DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Protecting Open Ports on 2820n

  • madtech
  • Topic Author
  • Offline
  • New Member
  • New Member
More
12 Sep 2011 21:54 #69327 by madtech
Protecting Open Ports on 2820n was created by madtech
Hi all,

We're running a 3CX PBX and have a couple of phones external to the network which neccessitates Port 5060 being open to the world.

Consequently we're becoming a regular target for annoying script kiddies throwing loads of traffic at 5060 which is causing phone system problems (lost registrations etc).

I'm wondering if there is any way to only show 5060 as open to the two external users both of which have static IP addresses and closed to everyone else?

If I'm honest I find the firewall setup of the 2820n very confusing so instructions fit for an idiot would be useful if possible.

Thanks in advance.

Madtech.

Please Log in or Create an account to join the conversation.

More
13 Sep 2011 09:32 #69329 by nealuk
Replied by nealuk on topic Re: Protecting Open Ports on 2820n
Yes this should be possible.

Service Type Object would, I think, be the place to define the ports.

IP Object, would, I think, be the place to list your specific external IP addresses.

IP Group, would, I think, be a practical way to group all of these together to use in your rules.

Firewall >> Fileter Setup >> 2. Default Data Filter would then be where you pull together all of the above in a rule.

Regards, Neal

Please Log in or Create an account to join the conversation.

  • madtech
  • Topic Author
  • Offline
  • New Member
  • New Member
More
13 Sep 2011 12:55 #69337 by madtech
Replied by madtech on topic Re: Protecting Open Ports on 2820n
Thanks Neal, I'll try that later in business dead time and see how we get on.

Please Log in or Create an account to join the conversation.

More
28 Nov 2011 18:57 #70248 by haywardi
Replied by haywardi on topic Re: Protecting Open Ports on 2820n
HI
I have the same problem, how did you get on?

Also, if I allow an open port, does it go through the filter rules, trying to work out how to implement to protect myself.

Thanks in advance
Iain
Iain

Please Log in or Create an account to join the conversation.

More
28 Nov 2011 21:46 #70249 by voodle
Replied by voodle on topic Re: Protecting Open Ports on 2820n
If you open a port, it's opened first of all, then the firewall processes it.

I made some screenshots of how I'd do a filter rule to limit access to 5060 to one external address:
http://imgur.com/a/JEknp#0
If you just wanted to block stuff, you'd just make IP Objects, put those into an IP Group and apply them as the Source IP in a rule the same as "SIP Block" but you'd set the action as block immediately.

Please Log in or Create an account to join the conversation.

More
29 Nov 2011 10:57 #70254 by haywardi
Replied by haywardi on topic Re: Protecting Open Ports on 2820n
Hi Voodle,

Thank you for the example, extremely useful.

I notice in your example, that you first set up the block if no further match and then the pass immediately.

Is the order important?

Could, for instance, I set it to pass immediately in filter set 2 if from the given range of IP addresses, then in filter set 3 use a block immediately?

Just seems more logical that way....

Thanks in advance,
Iain
Iain

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami