• March 28, 2024, 09:53:58 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: How to Open router LAN port for traffic to&from *specific* WAN IP only?  (Read 1168 times)

thethreeamigos

  • Level 1 Member
  • *
  • Posts: 4

Hello,

How do i configure my home LAN  DIR-882 router to open a port to accept communication from a specific WAN IP address only (and not the whole internet)?

I have a port open on my DIR-882 Home LAN router because i routinely access it from a WAN computer using VNC software. However, my home LAN open port gets attacked by people trying to gain access.  i have tired changing ports, and changing IPs, but the attackers keep finding my IP and open port. so instead of leaving a port open to all WAN traffic, i would like to tell my home LAN DIR-882 Router to only open a port for traffic to&from the WAN IP of the computer i am using. so, i tried "Turn ipv4 filtering ON and ALLOW rules listed";

Name: VNC
Source IP address range: WAN: (i typed in the WAN ip address of the computer i use to access my home computer)
Destination IP address range: LAN: (i typed in the LAN ip of my home computer)
Protocol and port range: ANY: i typed in the port i want open on my home LAN computer.
Schedule: always enable

....but then i couldn't browse the internet from the home LAN computer.


any help would be appreciated,
thank you.



ps: this post from 2015 might be helpful;  http://forums.dlink.com/index.php?topic=61517.0
« Last Edit: March 07, 2023, 11:37:05 PM by thethreeamigos »
Logged

thethreeamigos

  • Level 1 Member
  • *
  • Posts: 4

hello,

I found a solution and it seems to work.


basically, I modelled my solution from this post;
http://forums.dlink.com/index.php?topic=61517.15

In the home LAN Router d-link DIR-882 web GUI i turned on "Turn ipv4 filtering ON and ALLOW rules listed" and created the two following rules.




Rule 1
Name: allow LAN traffic
Source
ip: LAN : 192.168.0.1 - 192.168.0.254

Destination ip: WAN: 1.1.1.1 - 254.254.254.254

Protocol & Port: ANY

Schedule: Always Enable


The above rule lets all LAN computers initiate communication to the WAN. The LAN router automatically allows in any reply from the WAN so there was no need to set any rules to allow incoming WAN communication to the LAN (see NOTE at bottom).







Rule 2
Name: give one WAN-IP access

Source ip: WAN: my WAN IP

Destination ip: LAN: the LAN IP

Protocol & Port: ANY

Schedule: Always Enable


The above rule lets my WAN IP address, and only my WAN IP address, initiate communication to the LAN IP through -ANY- LAN port. Alternatively, there is a way to specify just one port instead of -ANY- but doing so would mean writing another rule and altering the above rule.








Lastly, using the Web GUI for the router i forwarded the LAN port i want the WAN IP to access. If you don't forward the LAN port, then the port will remain closed to the WAN even if, in the above rule, you allow the WAN to access the any port (or that specific port).






Thank you.







NOTE
http://forums.dlink.com/index.php?topic=48059.msg199390#msg199390
...
Quote
if you activate "Turn IPv6 Firewall ON and ALLOW rules listed" all inbound and outbound traffic is completely blocked. In this situation you have to define at least one rule that allows outgoing traffic of any kind (which implicitly allows inbound response traffic due to the firewall's stateful inspection feature).

« Last Edit: March 08, 2023, 10:38:10 PM by thethreeamigos »
Logged