LANCOM Support Knowledgebase Document No. 1904.0110.3621.MMÜL - V1.10

Port forwarding: Restricting access to a specific public IPv4 address



Description:

This article describes how to allow port forwarding for specific connection sources only.


Requirements:
  • Previously configured and functional Internet connection

Previously configured and functional port forwarding (also see Document Link Icon)

  • Fixed public IPv4 address at each location that requires access to the destination by means of port forwarding


Procedure:

1) Deny inbound communications via port forwarding:

Note:
The following steps are only necessary if there is no firewall rule already in place that prohibits incoming traffic to the local network (e.g. a
deny-all rule).

1.1) In LANconfig, open the configuration dialog for the router and switch to the menu item Firewall/QoS -> IPv4 rules -> Rules.



1.2) Click on Add to create a new entry.



1.3) On the General tab, make a meaningful entry for the Name of this rule.



1.4) Change to the Actions tab and check that the action object REJECT is in place.


  • 1.5) Now switch to the Stations tab and make the following adjustments:
  • Connection source: Leave the entry at the default value connections from all stations
  • Connection destination: Set the radio button to connections to the following stations and click Add -> Add custom station



    Set the radio button to An IP address or range of addresses and enter the IP address of the forwarding destination.




2) Allow inbound communication from specific sources:

2.1) Create another entry under Firewall/QoS -> IPv4 rules -> Rules.

2.2) On the General tab, make a meaningful entry for the Name of this rule.



2.3) Switch to the Actions tab, delete the object REJECT and add the object ACCEPT.



2.4) Now switch to the Stations tab and make the following adjustments:
  • Connection source: Set the radio button to connections from the following stations and click Add -> Add custom station



    Set the radio button to An IP address or range of addresses and enter the public IP address of a location which is to be allowed to access the shared address by means of port forwarding. If necessary, repeat this step for additional locations.


  • Connection destination: Set the radio button to connections to the following stations and click Add -> Add custom station



    Set the radio button to An IP address or range of addresses and enter the IP address of the forwarding destination.


2.5) Change to the Services tab and make the following adjustments:
  • Protocols/source services: Leave this setting as all protocols/source services
  • Protocols/target services: Set the radio button to the following protocols/target services and click Add.
    Select the protocol from the list.



    Note:
    If the protocol is not included in the list of service objects, click
    Add custom service and enter the necessary information (this example being HTTPS).

2.6) Write the configuration back to the router.

Catchwords: Port forwarding; port; forwarding; restrict; wan
Please review this document! This document was helpful This document was not helpful