Both wishes should be possible. You will have to alter ar7.cfg for this.
!!Be warned, a faulty ar7.cfg can make your box unusable and you might have to recover/reenter all your settings!!
1. Open a port from the internet: You will need a forwarding to "0.0.0.0", which is not allowed via the GUI. I suggest you place a "dummy-rule" here to alter it later.
So just add a forwarding for the desired port to the desired port with any local address say 192.168.178.123. We will us this later ;-)
2. You can alter the internal firewall only in ar7.cfg itself.
Now copy ar7.cfg to ram, eg.
Code:
cat /var/flash/ar7.cfg > /var/tmp/ar7.cfg
Now we have to edit the file. Hope you know some "vi basics"?!?
Now find the line you made for the forwarding, it shound look like this:
Code:
forwardrules = "tcp 0.0.0.0:800 192.168.178.11:80 0 # HTTP-Server",
"tcp 0.0.0.0:7777 192.168.178.123:7777 0 # my fake rule",
"tcp 0.0.0.0:8000 192.168.178.22:80 0 # HTTP-Server2";
}
edit the rule forwarding to "192.168.178.123:7777", so that it points to "0.0.0.0:7777"
Code:
forwardrules = "tcp 0.0.0.0:800 192.168.178.11:80 0 # HTTP-Server",
"tcp 0.0.0.0:7777 0.0.0.0:7777 0 # my fake rule",
"tcp 0.0.0.0:8000 192.168.178.22:80 0 # HTTP-Server2";
}
To address the firewall, search some lines above the forwardingrules, there will be a section named lowinput:
Code:
lowinput {
policy = "permit";
accesslist =
"deny ip any 242.0.0.0 255.0.0.0",
"deny ip any host 255.255.255.255";
}
lowoutput {
you must add two lines for your IP- and port-ranges, for the default policy of the firewall is
to allow all traffic (so first, allow "your" net, then deny "any").
Please check that the lines you add are really "clones" of the present lines
(same number of whitespaces prior to the rules, the "," at the end of a line (";" on the last line)...)
Code:
lowinput {
policy = "permit";
accesslist =
"permit tcp 11.22.33.0 255.255.255.0 any eq 7777",
"deny tcp any any eq 7777",
"deny ip any 242.0.0.0 255.0.0.0",
"deny ip any host 255.255.255.255";
}
lowoutput {
Note, this "allow all" is no special "risk", for traffic is usually denied, if you do not put a forwarding in ;-)
So, if you are really sure, everything is fine, write it back and reboot immediatly after that to ensure, nothing will overwrite your changes.
Code:
cat /var/tmp/ar7.cfg > /var/flash/ar7.cfg
reboot
And again, just to be sure:
!!Be warned, a faulty ar7.cfg can make your box unusable and you might have to recover/reenter all your settings!!
You might want to try these changes "outside" the box with the "
FBEditor"