Hi all, i would like to create a VPN account under "PPP", for this VPN account, i name it "user1", this account is only allowed to access one server (IP: 220.127.116.11 ftp port 21) in my internal network. user1 will be dialing VPN from internet.
my idea is do a 2 firewall rules. the first will allow user1 to access to my server 18.104.22.168 ftp port 21, the second firewall rules will drop any other connection to other server or protocol.
i created a "profiles" under "PPP" and name it "profile1", then i change the remote address at profile1 to 22.214.171.124, then at "Secrets" under "PPP", i created a account name "user1" and the profile i change to "profile1"
At "firewall" >> "Address Lists" I created a list name "ftp_list" and address=126.96.36.199
at the "Firewall" under "Filter Rules", i added rule1, chain=input, dst address = 188.8.131.52, protocol = tcp, dst port= 21, under "Advanced" tab, i put Src.address list = ftp_list, Action=accept
(assume user1 dial in, he/she will be assigned ip 184.108.40.206 (ftp_list), so he/she is allowed to ftp to 220.127.116.11 port 21)
at the same place, i added rule2, chain=input, protocol=tcp, action=drop (supposed it will drop everything after rule1)
But, i tested it, and it won't work. When user1 dialed into the MK router, it can ping/telnet/ftp to any servers.
the reason i want to limit user1 to access only to 18.104.22.168 from internet is because security concern.
can anyone give me some advise?