DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Block inbound RDP access based on IP

  • coldfire_3000
  • Topic Author
  • Offline
  • New Member
  • New Member
More
22 Nov 2010 16:54 #64978 by coldfire_3000
Block inbound RDP access based on IP was created by coldfire_3000
Hey all,

I need to block RDP access (port 3389) inbound on all IP's except xxx, yyy and zzz. What is the best way to get this setup?

I have tried a couple of different ways but the Vigor groups and filters allways confuse the hell out of me!

Thanks in advance.

Chris

Please Log in or Create an account to join the conversation.

  • coldfire_3000
  • Topic Author
  • Offline
  • New Member
  • New Member
More
22 Nov 2010 17:14 #64979 by coldfire_3000
Replied by coldfire_3000 on topic Block inbound RDP access based on IP
Hmm, thought I had done it but not sure now, more testing needed. If anyone does have 'their way' of setting it up it would still be appreciated.
Thanks

Please Log in or Create an account to join the conversation.

More
22 Nov 2010 18:25 #64981 by kc_
Replied by kc_ on topic Block inbound RDP access based on IP
create your rules to allow tcp 3389 from wan>LAN & specify the IP, then create a rule to block all after it

Please Log in or Create an account to join the conversation.

  • coldfire_3000
  • Topic Author
  • Offline
  • New Member
  • New Member
More
24 Nov 2010 17:13 #65014 by coldfire_3000
Replied by coldfire_3000 on topic Block inbound RDP access based on IP
Hi, thanks for the reply. I don't follow how you would do that, I can't see the options in the menu.

I am using a 2820...

My aim is to block the world from accessing my servers via RDP . I want to allow RDP access through the firewall to my server only when the request comes from one of a couple of IP addresses/ranges, IE the other office, home addresses etc.

Thanks

Please Log in or Create an account to join the conversation.

More
29 Nov 2010 12:42 #65059 by sbv3000
Replied by sbv3000 on topic Block inbound RDP access based on IP
I've set up some clients in the past as follows

Setup router to port translate 33895 to 3389. This avoids using a 'known' port that can be scanned.

Setup a workstation or server (can be a VM) that is off the domain with a standard local account user login and long/complex account password.

Forward 33895 to 3389 to the IP address of the workstation. Once you login to that station, RDP to other devices on the network

Please Log in or Create an account to join the conversation.

More
30 Nov 2010 10:37 #65075 by scroucher
Replied by scroucher on topic Block inbound RDP access based on IP
First you open up the port in NAT --> Open Ports. Then you go to the firewall settings page, open rule set 2 and then create rules blocking the IPs you've listed.

Steve

Please Log in or Create an account to join the conversation.

Moderators: Sami