Interfaces
From Wiki of WFilter NG Firewall
(Difference between revisions)
Line 1: | Line 1: | ||
{{DISPLAYTITLE:Interfaces}} | {{DISPLAYTITLE:Interfaces}} | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
= Introduction = | = Introduction = |
Revision as of 23:48, 24 January 2018
Contents |
1 Introduction
WFilter NGF can act as a gateway or network bridge.
- A network bridge can be deployed transparently with no changes to your existing network. Most features are available in bridge mode.
- In gateway deployment, all features are available, including VLAN, port forwarding, VPN... which are not available in bridge mode.
2 Gateway Deployment
Gateway deployment: WFilter NG Firewall acts as the gateway for local nework. Usually, your current gateway shall be replaced with WFilter NG Firewall. Network diagram:
2.1 WAN
- Protocol: PPPoE, DHCP, static IP.
- Peer DNS: Use the dynamic assigned DNS server in PPPoE and DHCP protocols. If disabled, use the DNS servers configured in "DNS" instead.
- MAC Clone: Modify the MAC address of this WAN interface.
- VLAN ID: Enable 802.1q VLAN in this WAN interface.
2.2 LAN
- You can have different subnet in every LAN interface. Or all LAN interfaces share a same subnet.
- Each LAN interface can have a DHCP service.
- When IP-MAC Binding is enabled, clients will always be assigned with the bound IP via DHCP service.
3 Bridge Deployment
Bridge Deployment: Build network bridge(s) on certain interfaces. With bridge deployment, you can transparently deploy WFilter, without changing current network topology. Network diagram:
3.1 Settings
- Each bridge has one LAN interface and one WAN interface.
- You can build multiple bridges if needed.
- You can setup a management interface in the first bridge.
- Management Interface:
- The management interface is for web UI access, web authentication UI access...
- IP, Mask: IP, Mask of the management interface.
- Gateway: Gateway of the mangement interface. WFilter needs a gateway to access interface to get updates.
- Subnet(s): local subnets to be managed. Syntax: 192.168.1.0/24, one subnet per line.
You can build new bridges from "undefined interfaces". For new bridges, you only need to configure LAN & WAN interfaces.