DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Allow traffic from specific IP address

More
15 Mar 2011 17:54 #66818 by spudr
Hi - I am trying to allow traffic from 2 specific IP addresses unrestricted access to a server on my network. (they are websites querying our database)
It's on a 2820 router with 3.3.5.1_232201 firmware.

I need to allow all traffic from the specified IP address.

How can I achieve this?

Please Log in or Create an account to join the conversation.

More
16 Mar 2011 11:09 #66830 by spudr
Replied by spudr on topic Re: Allow traffic from specific IP address
Anyone??

Please Log in or Create an account to join the conversation.

More
18 Mar 2011 22:04 #66874 by sbv3000
Replied by sbv3000 on topic Re: Allow traffic from specific IP address
I dont think it is possible with the 2820 to explicity allow traffic from an external ip in the way you need. However you should be able to setup a rule that port forwards to your db server on the standard port used by the db eg SQL 1433. As you are opening a known port (slightly risky) you could have the web server talk on a non-standard port and translate back.
eg webserver 1433 internal >ISP firewall rule> 14330 external > internet > 14330 >2820 NAT rule > 1433

Please Log in or Create an account to join the conversation.

More
18 Mar 2011 22:24 #66875 by sbv3000
Replied by sbv3000 on topic Re: Allow traffic from specific IP address
as it happens this may be possible with a filter setup, never done it myself, but I would still use a non standard port

Please Log in or Create an account to join the conversation.

More
23 Mar 2011 14:06 #66922 by spudr
Replied by spudr on topic Re: Allow traffic from specific IP address
After fightnig excessively with this - THANKS FOR THE POINTER!
You helped immensely :)

FYI
Create IP Objects for the IPs that need access

Create an IP Group containing these IPs

Create a rule in the 'Default data filters' bit saying "from WAN >> LAN Source: any Destination: the SQL server - 'Block if no further match'"
MAKE SURE THAT THE SQL PORT IS IDENTIFIED IN THE 'SERVICE TYPE' BOX
The above rule blocks traffic to the SQL server unless from the IPs you have specified

Create a rule in the same default data filter saying "From WAN >> LAN Source: IP Group name Destination: IP Group name - 'Pass Immediately'
This rule creates the hole to allow your IPs through

WORKING :D

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami