DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Allow traffic from specific IP address
- spudr
- Topic Author
- Offline
- New Member
Less
More
- Posts: 6
- Thank you received: 0
15 Mar 2011 17:54 #66818
by spudr
Allow traffic from specific IP address was created by spudr
Hi - I am trying to allow traffic from 2 specific IP addresses unrestricted access to a server on my network. (they are websites querying our database)
It's on a 2820 router with 3.3.5.1_232201 firmware.
I need to allow all traffic from the specified IP address.
How can I achieve this?
It's on a 2820 router with 3.3.5.1_232201 firmware.
I need to allow all traffic from the specified IP address.
How can I achieve this?
Please Log in or Create an account to join the conversation.
- spudr
- Topic Author
- Offline
- New Member
Less
More
- Posts: 6
- Thank you received: 0
- sbv3000
- Offline
- Junior Member
Less
More
- Posts: 63
- Thank you received: 0
18 Mar 2011 22:04 #66874
by sbv3000
Replied by sbv3000 on topic Re: Allow traffic from specific IP address
I dont think it is possible with the 2820 to explicity allow traffic from an external ip in the way you need. However you should be able to setup a rule that port forwards to your db server on the standard port used by the db eg SQL 1433. As you are opening a known port (slightly risky) you could have the web server talk on a non-standard port and translate back.
eg webserver 1433 internal >ISP firewall rule> 14330 external > internet > 14330 >2820 NAT rule > 1433
eg webserver 1433 internal >ISP firewall rule> 14330 external > internet > 14330 >2820 NAT rule > 1433
Please Log in or Create an account to join the conversation.
- sbv3000
- Offline
- Junior Member
Less
More
- Posts: 63
- Thank you received: 0
18 Mar 2011 22:24 #66875
by sbv3000
Replied by sbv3000 on topic Re: Allow traffic from specific IP address
as it happens this may be possible with a filter setup, never done it myself, but I would still use a non standard port
Please Log in or Create an account to join the conversation.
- spudr
- Topic Author
- Offline
- New Member
Less
More
- Posts: 6
- Thank you received: 0
23 Mar 2011 14:06 #66922
by spudr
Replied by spudr on topic Re: Allow traffic from specific IP address
After fightnig excessively with this - THANKS FOR THE POINTER!
You helped immensely
FYI
Create IP Objects for the IPs that need access
Create an IP Group containing these IPs
Create a rule in the 'Default data filters' bit saying "from WAN >> LAN Source: any Destination: the SQL server - 'Block if no further match'"
MAKE SURE THAT THE SQL PORT IS IDENTIFIED IN THE 'SERVICE TYPE' BOX
The above rule blocks traffic to the SQL server unless from the IPs you have specified
Create a rule in the same default data filter saying "From WAN >> LAN Source: IP Group name Destination: IP Group name - 'Pass Immediately'
This rule creates the hole to allow your IPs through
WORKING
You helped immensely
FYI
Create IP Objects for the IPs that need access
Create an IP Group containing these IPs
Create a rule in the 'Default data filters' bit saying "from WAN >> LAN Source: any Destination: the SQL server - 'Block if no further match'"
MAKE SURE THAT THE SQL PORT IS IDENTIFIED IN THE 'SERVICE TYPE' BOX
The above rule blocks traffic to the SQL server unless from the IPs you have specified
Create a rule in the same default data filter saying "From WAN >> LAN Source: IP Group name Destination: IP Group name - 'Pass Immediately'
This rule creates the hole to allow your IPs through
WORKING
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek