Hi all, i would like to create a VPN account under "PPP", for this VPN account, i name it "user1", this account is only allowed to access one server (IP: 1.1.1.1 ftp port 21) in my internal network. user1 will be dialing VPN from internet.
my idea is do a 2 firewall rules. the first will allow user1 to access to my server 1.1.1.1 ftp port 21, the second firewall rules will drop any other connection to other server or protocol.
i created a "profiles" under "PPP" and name it "profile1", then i change the remote address at profile1 to 9.9.9.9, then at "Secrets" under "PPP", i created a account name "user1" and the profile i change to "profile1"
At "firewall" >> "Address Lists" I created a list name "ftp_list" and address=9.9.9.9
at the "Firewall" under "Filter Rules", i added rule1, chain=input, dst address = 1.1.1.1, protocol = tcp, dst port= 21, under "Advanced" tab, i put Src.address list = ftp_list, Action=accept
(assume user1 dial in, he/she will be assigned ip 9.9.9.9 (ftp_list), so he/she is allowed to ftp to 1.1.1.1 port 21)
at the same place, i added rule2, chain=input, protocol=tcp, action=drop (supposed it will drop everything after rule1)
But, i tested it, and it won't work. When user1 dialed into the MK router, it can ping/telnet/ftp to any servers.
the reason i want to limit user1 to access only to 1.1.1.1 from internet is because security concern.
can anyone give me some advise?
Thanks!