DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
2820n - howto setup a NAS on LAN for selective FTP Access
- simoncog
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 11
- Thank you received: 0
13 Aug 2009 18:29 #57214
by simoncog
2820n - howto setup a NAS on LAN for selective FTP Access was created by simoncog
Hi,
Is it possible to selectively allow FTP access to an internal IP - ie only from a handful of external hosts.
If I setup open ports or forwarding to the LAN IP of the NAS, source traffic isn't filterered.
(in filtering I've added a block all FTP traffic after a rule allowing only a group IP object containing the external hosts - I've included this in both the call and data filters set by default...
Thanks,
Simon
Is it possible to selectively allow FTP access to an internal IP - ie only from a handful of external hosts.
If I setup open ports or forwarding to the LAN IP of the NAS, source traffic isn't filterered.
(in filtering I've added a block all FTP traffic after a rule allowing only a group IP object containing the external hosts - I've included this in both the call and data filters set by default...
Thanks,
Simon
Please Log in or Create an account to join the conversation.
- spudster
- Offline
- Junior Member
Less
More
- Posts: 34
- Thank you received: 0
17 Sep 2009 22:28 #57767
by spudster
Replied by spudster on topic 2820n - howto setup a NAS on LAN for selective FTP Access
Hi I use this for selective access to my Nas's ftp/management gui etc.
How can I configure my Vigor to only allow specific IP Address(es) on the Internet access to a Server running on my LAN ?
First you need to allow the incoming traffic through the NAT of your Vigor. Configure Open Ports.
Next you need to setup IP Filters, firstly to Block the Open Port you have just created above and then to Pass the specific IP Address(es) you want to allow. In the Default Data Filter (Set #2) of your Vigor go into Filter #2 (ignore the first default rule) and setup the following Block Filter:
Enable and Name the Filter
Block If No Further Match
Direction IN
Protocol
Source any
Destination
Destination Start Port
Hit OK and the Vigor is now passing the incoming traffic through NAT, but Blocking it by the above Filter. In Filter #3 set up the following:
Pass rule:
Enable and Name the Filter
Pass Immediately
Direction IN
Protocol
Source
Destination IP
Destination Start Port
Click OK. This Pass Filter will now Pass incoming traffic from the Trusted User on the Internet to the internal Server on the required Port.
How can I configure my Vigor to only allow specific IP Address(es) on the Internet access to a Server running on my LAN ?
First you need to allow the incoming traffic through the NAT of your Vigor. Configure Open Ports.
Next you need to setup IP Filters, firstly to Block the Open Port you have just created above and then to Pass the specific IP Address(es) you want to allow. In the Default Data Filter (Set #2) of your Vigor go into Filter #2 (ignore the first default rule) and setup the following Block Filter:
Enable and Name the Filter
Block If No Further Match
Direction IN
Protocol
Source any
Destination
Destination Start Port
Hit OK and the Vigor is now passing the incoming traffic through NAT, but Blocking it by the above Filter. In Filter #3 set up the following:
Pass rule:
Enable and Name the Filter
Pass Immediately
Direction IN
Protocol
Source
Destination IP
Destination Start Port
Click OK. This Pass Filter will now Pass incoming traffic from the Trusted User on the Internet to the internal Server on the required Port.
Please Log in or Create an account to join the conversation.
- simoncog
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 11
- Thank you received: 0
17 Sep 2009 23:01 #57768
by simoncog
Replied by simoncog on topic 2820n - howto setup a NAS on LAN for selective FTP Access
I'm still able to access from other IP when I do this [any IP with just the block in place and no whitelist IP object active] - it seems to me that opening a port bypasses filtering altogether.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek