• March 28, 2024, 04:22:54 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: How to block traffic on a port except from one external server?  (Read 10560 times)

leshric

  • Level 1 Member
  • *
  • Posts: 4

I have a VOIP phone system and my phones are getting random unanswerable calls.  My provider says that this is because random people are probing my IP port 5060 which is causing the phones to ring.  They say that I just need to block all incoming traffic on port 5060 except from their server, but I can't figure out how to do it!  Can this router do that or do I need a new one?

I have a DIR-655 Rev A, FW 1.35NA

Thanks!
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: How to block traffic on a port except from one external server?
« Reply #1 on: March 27, 2014, 11:46:55 AM »

Link>Welcome!

  • What region are you located?


Internet Service Provider and Modem Configurations
  • What ISP Service do you have? Cable or DSL?
  • What ISP Modem Mfr. and model # do you have?

You'll need to set up scheduling and access control to block this specific port. It's been a while however under access control there is a setting that you can input a specific custom port number to block.

Found it, under Advanced/Access Control, Step 4: Select Block Some Access, and check mark Apply Advanced Port Filters, select Next and then you see the display to input port numbers and input a range of IP addresses to filter for that port number. I recommend gathering all effected devices and reserving the IP addresses first for each phone. Start at 192.168.0.100 and assign them sequentially up to the ending IP address for the last one.

So when you have done this, you'll see the Dest IP Start and End range. Just input 192.168.0.100 and the last IP address for the last phone in to the Dest IP End range. Input the port number for both Dest Start and End and select any Protocol.

Select Save. Reboot the router and test.
« Last Edit: March 27, 2014, 11:55:22 AM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: How to block traffic on a port except from one external server?
« Reply #2 on: May 05, 2014, 07:33:33 AM »

Any status on this?  ???

I have a VOIP phone system and my phones are getting random unanswerable calls.  My provider says that this is because random people are probing my IP port 5060 which is causing the phones to ring.  They say that I just need to block all incoming traffic on port 5060 except from their server, but I can't figure out how to do it!  Can this router do that or do I need a new one?

I have a DIR-655 Rev A, FW 1.35NA

Thanks!
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

PacketTracer

  • Level 4 Member
  • ****
  • Posts: 441
Re: How to block traffic on a port except from one external server?
« Reply #3 on: August 31, 2014, 03:31:37 PM »

Hi Furry,

reading what you wrote I'm in doubt if this is what the OP wants: Configuring ACCESS CONTROL means to restrict selected local clients to use specific destinations in the Internet.

But here it is the other way round: The OP wants to restrict connections coming from the Internet to connect to port 5060 of his local phone system except for connection requests coming from a specific server IP address of his provider!

And to my mind the solution could be a combination of
  • [1] defining an INBOUND FILTER, name it "Provider"
  • [2] defining a VIRTUAL SERVER, that uses Inbound Filter "Provider"

In detail:

[1] Define Inbound Filter "Provider":

  • Select ADVANCED | INBOUND FILTER
  • Enter Name: Provider
  • Select Action: Allow
  • In the first line of the Remote IP Range:
       - Check the Enable check box
        - Enter Remote IP Start = <IP address of provider's server>
        - Enter Remote IP End = <IP address of provider's server>
  • Click Add

[2] Define a Virtual Server:

  • Select ADVANCED | VIRTUAL SERVER
  • Check the check box of the next free entry
  • Enter Name: VoIP
  • Enter Public Port: 5060
  • Select Traffic Type Protocol: TCP (or UPD or Both, whichever is needed)
  • Select Schedule: Always
  • Enter IP address: = <IP address of the VoIP phone system>
  • Enter Private Port: 5060
  • Select Inbound Filter: Provider (which is available here due to step [1] above)
  • Click Save Settings

Probably the OP already has some kind of Virtual Server or Port Forwarding rule for port 5060 because otherwise it couldn't have happened what he describes. And probably within the corresponding rule he has set the Inbound Filter to "Allow All". If so, all he has to do is step [1] and then change the Inbound Filter from "Allow All" to "Provider".

PT
« Last Edit: August 31, 2014, 03:38:52 PM by PacketTracer »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: How to block traffic on a port except from one external server?
« Reply #4 on: August 31, 2014, 03:33:50 PM »

Awesome, I think the mis understood the external vs internal. Thanks PT.  ;)
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.