Firewall rules Pepwave SoHo


#1

I want too completely isolate two NAS units from the internet so that they can only be accessed on the main LAN.

On Netgear routers its simple by setting the firewall to block all inbound and out bound traffic (all protocols) to the internet from a specific LAN IP address/s.

Can I do the same with the Soho firewall?

Any help would be appreciated.


#2

You can do the same rules up in the SOHO. You’ll need to create a rule in the Outbound and Inbound rule sets.


#3

Thanks for the response

Noticed in the inbound rules that

“The inbound firewall rules only apply to the following types of traffic:

  • Inbound traffic that is defined in Port Forwarding
  • Inbound traffic that is defined in Inbound NAT Mappings”

I’m not sure what to do with either of these.


#4

Ignore the inbound rules. Create an outbound rule, protocol any, source the IP of your NAS, destination any, action deny.


#5

Thanks Martin

That’s the rule I have set. It was the note about the inbound rules that confused me.

Peter Titmus
07831 782287


#6

Ah OK. So when the WANs are in NAT mode, the firewall is stateful - that is to say, any inbound traffic will be ignored and discarded unless it was sent to a port that has been intentionally opened (ie in an inbound port forwarding / nat mapping rule or one that is in use by an onboard service - like DNS, PPTP VPN etc), or is being sent by an external IP address in response to traffic that was just sent out to that IP from devices on the LAN.

If your router has WANs that are set to IP Forwarding rather than NAT, then the inbound rules will take affect on all traffic coming inbound on the WAN since NAT/the stateful firewall won’t be discarding anything.