Page 1 of 1

Re: How to access network from internet for some IP  [SOLVED]

Posted: Fri May 08, 2020 4:17 pm
by Zacharias
Add that specific IP in the src-address parameter of your Firewall rule...

Re: How to access network from internet for some IP

Posted: Fri May 08, 2020 4:21 pm
by erlinden
Or better, use a VPN server for additional security (together with address list for allowed VPN IP's).

Re: How to access network from internet for some IP

Posted: Fri May 08, 2020 6:01 pm
by anav
As noted by both, its not quite clear what the requirements are...........
Is it.
1. Let some external users access servers on your LAN network (behind the router).
2. Let some external user (perhaps yourself) access the router itself to be able to manage the router/network.
3. Something else??

1. Is very common(port forwarding to a server)., and one needs to have in place a sourcenat rule, a destination nat rule or two, and the required/associated firewall rule for dstnat in general
As noted there is some concern for allowing external users to anything on the LAN network so yes, the idea of limiting it to specific WANIPs out there is a good idea. An added bonus of the source address list added to a dstnat rule is that on scans the port is invisible (without a source address list, the port is visible on scans but appears as closed).
Do recommend that the server is accessed via https or FTPs some secure protocol and has a user name password involved as well. Not sure if its worth it but there are ways to capture IPs with a number of attempts to access server and then reject them for a period of time (router function). Depending on the sensitivity of the data, the advice for VPN type connectivity is a good one.

2. Should only be done via VPN.

3. ??

Re: How to access network from internet for some IP

Posted: Mon May 11, 2020 8:48 am
by Jotne
VPN is the way to go for Router admin from the outside.

If VPN is not possible to use, then to access the route:

1. Use another port than default.
2. Use port knocking. This prevents someone from seeing open ports.
3. Use a long and good password.
4. Use access list to prevent any random internet from accessing your router.
5. Log everything. (See my signature for example.)
6. If possible setup the remote router to connect using VPN to an admin site.
7.++++

Re: How to access network from internet for some IP

Posted: Mon May 11, 2020 4:26 pm
by anav
apparently there is a simple VPN setup now in quickset checkbox. havent tried it yet but will soon.

Re: How to access network from internet for some IP

Posted: Thu Jul 23, 2020 3:52 pm
by JanLewisfD
Yes, VPN will be a good choice, rather than the hard with a lot of explanation! Did you resolve!? If you don’t know that field and you are interested, maybe you don’t have work as example. If work in IT for 5 years and this type of problems of forums make me want to teach people online through conference. Well that's not the point. I did best decision as I got my Cisco certificate. I share spotoclub.com with other people who want to work from home and have good income. It helped me personally. Now I travel Asia and work remotely!