User's Manual
Table Of Contents
- Dynamic DNS Setup
- Filters
- Firewall
- Parental Control
- Certificate
- Logs
- Traffic Status
- User Account
- TR-069 Client
- System Settings
- Firmware Upgrade
- Backup/Restore
- Remote Management
- Diagnostic
- Troubleshooting
- Setting up Your Computer’s IP Address
- IP Addresses and Subnetting
- Pop-up Windows, JavaScripts and Java Permissions
- Wireless LANs
- IPv6
- Services
- Legal Information
- Index
Chapter 15 Firewall
AMG1302/AMG1202-TSeries User’s Guide
189
1 A computer on the LAN initiates a connection by sending out a SYN packet to a receiving server on
the WAN.
2 The AMG1302/AMG1202-TSeries reroutes the SYN packet through Gateway A on the LAN to the
WAN.
3 The reply from the WAN goes directly to the computer on the LAN without going through the
AMG1302/AMG1202-TSeries.
As a result, the AMG1302/AMG1202-TSeries resets the connection, as the connection has not been
acknowledged.
Figure 92 “Triangle Route” Problem
15.6.4.2 Solving the “Triangle Route” Problem
If you have the AMG1302/AMG1202-TSeries allow triangle route sessions, traffic from the WAN can
go directly to a LAN computer without passing through the AMG1302/AMG1202-TSeries and its
firewall protection.
Another solution is to use IP alias. IP alias allows you to partition your network into logical sections
over the same Ethernet interface. Your AMG1302/AMG1202-TSeries supports up to three logical
LAN interfaces with the AMG1302/AMG1202-TSeries being the gateway for each logical network.
It’s like having multiple LAN networks that actually use the same physical cables and ports. By
putting your LAN and Gateway A in different subnets, all returning network traffic must pass
through the AMG1302/AMG1202-TSeries to your LAN. The following steps describe such a scenario.
1 A computer on the LAN initiates a connection by sending a SYN packet to a receiving server on the
WAN.
2 The AMG1302/AMG1202-TSeries reroutes the packet to Gateway A, which is in Subnet 2.
3 The reply from the WAN goes to the AMG1302/AMG1202-TSeries.
4 The AMG1302/AMG1202-TSeries then sends it to the computer on the LAN in Subnet 1.
1
2
3
WAN
LAN
A
ISP 1
ISP 2