How Do I block an IP Range ?

Post Reply
martop01
Posts: 5
Joined: Tue Dec 06, 2011 8:03 pm

How Do I block an IP Range ?

Post by martop01 » Tue Dec 06, 2011 8:13 pm

Hi,

I am really getting lost with this, I have the 7800N and have a server hooked to it, this server has a web server running on port 80 and I have forward that port and the IP of the server so I can access it externally, it all works but I want to try to allow only a range of external IP addresses to access the web server.

I created a packet filter for the to and from external IP range and the port numbers and set it to incoming and forward
A rule was made to the drop any external IP range on port 80.

Testing this with an external IP address allowed me to access the server as I have a computer with an external IP address in my set range but if I set the packet rule to drop for testing if it blocks, it still lets me access the web server

Can some kind person put me out of my misery and point to a guide for doing this, the idea being only IP addresses in a selected range can access the web server

Thanks for any help offered :-)

billion_fan
Posts: 5294
Joined: Tue Jul 19, 2011 4:30 pm

Re: How Do I block an IP Range ?

Post by billion_fan » Wed Dec 07, 2011 10:33 am

Hi martop01

Can you send me a screen capture of your settings, so I can advise on how you should setup the rule within the packet filtering section.

A screen capture of your packet filtering page should do.

Thanks

martop01
Posts: 5
Joined: Tue Dec 06, 2011 8:03 pm

Re: How Do I block an IP Range ?

Post by martop01 » Wed Dec 07, 2011 2:46 pm

Hi billion_fan, thank you for replying,

I thought this would be easy as I understood a packet filter rule would allow me to select a range of ip addresses from outside my network to access the server, I seem to be able to do this woth psrt forwarding easy enough but controlling the ip range has got me stumped.

The first image is packet rule I am trying to make, the external ip range is the one I want to allow, I want everything outside that range to be blocked but I only have the options to forward or drop ?

The second image is the virtual server or port forward rule that I know works but that just allows any ip address to see the server :-(
Thanks for helping, much appreciated :-)
You do not have the required permissions to view the files attached to this post.

sabre999uk
Posts: 38
Joined: Tue Aug 09, 2011 5:31 pm

Re: How Do I block an IP Range ?

Post by sabre999uk » Wed Dec 07, 2011 3:22 pm

Hi,
Take a look at my reply in this post viewtopic.php?f=9&t=106 it shows how I set up the packet filtering & port mapping to do the same thing with ftp.

Steve

martop01
Posts: 5
Joined: Tue Dec 06, 2011 8:03 pm

Re: How Do I block an IP Range ?

Post by martop01 » Wed Dec 07, 2011 11:12 pm

Thank you :-)

I will start over and follow the suggestion, the picture of the packet filter wasnt complete as I took it while making the rule. I'm not to familiar with the billion router as its new so it takes a bit of getting used to, I thought you could either port forward or packet filter as they did the same thing, things you learn :-)

Thanks for helping, much appreciated :-)

martop01
Posts: 5
Joined: Tue Dec 06, 2011 8:03 pm

Re: How Do I block an IP Range ?

Post by martop01 » Thu Dec 08, 2011 9:36 am

sabre999uk wrote:Hi,
Take a look at my reply in this post viewtopic.php?f=9&t=106 it shows how I set up the packet filtering & port mapping to do the same thing with ftp.

Steve
I started with a new set up and followed the settings you suggested, mine differs in that the incoming ip is a range so I set it for that and made sure it logged both the forward and drop rules, from what I can see, its working !

Thank you for providing the link to the setup page you created, much appreciated.
--
Martop

martop01
Posts: 5
Joined: Tue Dec 06, 2011 8:03 pm

Re: How Do I block an IP Range ?

Post by martop01 » Fri Dec 09, 2011 11:39 pm

sabre999uk,

I just want to say thank you for your help and your guide, I had the rules set up and its working, lots of dropped packets in the logs and the only forward packets are from the desired ip range. I did test this with a anonymous proxy, as expected the proxy times out, the rest of the logs are from the people I want to keep out :-)

Thanks,

Martop

sabre999uk
Posts: 38
Joined: Tue Aug 09, 2011 5:31 pm

Re: How Do I block an IP Range ?

Post by sabre999uk » Sun Dec 11, 2011 5:02 pm

Hi,
Glad I could help.

Steve

Post Reply