DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Lock down external access by IP

  • adie
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
29 May 2010 00:22 #62168 by adie
Lock down external access by IP was created by adie
Hi all

I bought a 2820 to learn a few things and i am a little stuck, appreciate the help. i have had a search but can’t find what i am looking for, or am i querying incorrectly?

I would like to lock down external access by IP, i.e. only allow certain IP addresses to access RDP or other services (VNC repeaters) but still allow the usual mail, ftp, http/s, VPN pass-through. Whilst still allowing all outbound traffic with no rules (if that’s possible).

I have setup port forwarding for the above services and VPN Pass-through, this all works fine.

From what I understand I need to add the allowed external IP address in as an IP Object, but then how do I apply this within filters?

Many thanks

Adie

Please Log in or Create an account to join the conversation.

  • adie
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
01 Jun 2010 15:56 #62187 by adie
Replied by adie on topic Really..
No one can help, just a couple of lines to point me in the right direction, do i use diffrent search terms to find out what i am looking for?

adie

Please Log in or Create an account to join the conversation.

  • adie
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
02 Jun 2010 14:34 #62194 by adie
ok, just a n00b trying to learn. here it is for whoever may do a search.

this only allows this ip address though, next step, allowing mail http traffic though


http://www.draytek.co.uk/support/vfaq.html

How can I configure my Vigor to only allow specific IP Address(es) on the Internet access to a Server running on my LAN ?

First you need to allow the incoming traffic through the NAT of your Vigor. See our FAQ here to configure Open Ports.

Next you need to setup IP Filters, firstly to Block the Open Port you have just created above and then to Pass the specific IP Address(es) you want to allow. In the Default Data Filter (Set #2) of your Vigor go into Filter #2 (ignore the first default rule) and setup the following Block Filter:

Enable and Name the Filter
Block If No Further Match
Direction IN
Protocol
Source any
Destination
Destination Start Port

Hit OK and the Vigor is now passing the incoming traffic through NAT, but Blocking it by the above Filter. In Filter #3 set up the following:

Pass rule:
Enable and Name the Filter
Pass Immediately
Direction IN
Protocol
Source
Destination IP
Destination Start Port

Click OK. This Pass Filter will now Pass incoming traffic from the Trusted User on the Internet to the internal Server on the required Port.

Please Log in or Create an account to join the conversation.

Moderators: Sami