DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Port forwarding - Allowing single connecting IP

lowbug
Topic Author
Offline
Junior Member

08 Dec 2016 07:34 #1 by lowbug

Port forwarding - Allowing single connecting IP was created by lowbug

Hi,

We have a number of router with port forwards but I want to change them so the port forward only works when a specific IP is connecting.

Cheers

Please Log in or Create an account to join the conversation.

chrisw
Offline
Junior Member

08 Dec 2016 07:44 #2 by chrisw

Replied by chrisw on topic Re: Port forwarding - Allowing single connecting IP

Implement a Firewall rule to pass only the wanted IP/port and then block everything else with the same destination port...? Works fine for me to keep the endless port 5060 scans out of my (port 5060 forwarded) PBX.

Please Log in or Create an account to join the conversation.

admin3
Offline
Site Admin

08 Dec 2016 09:15 #3 by admin3

Replied by admin3 on topic Re: Port forwarding - Allowing single connecting IP

lowbug wrote: Hi,

We have a number of router with port forwards but I want to change them so the port forward only works when a specific IP is connecting.

Cheers

If you have a Vigor 2860 router on current firmware (3.8.4.1), you can set a Source IP in the port forward rule which will limit remote access of that port forward to that IP address only, there's guide on setting that up here:
http://www.draytek.co.uk/support/guides/kb-firewall-rules-port-forwarding

With older Vigor routers or older firmware versions, you can configure that with one Firewall Filter Rule to allow the remote IPs access to the port forwarded and a second rule to block remote access to that port forward:
http://www.draytek.co.uk/support/guides/kb-ipfilter-allowing-inbound-traffic

Forum Administrator

Please Log in or Create an account to join the conversation.

chrisw
Offline
Junior Member

08 Dec 2016 09:54 #4 by chrisw

Replied by chrisw on topic Re: Port forwarding - Allowing single connecting IP

Ah, that's quite neat. Time to update my config!

Please Log in or Create an account to join the conversation.

piste basher
Offline
New Member

08 Dec 2016 12:43 #5 by piste basher

Replied by piste basher on topic Re: Port forwarding - Allowing single connecting IP

Only if you don't want to use the Wifi WAN2 facility. My 2860 refuses to connect to a Netgear Aircard access point with 3.8.4.1 whereas 3.8.2.3 works fine. This ticket has been with support for many weeks with no resolution as yet.

Please Log in or Create an account to join the conversation.

lowbug
Topic Author
Offline
Junior Member

09 Dec 2016 21:47 #6 by lowbug

Replied by lowbug on topic Re: Port forwarding - Allowing single connecting IP

admin3 wrote:
lowbug wrote: Hi,

We have a number of router with port forwards but I want to change them so the port forward only works when a specific IP is connecting.

Cheers

If you have a Vigor 2860 router on current firmware (3.8.4.1), you can set a Source IP in the port forward rule which will limit remote access of that port forward to that IP address only, there's guide on setting that up here:
http://www.draytek.co.uk/support/guides/kb-firewall-rules-port-forwarding

With older Vigor routers or older firmware versions, you can configure that with one Firewall Filter Rule to allow the remote IPs access to the port forwarded and a second rule to block remote access to that port forward:
http://www.draytek.co.uk/support/guides/kb-ipfilter-allowing-inbound-traffic

Thanks best I update then

Please Log in or Create an account to join the conversation.