on the Internet connect to, for example 443. It is possible to limit the allowed hosts by specifying an IP address (for example 198.51.100.1) or subnet range (for example 198.51.100.0/24). Set to Anywhere by default, meaning all hosts. ![]() The clients on the Internet that are allowed to use the Port Forwarding rule. Interface: WAN / WAN2 / Both (UDM Pro only). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |