Hi All

I have an issue with the Firewall setup of my Vigor 2860n.

I have NAT routing setup (working fine) and I want to limit access to that open port to one or more specified IP addresses.

I have setup a firewall rule as follows:

WAN -> LAN/RT/VPN
Source IP: !xxx.xxx.xxx.xxx (the external IP I want to allow - Note the !)
Destination IP: The Internal IP
Service Type: TCP, Port: from xxx to xxx
Fragments: Don't care
Filter: Block immediately

No Schedule is setup

NAT Routing is setup to allow the same port access to the same IP specified in the firewall

However, I can still access the service from a different IP address. I am obviously missing something here.

I assumed that the rule above, due to the ! said, 'block everything on this port apart from the specified IP'

Do I somehow need to block all traffic on everything? Again I had assumed that the firewall would do that by default

Any help or insight would be appreciated.

Thanks

Matt

the filter setup looks good but make sure you've got the source ports set to 1-65535 (because they're usually random) and only specify the destination port.

Also make sure the filter set that you put the rule in is linked to from the default data filter (filter set #2) by setting the next filter set option

Thanks Voodle, I got there by trial and error... not ideal on a live system but got there.

I also had an issue where our website was calling back to stock control on an IP other than that revealed by pinging the domain name.

Thanks for your help

Matt