Firewall Settings

The router firewall controls the forward packet streams from incoming network interfaces to outgoing network interfaces.

Firewall rules add another layer of granularity to what can be forwarded across interfaces and which packets can be inputted and outputted.


Firewall Zones

The firewall can collect interfaces into zones to filter traffic logically. A zone can be configured to any set of interfaces. This simplifies the firewall rule logic somewhat by conceptually grouping the interfaces:

  • A rule for a packet originating in a zone must enter the router on one of the zone's interfaces,

  • A rule for a packet being forwarded to a zone must exit the router on one of the zone's interfaces.

After accessing the router, go to "Network > Firewall" to enter the "Firewall - Zone Settings." The "SYN-Flood Protection" is enabled by default. You can use the default firewall zone settings in most conditions.


Port Forwarding

Port forwarding applies network address translation (NAT) and redirects a communication request from one address and port number combination. Port Forwarding allows remote computers to connect the outdoor router within a private local-area network (LAN).

General Settings

Log in to the router, go to "Network > Firewall."

  • Under the tab of "General Settings," change forward to "Accept."

  • In the Zones section, change the Forward on the row of WAN from "Reject" to "Accept."

  • Click the Save & Apply button on the bottom right corner.

Public Port Forwards

Click the tab "Port Forwards" to enter the configure section on the New port forward section:

  1. Name: Enter the reference name. e.g., Test

  2. Protocol: Select from "TCP, UDP, and TCP+UDP"

    If you don't know the protocol, please choose TCP+UDP. Select TCP or UDP if you know whether it is TCP or UDP. It can effectively reduce resource consumption.

  3. External Zone: Select "WAN"

  4. External Port: Set the port number you want to access from the external network Suggest selecting the WAN port between 1025~25534. Do not use the standard ports occupied by the other services such as 23, 80, 433, 3389, 7700, 10080, etc.

  5. Internal Zone: Select "LAN"

  6. Internal IP Address: Select from the list of connected intranet hosts. If you can not find the host in the list, please re-check the Local network settings.

  7. Internal Port: Enter the port number which needs to forward from the intranet host

  8. Click the button "Save & Apply" to execute the new settings.

NAT Loopback is turned on after saving a new port forward rule. It allows the intranet terminal to access the local hosts using the public IP address of the routed external network interface. To reduce the consumption of router resources, you can click the "Edit" button on the saved port forward rule list to disable it.

The public port forwarding relies on a public IP address. Most of the 4G internet connection obtains a private IP address. Please get the public IP from the 4G carrier to activate the public port forwarding.

Make sure to use a WAN port the 4G carrier has not blocked.

Except for a public 4G IP address, you can also try to forward it to OpenVPN or WireGuard server through the VPN tunnel.


Open New Port

After accessing the router, go to "Network > Firewall > Traffic Rules: Open port on router" to add a new port on the 4G router.

  • Name: Input name of the new port

  • Protocol: Choose from TCP or UDP

  • External port: The new port number

After entering the above parameters, click the "Add" button. Then click the "Save & Apply" button on the bottom right corner. You will find the new port on the "Traffic Rules" list.

Last updated