Tg582n Setup FTP access but restrict inbound IP
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Tg582n Setup FTP access but restrict inbound I...
Tg582n Setup FTP access but restrict inbound IP
12-04-2014 2:06 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I have successfully setup a port forward to my FTP server so users can access it from the outside world (WAN?). I'm using a non std port number which is then port forwarded at the router. However, I'd like to only allow a certain external IP address through for this specific port number. Using the Technicolor Tg582n telnet (i presume you can't do this extra thing via it's web interface), can anyone help me figure out how to do this?
Thanks in advance.
Rodp
Re: Tg582n Setup FTP access but restrict inbound IP
12-04-2014 7:15 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Tg582n Setup FTP access but restrict inbound IP
12-04-2014 10:08 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It's a PVR - Humax HDR Fox T2 so the ftp server is rather basic. I'm using the custom firmware but I've not come across anything on the webif pages nor telnet pages that might restrict the IP addresses - although I don't really know what I'm looking for.
Hope you can help
Thanks
Rodp
Re: Tg582n Setup FTP access but restrict inbound IP
12-04-2014 12:18 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
If the answer to both is yes, then I may have a easy answer -- I need to test it out first though.
Re: Tg582n Setup FTP access but restrict inbound IP
12-04-2014 12:28 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Well for the time being yes it could just be for one ip I suppose. Maybe later on I might want to have an additional port open so would be interested in either solution.
Thanks
Rodp
Re: Tg582n Setup FTP access but restrict inbound IP
12-04-2014 5:44 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
1) remove all your existing port forward rules.
2) ensure the PVR is configure to "always use the same IP address" in the routers network settings.
3) do the port forward this method:
http://npr.me.uk/forwardports.html
But in place of the commands show on the website use these slightly modified commands.
Quote nat tmpladd intf=Internet type=nat outside_addr=1.2.3.4 inside_addr=192.168.1.65
firewall rule add chain=forward_host_service name=test srcintf=wan srcip=1.2.3.4 dstip=192.168.1.65 state=enabled action=accept
Just change 1.2.3.4 to the ip address you wish to allow access from.
And change 192.168.1.65 to the IP address of the PVR.
These command will forward all ports to the PVR, but only from the specified IP.
On draw back is, you can not use any other port forward rules with this method.
edit:
Just remembered you saying your using a non standard port for FTP.
If that's using port translation then the above method may not work.
Re: Tg582n Setup FTP access but restrict inbound IP
12-04-2014 6:21 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
If I was going to need non std ports and the functionality to control incoming ip's, is it likely that I'll need to get a better/different router?
Thanks very much.
Rodp
Re: Tg582n Setup FTP access but restrict inbound IP
12-04-2014 7:19 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: rodandjaxforum is it likely that I'll need to get a better/different router?
These Technicolor routers are more configurable than many / most other routers, you just need to use cli commands in place of a GUI.
Let me know the details of the ports (translation) you wish to use and I'll try and suggest a better method to try.
Re: Tg582n Setup FTP access but restrict inbound IP
12-04-2014 7:34 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
My port forwarding is something like 43576 to 21. The cli commands I do agree provides immense flexibility but are pretty full on - I found this doc with them all in but not enough info to give me enough guidance: http://help.demon.net/files/2013/03/TG582n-CLI-Guide.pdf
Cheers
Rodp
Re: Tg582n Setup FTP access but restrict inbound IP
12-04-2014 10:04 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: rodandjaxforum I found this doc with them all in but not enough info to give me enough guidance:
Try the site in my links
I've tested the following commands and they do enable port forward for FTP, from a single wan IP, but without port translation.
Quote nat tmpladd group=wan type=napt outside_addr=0.0.0.1 inside_addr=192.168.1.65 foreign_addr=65.112.29.37 protocol=tcp outside_port=21 inside_port=21 weight=50 status=up
nat tmpladd group=wan type=napt outside_addr=0.0.0.1 inside_addr=192.168.1.65 foreign_addr=65.112.29.37 protocol=tcp outside_port=21800-21805 inside_port=21800-21805 weight=50 status=up
firewall rule add chain=forward_host_service name=test srcintf=wan srcip=65.112.29.37 dstip=192.168.1.65 state=enabled action=accept
saveall
Change the outside IP 65.112.29.37 to suit.
Change the inside IP 192.168.1.65 to suit
The following commands have not been tested but should enable port forward with port translation 43576 to 21.
Quote nat tmpladd group=wan type=napt outside_addr=0.0.0.1 inside_addr=192.168.1.65 foreign_addr=65.112.29.37 protocol=tcp outside_port=43576 inside_port=21 weight=50 status=up
nat tmpladd group=wan type=napt outside_addr=0.0.0.1 inside_addr=192.168.1.65 foreign_addr=65.112.29.37 protocol=tcp outside_port=21800-21805 inside_port=21800-21805 weight=50 status=up
firewall rule add chain=forward_host_service name=test srcintf=wan srcip=65.112.29.37 dstip=192.168.1.65 state=enabled action=accept
saveall
These command should be compatible with port forward rule to other ports.
To delete these commands you first need to identify their index number, see this link for details: http://npr.me.uk/forwardports.html
I strongly recommend creating a backup of your routers config file before playing with these cli setting -- you can get in a terrible mess if not careful.
Restoring the backup will get you back to where you started.
Or a factory reset using the pinhole at the back will do a full reset.
Edit:
saveall command added
Re: Tg582n Setup FTP access but restrict inbound IP
13-04-2014 2:31 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
thanks very much for that - will defo back up my setup beforehand. I've read somehwere how you list out and get the indexes so will hunt it out. So to confirm, that command syntax still has the limitation of only one inbound IP from now on but i should in theory be able to do the port forwarding / translation too.
Thanks for your effort over this and I'll let you know how I get on.
Thanks
Rodp
Re: Tg582n Setup FTP access but restrict inbound IP
13-04-2014 8:30 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I've now tested the above commands to configure "port forward with port translation 43576 to 21" and I can confirm it does what you ask
ie:
It limits connections from only the IP specified.
Additional allowed IP addresses can be used but I'm not sure of the syntax, (not sure if IP should be separated with a space or comma, a range will be something like 1.2.3.1-255.
The commands as shown will translate a incoming wan port of 43576 to a lan port of 21.
With these commands you can still use the GUI to port forward other ports but you must be careful not to try and PF the same ports already used.
Note:
Don't forget to use the saveall command when you're done, otherwise the settings will be lost at a reboot.
Good luck,
npr
Re: Tg582n Setup FTP access but restrict inbound IP
13-04-2014 9:41 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
That's brill. Thanks very much indeed for your help.
Cheers
Rodp
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Tg582n Setup FTP access but restrict inbound I...