Routing / Firewall
The Ewon gateway possesses two communication interfaces: a LAN and a WAN.
The WAN interface of the Ewon gateway can be either the Ethernet WAN, the cellular modem or the Wi-Fi modem.
If The Ewon gateway is connected to a VPN server, then a third interface - the VPN interface - is added.
The Ewon gateway acts as a router and as such, embeds several features to allow interaction between the WAN, VPN and LAN interfaces.
- NAT on LAN (called Plug'n Route): it allows a PC connected to the VPN or WAN interface of the Ewon gateway to reach other Ethernet devices connected to the LAN interface of the Ewon gateway.
- NAT on WAN: it allows the Ewon gateway to act as an Internet router
- NAT on VPN: dedicated for special routing requirements inside VPN network.
A table of 10 entries is available to configure the port forwarding of the Ewon gateway to Ethernet devices which are connected to the LAN interface of the Ewon gateway.
For the external interface you can select between VPN, WAN , PPP incoming.
NAT 1:1 table
The NAT 1:1 is a submodel of NAT which maps an internal address (LAN) to one external address (WAN or VPN). So for every entry inside the NAT 1:1 table, the Ewon gateway will create a new virtual IP address on its WAN or VPN interface and everything happens as if the LAN device is part of the WAN or VPN network
A table of 10 entries is available to configure NAT 1:1 to reach Ethernet devices behind the Ewon gateway.
To block unwanted traffic on the WAN interface, you can choose what type of connection you want to allow on the WAN interface of the Ewon gateway.
To protect the network of the Ewon gateway's location, the Ewon gateway has also an option to block IP forwarding from LAN or VPN interface to the WAN interface.
For a Talk2M connection, the standard settings for the security options are:
- WAN Protection level = discard all traffic except VPN
- WAN IP Forwarding = disabled
However, some routing features listed here above, for example NAT on WAN, requires a modification of these settings.