I suppose this might be a pretty dumb question, but I noticed the following:
add address=192.168.88.1/24 interface=ether7 network=192.168.88.0
add address=192.168.77.1/24 interface=ether6 network=192.168.77.0
Completely empty configuration, no firewall rules, anything, just assigning two addresses to two interfaces.
When I connect to ether7(let's say from 192.168.88.5), I can access the router via 192.168.77.1. But when I add a simple Forward Log rule in the Firewall, I don't see any forwarded traffic - it appears as Input chain traffic instead. Since the two addresses are on different networks, shouldn't it be treated as routing/forwarding between the two?
Re: Device accessible from any Address(/ip address)?
It's an address on a local interface so input for the router.
If you have another client on that 192.168.88.0 segment (let's say 192.168.88.2), it will not be reachable from 192.168.77.0-segment unless you make a proper routing rule and provided there is no forward rule blocking it.
If you have another client on that 192.168.88.0 segment (let's say 192.168.88.2), it will not be reachable from 192.168.77.0-segment unless you make a proper routing rule and provided there is no forward rule blocking it.
Re: Device accessible from any Address(/ip address)?
I see. I thought that it still has to be forwarded to the destination network so treated as routing. Thanks for explaining.
Re: Device accessible from any Address(/ip address)?
It's not about addresses, it's actually about (router's L3) interfaces. If L3 of router (which does routing and firewalling, in most cases you can think of CPU) receives packet via one of interfaces and ultimately sends the packet (possibly altered due to NAT) out via one of interfaces (it can even be the same one in certain cases), then it's using chain=forward. If packet is received via one of interfaces and is ultimately "consumed" by router's services (e.g. ssh service or DNS resolver or network stack in case of ICMP echo request), then it's using chain=input. If packet is generated by router's services (it can as well be a response to a packet handled by chain=input) and is ultimately sent out via one of interfaces, then it's chain=output. I don't know how packets using loopback interface (so created by router and consumed by another service if same router) are treated though.
So distinction between basic chains used doesn't depend on actual addresses, it only depends on path of a packet.
So distinction between basic chains used doesn't depend on actual addresses, it only depends on path of a packet.
Re: Device accessible from any Address(/ip address)?
No.. Unless there is a rule blocking it, it will be reachable. By default, routers route..
If you have another client on that 192.168.88.0 segment (let's say 192.168.88.2), it will not be reachable from 192.168.77.0-segment unless you make a proper routing rule and provided there is no forward rule blocking it.
Who is online
Users browsing this forum: No registered users and 12 guests