I have a 7800DX running the latest 2.32e firmware. I have used one-to-one NAT to point one of my company's external IPv4 addresses (111.222.333.444) to a web server running on an internal address (192.168.1.xxx).
If I don't create any firewall rules, then no one outside my office can see the web server. This is what I'd expect.
But as soon as I create a firewall rule that mentions either 111.222.333.444 or 192.168.1.xxx, the outside world can see all of the open ports on my web server (ftp, ssh, http). Even if I only specify port 80.
How can I use the firewall to control selected ports on an address that has been 1-1 NATted?
Should I be using the Virtual Servers feature on the router instead of one-to-one NAT?
Ta, Robert
7800DX 1-1 NAT and Firewall not working
-
billion_fan
- Posts: 5398
- Joined: Tue Jul 19, 2011 4:30 pm
Re: 7800DX 1-1 NAT and Firewall not working
Try setting up the rules within the outgoing filter, 1 rule to block everything and the second to allow traffic (drop rule has to be below the forward rule), example attached, (for the forward rule you can leave the destination address as blank, meaning any WAN IP can can access port 443 used for this example)oakworthy wrote:I have a 7800DX running the latest 2.32e firmware. I have used one-to-one NAT to point one of my company's external IPv4 addresses (111.222.333.444) to a web server running on an internal address (192.168.1.xxx).
If I don't create any firewall rules, then no one outside my office can see the web server. This is what I'd expect.
But as soon as I create a firewall rule that mentions either 111.222.333.444 or 192.168.1.xxx, the outside world can see all of the open ports on my web server (ftp, ssh, http). Even if I only specify port 80.
How can I use the firewall to control selected ports on an address that has been 1-1 NATted?
Should I be using the Virtual Servers feature on the router instead of one-to-one NAT?
Ta, Robert
You do not have the required permissions to view the files attached to this post.
-
oakworthy
- Posts: 10
- Joined: Wed Sep 11, 2013 12:29 pm
Re: 7800DX 1-1 NAT and Firewall not working
Thanks for this. I tried it, opening only port 80. According to a remote nmap service I just tried, there is now only 1 open port on my server. However, it's 21 rather than 80!!!
Think I'll do a factory reset and start again, and see what happens. If it still plays silly games, I'll post a screen shot here.
Incidentally, I have a BT FTTC modem further up the chain, if that makes any difference. The Billion is being a router but not a modem.
Robert
Think I'll do a factory reset and start again, and see what happens. If it still plays silly games, I'll post a screen shot here.
Incidentally, I have a BT FTTC modem further up the chain, if that makes any difference. The Billion is being a router but not a modem.
Robert
-
billion_fan
- Posts: 5398
- Joined: Tue Jul 19, 2011 4:30 pm
Re: 7800DX 1-1 NAT and Firewall not working
That shouldn't really matter (the open reach modem), just use the outgoing filter to block all ports, then set up a forward rule for the ports that are required and you should be fine.oakworthy wrote:Thanks for this. I tried it, opening only port 80. According to a remote nmap service I just tried, there is now only 1 open port on my server. However, it's 21 rather than 80!!!
Think I'll do a factory reset and start again, and see what happens. If it still plays silly games, I'll post a screen shot here.
Incidentally, I have a BT FTTC modem further up the chain, if that makes any difference. The Billion is being a router but not a modem.
Robert