Skip to end of metadata
Go to start of metadata


Description:

If a router operates several Internet connections (e.g. for a load balancer), all connections other than the first one (which usually has the routing tag 0) need to be specified with default routes with routing tags other than 0 in order for them to be addressed. If they are individual connections and not a load balancer, the default routes must be created in order for the Internet connection to be established at all. 

As of LCOS 10.40, a port forwarding and a VPN dial-in on an Internet connection with a routing tag other than 0 require an entry in the WAN tag table, otherwise the response packets will not be routed over this Internet connection. Instead, the response packets will be sent via the Internet connection with routing tag 0. Furthermore, a firewall rule has to be created to then remove the tag set by the WAN tag table. Otherwise, packets intended for the local network will be sent out over the Internet connection again. 


Requirements:


Scenario:

  • Two Internet connections have been set up (INTERNET and INTERNET2).
  • Port forwarding should use the Internet connection INTERNET2 with the routing tag 1.


Procedure:

Configure the WAN tag table:

1) Open the configuration for the router in LANconfig and switch to the menu item Communication → Remote Sites → WAN tag table.

2) Create a new entry and adjust the following parameters:

  • Remote site: From the drop-down menu, select the Internet remote site to be used for port forwarding or the VPN dial-in (in this example INTERNET2).
  • Interface tag: Enter the routing tag of the Internet remote site (in this case, tag 1).



Configure the firewall rule:

1) Navigate to the menu Firewall/QoS → IPv4 Rules → Rules.

2) For the name of this rule, enter a descriptive name and set the routing tag to 65535. This will remove all tags and set the tag to 0. This enables access to all networks.

3) Switch to the Actions tab, delete the object REJECT and add the object ACCEPT instead.

4) Go to the Stations tab, set the Connection destination to the option Connections from the following stations and click on Add → Add custom station.

5) Select the option An IP address or range of addresses and use From IP address and To IP address to specify the IP address of the forwarding destination in the local network (in this example 192.168.1.250).

6) Navigate to the Services tab. Under Protocols/target services select the option the following protocols/target services and click Add.

7) Select the protocol for port forwarding (in this example HTTPS).

8) The firewall rule table should appear as shown below.

9) This concludes the configuration. Write the configuration back to the router.