Interfaces

From Wiki of WFilter NG Firewall
Jump to: navigation, search


Contents

1 Introduction

WFilter NGF can act as a gateway or network bridge.

  • A network bridge can be deployed transparently with no changes to your existing network. Most features are available in bridge mode.
  • In gateway deployment, all features are available, including VLAN, port forwarding, VPN... which are not available in bridge mode.

2 Gateway Deployment

Gateway deployment: WFilter NG Firewall acts as the gateway for local nework. Usually, your current gateway shall be replaced with WFilter NG Firewall. Network diagram:

Ros guide gateway.png

2.1 WAN

Interface gateway01.png

Interface gateway02.png

  • Protocol: PPPoE, DHCP, static IP.
  • Peer DNS: Use the dynamic assigned DNS server in PPPoE and DHCP protocols. If disabled, use the DNS servers configured in "DNS" instead.
  • MAC Clone: Modify the MAC address of this WAN interface.
  • VLAN ID: Enable 802.1q VLAN in this WAN interface.

2.2 LAN

Interface gateway05.png

Interface gateway03.png

Interface gateway04.png

  • You can have different subnet in every LAN interface. Or all LAN interfaces share a same subnet.
  • Each LAN interface can have a DHCP service.
  • When IP-MAC Binding is enabled, clients will always be assigned with the bound IP via DHCP service.

3 Bridge Deployment

Bridge Deployment: Build network bridge(s) on certain interfaces. With bridge deployment, you can transparently deploy WFilter, without changing current network topology. Network diagram:

Ros guide bridge.png

3.1 Settings

Interface bridge01.png

  • Each bridge has one LAN interface and one WAN interface.
  • You can build multiple bridges if needed.
  • You can setup a management interface to access web UI.

Interface bridge02.png

  • Management Interface:
    • The management interface is for web UI access, web authentication UI access...
    • IP, Mask: IP, Mask of the management interface.
    • Gateway: Gateway of the mangement interface. WFilter needs a gateway to access interface to get updates.
    • Subnet(s): local subnets to be managed. Syntax: 192.168.1.0/24, one subnet per line. "-" starts a subnet exception, for example: "-192.168.1.20/32".

Interface bridge03.png

You can build new bridges from "undefined interfaces". For new bridges, you only need to configure LAN & WAN interfaces.

Personal tools
Namespaces

Variants
Actions
Navigation
Tools