DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Lock down external access by IP
- adie
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 11
- Thank you received: 0
29 May 2010 00:22 #62168
by adie
Lock down external access by IP was created by adie
Hi all
I bought a 2820 to learn a few things and i am a little stuck, appreciate the help. i have had a search but can’t find what i am looking for, or am i querying incorrectly?
I would like to lock down external access by IP, i.e. only allow certain IP addresses to access RDP or other services (VNC repeaters) but still allow the usual mail, ftp, http/s, VPN pass-through. Whilst still allowing all outbound traffic with no rules (if that’s possible).
I have setup port forwarding for the above services and VPN Pass-through, this all works fine.
From what I understand I need to add the allowed external IP address in as an IP Object, but then how do I apply this within filters?
Many thanks
Adie
I bought a 2820 to learn a few things and i am a little stuck, appreciate the help. i have had a search but can’t find what i am looking for, or am i querying incorrectly?
I would like to lock down external access by IP, i.e. only allow certain IP addresses to access RDP or other services (VNC repeaters) but still allow the usual mail, ftp, http/s, VPN pass-through. Whilst still allowing all outbound traffic with no rules (if that’s possible).
I have setup port forwarding for the above services and VPN Pass-through, this all works fine.
From what I understand I need to add the allowed external IP address in as an IP Object, but then how do I apply this within filters?
Many thanks
Adie
Please Log in or Create an account to join the conversation.
- adie
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 11
- Thank you received: 0
01 Jun 2010 15:56 #62187
by adie
Replied by adie on topic Really..
No one can help, just a couple of lines to point me in the right direction, do i use diffrent search terms to find out what i am looking for?
adie
adie
Please Log in or Create an account to join the conversation.
- adie
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 11
- Thank you received: 0
02 Jun 2010 14:34 #62194
by adie
Replied by adie on topic Found it, seems i searched with incorrect terms
ok, just a n00b trying to learn. here it is for whoever may do a search.
this only allows this ip address though, next step, allowing mail http traffic though
http://www.draytek.co.uk/support/vfaq.html
How can I configure my Vigor to only allow specific IP Address(es) on the Internet access to a Server running on my LAN ?
First you need to allow the incoming traffic through the NAT of your Vigor. See our FAQ here to configure Open Ports.
Next you need to setup IP Filters, firstly to Block the Open Port you have just created above and then to Pass the specific IP Address(es) you want to allow. In the Default Data Filter (Set #2) of your Vigor go into Filter #2 (ignore the first default rule) and setup the following Block Filter:
Enable and Name the Filter
Block If No Further Match
Direction IN
Protocol
Source any
Destination
Destination Start Port
Hit OK and the Vigor is now passing the incoming traffic through NAT, but Blocking it by the above Filter. In Filter #3 set up the following:
Pass rule:
Enable and Name the Filter
Pass Immediately
Direction IN
Protocol
Source
Destination IP
Destination Start Port
Click OK. This Pass Filter will now Pass incoming traffic from the Trusted User on the Internet to the internal Server on the required Port.
this only allows this ip address though, next step, allowing mail http traffic though
How can I configure my Vigor to only allow specific IP Address(es) on the Internet access to a Server running on my LAN ?
First you need to allow the incoming traffic through the NAT of your Vigor. See our FAQ here to configure Open Ports.
Next you need to setup IP Filters, firstly to Block the Open Port you have just created above and then to Pass the specific IP Address(es) you want to allow. In the Default Data Filter (Set #2) of your Vigor go into Filter #2 (ignore the first default rule) and setup the following Block Filter:
Enable and Name the Filter
Block If No Further Match
Direction IN
Protocol
Source any
Destination
Destination Start Port
Hit OK and the Vigor is now passing the incoming traffic through NAT, but Blocking it by the above Filter. In Filter #3 set up the following:
Pass rule:
Enable and Name the Filter
Pass Immediately
Direction IN
Protocol
Source
Destination IP
Destination Start Port
Click OK. This Pass Filter will now Pass incoming traffic from the Trusted User on the Internet to the internal Server on the required Port.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek