Firewall vs Virtual Server

Post Reply
matthew
Posts: 2
Joined: Mon Oct 24, 2011 12:26 pm

Firewall vs Virtual Server

Post by matthew » Mon Oct 24, 2011 3:35 pm

I've just got a 7800N, upgrading from a Netgear DG843g - so far, so good, the Billion seems to have all the features I want. However, I'm stuck with allowing port forwarding only from a specific IP.

What I want is simply to forward traffic from external address A on port B to internal address C. Or, IOW, I specifically only want Service B on server C available to external user A.

I could do this on the Netgear, since port forwarding and the firewall were one and the same thing. On the Billion, it seems:

* Setting up this rule in Firewall doesn't work until I also set it up in Virtual Server

* Once I set it up in Virtual Server, it allows through traffic from any IP address, regardless of the presence of an allow rule in the firewall - and even does so if I have a drop rule.

This should be doable - would be great if anyone could point me as to what combination of things I need to set up to enable it.

sabre999uk
Posts: 38
Joined: Tue Aug 09, 2011 5:31 pm

Re: Firewall vs Virtual Server

Post by sabre999uk » Mon Oct 24, 2011 8:29 pm

Hi,
I do this to forward ftp traffic for 1 IP to my NAS using 1.06d firmware and the log entries show its working as expected:
Caused me no end of hair pulling out till someone on the Australian Whirlpool forum gave me the solution.
portmapping.jpg
packetfilter.jpg
Steve
You do not have the required permissions to view the files attached to this post.

matthew
Posts: 2
Joined: Mon Oct 24, 2011 12:26 pm

Re: Firewall vs Virtual Server

Post by matthew » Tue Oct 25, 2011 7:21 am

Thank you Steve! I almost had it by using both port mapping and 2 firewall rules to drop all and allow the IP in question... but it seems that leaving the external port blank in the firewall rules is the key point. I'm not sure I'd have ever figured that out, so your helpful reply and screenshots are much appreciated.

Needing the port map as well likely rules out something I do sometimes, which is to route a given port to different internal IPs depending on the external IP. I might be able to do it by mapping things to different ports, I wonder if the firewall rule or the port map comes first?

sabre999uk
Posts: 38
Joined: Tue Aug 09, 2011 5:31 pm

Re: Firewall vs Virtual Server

Post by sabre999uk » Tue Oct 25, 2011 10:40 am

Hi
Glad it helped, over at Whirlpool I was told the port mapping comes first then the packet filter.

Steve

Post Reply