DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Port redirection and firewall rules
- ghenry
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 15
- Thank you received: 0
03 Sep 2010 10:35 #63652
by ghenry
OK, will try.
Replied by ghenry on topic Port redirection and firewall rules
Because it's WAN to LAN I think it should be port 5000, it'll go in the order of firewall then port redirect.Voodle wrote:
OK, will try.
Please Log in or Create an account to join the conversation.
- ik2
- Offline
- New Member
Less
More
- Posts: 1
- Thank you received: 0
04 Sep 2010 15:38 #63667
by ik2
Replied by ik2 on topic Port redirection and firewall rules
I am trying to figure out the same type of thing. I am trying to NAT forward port 5150 -> 3306 to allow access mysql from outside.
When you do the NAT forward it allows all traffic through, you then define firewall rules to block unwanted access.
So that means adding to the access control list at least two rules:
1) Block all incoming access to port 5150 (or 3306?)
2) Add an allow rule from external host I want to access mysql, and place it above the deny rule.
That sounds OK in theory. But assume I have many ports I want to do this for (22, 80, 443, 3306, 3389, 465). Now I am looking at 12 rules minimum, 6 to block and 6 to allow.
I thought it would be easier to have a single rules to block all external access (the last rule on my access control list). Then I need only 6 rules to allow the incoming and 1 rule to block everything.
That sounds good (in my mind anyway), but when I try and block all incoming I end up blocking everything. It basically blocks even my outbound access, I don't know if my outbound requests are being blocked or if only the incoming data is being blocked even though I originated the request.
Has anyone been successful at a rules to block all inbound, so you don't have to define so many rules to block on NAT forwarded ports?
When you do the NAT forward it allows all traffic through, you then define firewall rules to block unwanted access.
So that means adding to the access control list at least two rules:
1) Block all incoming access to port 5150 (or 3306?)
2) Add an allow rule from external host I want to access mysql, and place it above the deny rule.
That sounds OK in theory. But assume I have many ports I want to do this for (22, 80, 443, 3306, 3389, 465). Now I am looking at 12 rules minimum, 6 to block and 6 to allow.
I thought it would be easier to have a single rules to block all external access (the last rule on my access control list). Then I need only 6 rules to allow the incoming and 1 rule to block everything.
That sounds good (in my mind anyway), but when I try and block all incoming I end up blocking everything. It basically blocks even my outbound access, I don't know if my outbound requests are being blocked or if only the incoming data is being blocked even though I originated the request.
Has anyone been successful at a rules to block all inbound, so you don't have to define so many rules to block on NAT forwarded ports?
Please Log in or Create an account to join the conversation.
- rothers
- Offline
- Member
Less
More
- Posts: 143
- Thank you received: 0
- ghenry
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 15
- Thank you received: 0
04 Sep 2010 21:13 #63671
by ghenry
Replied by ghenry on topic Port redirection and firewall rules
I really don't know. Hoping someone else would know!
I am trying to figure out the same type of thing. I am trying to NAT forward port 5150 -> 3306 to allow access mysql from outside.ik2 wrote:
When you do the NAT forward it allows all traffic through, you then define firewall rules to block unwanted access.
So that means adding to the access control list at least two rules:
1) Block all incoming access to port 5150 (or 3306?)
2) Add an allow rule from external host I want to access mysql, and place it above the deny rule.
That sounds OK in theory. But assume I have many ports I want to do this for (22, 80, 443, 3306, 3389, 465). Now I am looking at 12 rules minimum, 6 to block and 6 to allow.
I thought it would be easier to have a single rules to block all external access (the last rule on my access control list). Then I need only 6 rules to allow the incoming and 1 rule to block everything.
That sounds good (in my mind anyway), but when I try and block all incoming I end up blocking everything. It basically blocks even my outbound access, I don't know if my outbound requests are being blocked or if only the incoming data is being blocked even though I originated the request.
Has anyone been successful at a rules to block all inbound, so you don't have to define so many rules to block on NAT forwarded ports?
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek