Topic: Port Forward AND Firewall (Read 5385 times)

rob@grayspace.com · « **on:** May 18, 2010, 12:25:49 PM »

DIR-130
I'd like to forward port 80 (HTTP) to an internal IP address, but restrict it to certain ip addresses. I don't want the entire internet to have access to the internal web server, just those that I specify. I find that if I set a port-forward rule, then all external ip addresses can access the server. If I then go into the firewall rules, I see that a rule has been created that allows 0.0.0.0 (entire internet) to access that internal web server. I can create a rule to deny a specific ip address, but if I create a rule to deny all ip addresses, then another rule to allow certain IP addresses then the DENY ALL takes precedence.
Is there any way to achieve what I want?

rob@grayspace.com · « **Reply #1 on:** May 18, 2010, 12:56:21 PM »

OK, I may have figured this out...

Create a port-forwarding rule to forward HTTP traffic to a certain IP address.
...this automatically creates a firewall rule that ALLOWS entire internet access to this port/internal IP address. You can't disable this rule. The ONLY thing you CAN do is change the SOURCE IP Address/Range.
...Change this range from 0.0.0.0 to one of the IP Addresses or ranges on your ALLOW list. This should DENY the entire internet from being allowed access through your firewall, and ALLOW the address or range you have specified.
Then you create new rules to allow other specific IP Addresses/Ranges access to this port.

Seems to be working here now.

D-Link Forums

News:

Author Topic: Port Forward AND Firewall (Read 5385 times)

rob@grayspace.com

Port Forward AND Firewall

rob@grayspace.com

Re: Port Forward AND Firewall