Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Single source IP port forwarding
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Single source IP port forwarding
Not applicable
Single source IP port forwarding
02-03-2014 4:38 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I have the standard Technicolor gateway which comes with the vdsl service. I have various port forwarding set up from any source IP to single hosts internally. I also have setup custom firewall services using the telnet command line. However, I cannot work out how to forward a single port from a single IP address on the internet to an internal host. I have tried a combination of custom firewall rules and port forwarders, but it seems that port forwarding rules are applied before firewall rules.
I can't imagine that the router doesn't support forwarding of ports from a single IP, so can anyone tell me what I'm doing wrong?
I can't imagine that the router doesn't support forwarding of ports from a single IP, so can anyone tell me what I'm doing wrong?
Message 1 of 3
(1,440 Views)
2 REPLIES 2
Re: Single source IP port forwarding
03-03-2014 4:38 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It might be possible, however it's rare that you'd want to allow access only from a single IP (in my experience). You'd need to set up the port forward rule, this will allow any IP to access the internal service, and then use the custom firewall rules to deny any other IP addresses from accessing that service. I'll be honest, I'm not sure how easy this is on the 582 as it's not something I've tried.
Former Plusnet Staff member. Posts after 31st Jan 2020 are not on behalf of Plusnet.
Message 2 of 3
(765 Views)
Re: Single source IP port forwarding
03-03-2014 7:48 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Chris You'd need to set up the port forward rule, this will allow any IP to access the internal service, and then use the custom firewall rules to deny any other IP addresses from accessing that service.
That won't work:
When a port forward rule is assigned, the router creates the required path through NAT and also creates a hidden firewall rule to allow the required ports from WAN to LAN. This hidden FW rule has a higher priority than any custom rule, so once a packet has passed this hidden rule it will not be inspected by any custom rules.
I haven't tested the following but it may be a starting point for you to achieve what you need.
The following telnet commands should create a PF rule for port 222 from wan IP 1.2.3.4 to LAN IP 192.168.1.50
Quote nat tmpladd intf=Internet type=napt outside_addr=1.2.3.4 inside_addr=192.168.1.50 outside_port=222 inside_port=222
firewall rule add chain=forward_host_service index=1 name=AllPorts srcintf=wan dstip=192.168.1.50 state=enabled action=accept
saveall
Modify the port and IP as required.
Ref: http://npr.me.uk/forwardports.html
Correction:
I've tested the above and it doesn't work -- surprisingly.
The following did work, tested with PFPortChecker (from portforward.com).
Quote nat tmpladd outside_addr=0.0.0.1 inside_addr=192.168.1.65 foreign_addr=65.112.29.37 outside_port=222 inside_port=222 mode=inbound
firewall rule add chain=forward_host_service index=1 name=test srcintf=wan srcip=65.112.29.37 dstip=192.168.1.65 state=enabled action=accept
saveall
Notes:
The firewall rule would benefit from being tightened by adding the port.
I tested the above "nat" command by changing the "foreign_addr" to a incorrect one and this stopped PF from working. So, as yet, I'm only assuming this limits the outside IP to the one specified (65.112.29.37) . -- need more checking.
Message 3 of 3
(765 Views)
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Single source IP port forwarding