DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Only allow specific IP's access to my server

  • souk
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
19 Dec 2012 17:28 #74579 by souk
How can I configure my Vigor to only allow specific IP Address(es) on the Internet access to a Server running on my LAN ?

I found the following quoted info on one of Draytek's pages, but I need to query some of you folks on a couple of things.


This is what the instructions I followed suggested


First you need to allow the incoming traffic through the NAT of your Vigor. See our FAQ here to configure Open Ports.



So I logged navigated to the NAT menu, selected "Open Ports" and added the following




Next you need to setup IP Filters, firstly to Block the Open Port you have just created above and then to Pass the specific IP Address(es) you want to allow. In the Default Data Filter (Set #2) of your Vigor go into Filter #2 (ignore the first default rule) and setup the following Block Filter:



So I opened No 2 "Default Data Filter" as suggested



I then selected filter number 2. (The xNetBios -> DNS was already their by default and 2 to 7 were originally blank)



When I hit number (2) I was presented with the following window in the image below



The details I've added above is what I have interpreted as being right from the "quoted text below"; they may well be wrong, but this is why im making this post so hopefully one of you clever people can advise me as to whether I have done it right. :D

Enable and Name the Filter <-- (I called mine 5060 inbound X)
Block If No Further Match <-- (I set my filter option to this)
Direction IN <-- (I set my Direction setting to WAN ->LAN/RT/VPN)
Protocol <-- (I set this to UDP)
Source any <-- (I've set my source to ANY as suggested)
Destination <-- (I've set the destination as my office server IP and subnet)
Destination Start Port <-- (i set this to 5060)



Hit OK and the Vigor is now passing the incoming traffic through NAT, but Blocking it by the above Filter.



As above I hit Okay!


To be continued...

Please Log in or Create an account to join the conversation.

  • souk
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
10 Jan 2013 19:39 #74750 by souk
The instructions then went on to say the follow

In Filter #3 set up the following:





And filled in what I interpreted to be right from the details below:


Enable and Name the Filter <-- ( I named this 5060 Inbound O )
Pass Immediately <-- ( I set my filter to Pass Immediately )
Direction IN <-- ( Again I set my direction in to WAN ->LAN/RT/VPN )
Protocol <-- (Set this to UDP)
Source <-- ( I've set this to my local servers IP and Subnet )
Destination IP <-- ( I've set to 37.xxx.xxx.1~37.xxx.xxx.10, which is the remote server that needs to enter through my port to reach my server)
Destination Start Port <-- ( I've set this to 5060 )




If the image is cropped right click it and select view image to increase its size




It then says the following:


Click OK. This Pass Filter will now Pass incoming traffic from the Trusted User on the Internet to the internal Server on the required Port.



I then proceeded to create two filters for each other port that I needed for my server i.e 5065 & 10000~20000...


Although I have created these and I'm currently using the standard open ports, I haven't activated the firewall filter rules yet as you can see in the images. I want to make sure they're right first and im not so sure. I have a feeling that I might have the destination and source the IP's in the wrong places on this post.

Please feel free to comment and let me know, thanks!!

Please Log in or Create an account to join the conversation.

More
10 Jan 2013 22:27 #74753 by babis3g
Very Help full :D
Thanks

I like draytek but some times is too complicate for me :(
I would simply use the bind ip to mac and just will block all other devices (but i dont have any server so not sure if this is helpfull for your case)
Thanks for the info & clear pics

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami