From 2904fc091e0d4d88dcf1367624f73b2a2daa6f25 Mon Sep 17 00:00:00 2001 From: Christopher Howard Date: Wed, 17 Jan 2018 10:03:17 -0900 Subject: [PATCH] Minor edits to Port Forwards doc --- docs/Port_Forwards.md | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/docs/Port_Forwards.md b/docs/Port_Forwards.md index cb6a393884..aa365ea82f 100644 --- a/docs/Port_Forwards.md +++ b/docs/Port_Forwards.md @@ -10,6 +10,14 @@ which otherwise would be impossible because your LAN uses private, non-routable IP addresses; for example, if you are trying to run a gaming server or a Web page server from your home network. +## Security Warnings + +Be aware that the use of port forwarding may create additional +security holes into your local network. The local system(s) and +service(s) you are exposing to the Internet must be free from security +vulnerabilities, or this may allow a remote attacker to infiltrate +your network. + ## LuCi Interface * Log into the LuCi Web interface, which by default is at address https://192.168.10.1 @@ -24,20 +32,20 @@ gaming server or a Web page server from your home network. ![alt text](images/librecmc-selecting-port-forwards-tab.png "Selecting the Port Forwards tab") -* Under the `New Port forward` section, enter in the Name field a +* Under the `New Port forward` section, enter in the `Name` field a brief description of the port forward, e.g., "HTTP server" for an unencrypted Web page server. -* Select a protocol from the Protocol field. Most services you can run - will be using the TCP protocol, but you can select `TCP+UDP` if you - aren't sure. +* Select a protocol from the `Protocol` field. Most services you can + run will be using the TCP protocol, but you can select `TCP+UDP` if + you aren't sure. * Usually, you will leave the `External zone` set to `wan`. * Enter a port number in the `External port` field. Typically this will be the usual port number expected for a particular service. E.g., HTTP servers use port 80. You are free to use - nonstandard ports, but your remote clients may need to use special + non-standard ports, but your remote clients may need to use special techniques to connect to the correct port. * Usually, you will leave the `Internal zone` set to `lan`. @@ -46,13 +54,14 @@ gaming server or a Web page server from your home network. your server is using DHCP, you should see its hostname appear in the list. If your server is has it's private IP address set statically, select the `Custom` option at the bottom of the list, and enter in - IP address in the text field that appears. Note that if your server - is using DHCP, you should be sure LibreCMC has a Static Lease - created for it (TODO: link to Static Leases documentation). + the correct IP address in the text field that appears. Note that if + your server is using DHCP, you should be sure LibreCMC has a static + lease created for it (TODO: link to Static Leases documentation). * Enter a port number in the `Internal port` field. Typically this - will be the usually port number expected for a particular service, - unless you have set your server to work through a non-standard port. + will be the same as the external port, unless you have set your + server to work through a non-standard port, or you selected a + non-standard external port earlier. ![alt text](images/librecmc-port-forwards-entering-parameters.png "Entering parameters for port forwarding") -- 2.25.1