DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Port redirection and firewall rules

  • ghenry
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
03 Sep 2010 10:35 #63652 by ghenry
Replied by ghenry on topic Port redirection and firewall rules

Voodle wrote: Because it's WAN to LAN I think it should be port 5000, it'll go in the order of firewall then port redirect.



OK, will try.

Please Log in or Create an account to join the conversation.

More
04 Sep 2010 15:38 #63667 by ik2
Replied by ik2 on topic Port redirection and firewall rules
I am trying to figure out the same type of thing. I am trying to NAT forward port 5150 -> 3306 to allow access mysql from outside.

When you do the NAT forward it allows all traffic through, you then define firewall rules to block unwanted access.

So that means adding to the access control list at least two rules:

1) Block all incoming access to port 5150 (or 3306?)
2) Add an allow rule from external host I want to access mysql, and place it above the deny rule.

That sounds OK in theory. But assume I have many ports I want to do this for (22, 80, 443, 3306, 3389, 465). Now I am looking at 12 rules minimum, 6 to block and 6 to allow.

I thought it would be easier to have a single rules to block all external access (the last rule on my access control list). Then I need only 6 rules to allow the incoming and 1 rule to block everything.

That sounds good (in my mind anyway), but when I try and block all incoming I end up blocking everything. It basically blocks even my outbound access, I don't know if my outbound requests are being blocked or if only the incoming data is being blocked even though I originated the request.

Has anyone been successful at a rules to block all inbound, so you don't have to define so many rules to block on NAT forwarded ports?

Please Log in or Create an account to join the conversation.

More
04 Sep 2010 15:42 #63668 by rothers
Replied by rothers on topic Port redirection and firewall rules

Please Log in or Create an account to join the conversation.

  • ghenry
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
04 Sep 2010 21:13 #63671 by ghenry
Replied by ghenry on topic Port redirection and firewall rules
I really don't know. Hoping someone else would know!

ik2 wrote: I am trying to figure out the same type of thing. I am trying to NAT forward port 5150 -> 3306 to allow access mysql from outside.

When you do the NAT forward it allows all traffic through, you then define firewall rules to block unwanted access.

So that means adding to the access control list at least two rules:

1) Block all incoming access to port 5150 (or 3306?)
2) Add an allow rule from external host I want to access mysql, and place it above the deny rule.

That sounds OK in theory. But assume I have many ports I want to do this for (22, 80, 443, 3306, 3389, 465). Now I am looking at 12 rules minimum, 6 to block and 6 to allow.

I thought it would be easier to have a single rules to block all external access (the last rule on my access control list). Then I need only 6 rules to allow the incoming and 1 rule to block everything.

That sounds good (in my mind anyway), but when I try and block all incoming I end up blocking everything. It basically blocks even my outbound access, I don't know if my outbound requests are being blocked or if only the incoming data is being blocked even though I originated the request.

Has anyone been successful at a rules to block all inbound, so you don't have to define so many rules to block on NAT forwarded ports?

Please Log in or Create an account to join the conversation.

Moderators: Sami