BFW Firewall & Router

por **lolex** » Sáb Fev 13, 2010 3:29 am

Hello,
I have two questions:
-I set up on my BFW, rule port forwarding for my server - port 4899. How can I restrict that only from a list of public IP addresses the server can be accessed?
-same for SSH access, only from a list of public IP addresses the BFW can be accessed?
Many thanks

por **lolex** » Ter Fev 16, 2010 5:08 pm

I want to restrict access to radmin tcp port 4899 for the server 192.168.1.250 for only one external IP,

access Y permit tcp 213.233.101.43/32 192.168.1.250 4899 4899
access Y deny tcp any 192.168.1.250 4899 4899

In active firewall rules, the result is:

Chain access-acl (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 213.233.101.43 192.168.1.250 tcp spt:4899 dpt:4899
0 0 REJECT tcp -- * * 0.0.0.0/0 192.168.1.250 tcp spt:4899 dpt:4899 reject-with icmp-port-unreachable

But this don' work !
What is wrong?
Thanks

por **El guapo Dan** » Ter Fev 16, 2010 8:58 pm

Hi, what is exactly what isn't working?.

You can or you cannot access?.

por **lolex** » Qua Fev 17, 2010 2:14 pm

I cannot access from any exterrn IP
Thanks

por **El guapo Dan** » Qua Fev 17, 2010 2:45 pm

Hi, the 192.168.1.250 machine is your BFW server or is another lan machine?, if it is another lan machine you need to make a ssh tunnel to grant access to it.

por **lolex** » Qui Fev 18, 2010 2:56 am

Yes, 192.168.1.250 is a server machine not bfw.
With ssh is simple, it works for me.
But I want with port forwarding, and to give only to one or two external IP adresses the permission to access this server on port 4899.
thanks

por **doru2ro** » Sex Fev 19, 2010 6:46 am

Hi,

In Port Forwarding:
auto Y tcp 4899 192.168.1.250 dns

In Advanced Firewall Configuration add:
access Y permit tcp 213.233.101.43/32 lan-if 4899 all
access Y deny tcp int-if lan-if 4899 all

por **lolex** » Sáb Fev 20, 2010 6:20 pm

I modified like you said but same thing, I can connect from every external IP !
I want only from 213.233.101.43 !The rule don't work!
Thanks

por **doru2ro** » Seg Fev 22, 2010 7:41 pm

in BFW 2.31.10 SP1+ these rules work and are tested.
if not work, check other rules in firewall configuration.

por **lolex** » Qua Mar 10, 2010 7:12 pm

Here is the configuration that works, only EXT_IP1 and EXT_IP2 can now access the server 192.168.1.250 on port 4899

In Port Forwarding:
auto Y tcp 4899 192.168.1.250 dns
In Advanced Firewall Configuration (example for 2 external IP: EXT_IP1 and EXT_IP2):
access Y permit tcp EXT_IP1/32 192.168.1.250 4899 all
access Y permit tcp EXT_IP2/32 192.168.1.250 4899 all
access Y deny tcp any 192.168.1.250 4899 all

I tested and works corectly for me.

BFW Firewall & Router

restrict external IP for port forwarding [SOLVED] [INACTIVE]

restrict external IP for port forwarding [SOLVED]

Re: restrict external IP for port forwarding

Re: restrict external IP for port forwarding

Re: restrict external IP for port forwarding

Re: restrict external IP for port forwarding

Re: restrict external IP for port forwarding

Re: restrict external IP for port forwarding

Re: restrict external IP for port forwarding

Re: restrict external IP for port forwarding

Re: restrict external IP for port forwarding [SOLVED]

Quem está online