Hi,
is it possible to open a port for only a specific IP range, for example a country ip range?
Use case is.: i want to reach the security cam but dont want that port to be available for the whole world.
I can set the source IP and it works fine. How to get the whole IPs of a country into the source field? I have a list of IP but it doesnt accept it in the source field.
Create address list (IP Firewall Address-list). You can add IP subnets (196.123.123.0/24) and individual addresses. (196.123.123.123)
Add dstnat rule, and use address list as src-address-list
There exists no such thing as ‘a country IP range’ so you will have to manage that a different way.
Of course you can enter the range used by a provider as a subnet notation (e.g. 123.123.0.0/16) in the src.address field.
Or you can leave that out and use the “src.address list” where you enter the name of an address list that you previously
filled with all addresses or subnets you want to allow. Go to the address list tab, enter some address or subnet and a name,
and then enter more addresses if desired with the same name, they will automatically form an address list that you can use.
One other thing you could do is set up a port knock in the router that would allow you to open the port for your camera from whatever IP you were coming from. That way the inbound port is normally dead, until you run the port knock, and then the port opens for some amount of time allowing you to connect to your camera.
I would have setup an L2TP IPSEC VPN to your net. Then you can reach the camera in a secure way.
Yes, that is a much better solution. It is possible to use it from a phone, for example.