DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

2820n - howto setup a NAS on LAN for selective FTP Access

  • simoncog
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
13 Aug 2009 18:29 #57214 by simoncog
Hi,

Is it possible to selectively allow FTP access to an internal IP - ie only from a handful of external hosts.

If I setup open ports or forwarding to the LAN IP of the NAS, source traffic isn't filterered.

(in filtering I've added a block all FTP traffic after a rule allowing only a group IP object containing the external hosts - I've included this in both the call and data filters set by default...

Thanks,
Simon

Please Log in or Create an account to join the conversation.

More
17 Sep 2009 22:28 #57767 by spudster
Hi I use this for selective access to my Nas's ftp/management gui etc.

How can I configure my Vigor to only allow specific IP Address(es) on the Internet access to a Server running on my LAN ?

First you need to allow the incoming traffic through the NAT of your Vigor. Configure Open Ports.

Next you need to setup IP Filters, firstly to Block the Open Port you have just created above and then to Pass the specific IP Address(es) you want to allow. In the Default Data Filter (Set #2) of your Vigor go into Filter #2 (ignore the first default rule) and setup the following Block Filter:

Enable and Name the Filter
Block If No Further Match
Direction IN
Protocol
Source any
Destination
Destination Start Port

Hit OK and the Vigor is now passing the incoming traffic through NAT, but Blocking it by the above Filter. In Filter #3 set up the following:

Pass rule:
Enable and Name the Filter
Pass Immediately
Direction IN
Protocol
Source
Destination IP
Destination Start Port

Click OK. This Pass Filter will now Pass incoming traffic from the Trusted User on the Internet to the internal Server on the required Port.

Please Log in or Create an account to join the conversation.

  • simoncog
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
17 Sep 2009 23:01 #57768 by simoncog
I'm still able to access from other IP when I do this [any IP with just the block in place and no whitelist IP object active] - it seems to me that opening a port bypasses filtering altogether.

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami