Port Forwarding - Blocking all IP's except those within a specified range.

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Port Forwarding - Blocking all IP's except those within a specified range.

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Port Forwarding - Blocking all IP's except those within a specified range.
Port Forwarding - Blocking all IP's except those within a specified range.
2024-04-22 22:40:18 - last edited 2024-04-25 00:58:20
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.1.2

I have a computer that runs remote desktop for remote management, the remote desktop port is exposed on the WAN network. Although this type of thing is not "Ideal" but using a VPN from the connecting device is not a solution. It has a program on it to prevent brute force attacks. However I normally access this computer from specific IP ranges and I would like to block out all other ranges except for those specified in a list. 

I'm not new to networking. I am new to this router, I'm not sure how to go about this setting particularly. 

  0      
  0      
#1
Options
2 Accepted Solutions
Re:Port Forwarding - Blocking all IP's except those within a specified range. -Solution
2024-04-24 01:42:26 - last edited 2024-04-25 00:58:24

Hi @dillonb 

Thanks for posting in our business forum.

dillonb wrote

  @Clive_A I figured out how to specify IP ranges and added a 0.0.0.0/0 range marked "All". Configuring these for 3389 specifically and I found that everything I created was ineffective. Removing all the allowed IP ranges should have blocked 3389 as a port entirely. Which did not. 

I did some googling. Found that another forum described this issue aswell. Is this an issue that will be fixed in the future?

https://community.tp-link.com/en/business/forum/topic/592348

Please provide the screenshots of your config.

This should be something we supported a long time ago.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  0  
  0  
#4
Options
Re:Port Forwarding - Blocking all IP's except those within a specified range. -Solution
2024-04-24 06:49:25 - last edited 2024-04-25 00:58:20

  @Clive_A Used HTTPS and it worked fine. 

 

 

One last issue I am experiencing. 

My previous router was a Cisco RV320, and we had setup port forwarding for Vital PBX. I noted and printed off the settings to ensure ports are forwarded on this router. The router also gets the same IP on WAN and LAN as the old so it's a direct "swap-swap"

 

I applied these settings and the mobile app works fine and anyone can register. However, outside of the LAN (anywhere on the Internet) there is no audio for calls. 

 

I reinstalled the old RV320 to confirm that my issue is related to the router and not to VitalPBX and the old router works fine. 

 

Appears I have an RTP issue despite ports being forwarded. Any suggestions? I can upload screenshots tomorrow morning. 


**Followup** I fiddled with this and determined SIP ALG must be unchecked. Now calls are working

Recommended Solution
  1  
  1  
#7
Options
6 Reply
Re:Port Forwarding - Blocking all IP's except those within a specified range.
2024-04-23 01:55:52

Hi @dillonb 

Thanks for posting in our business forum.

Looks like it is ACL. WAN IN ACL.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#2
Options
Re:Port Forwarding - Blocking all IP's except those within a specified range.
2024-04-23 03:56:14

  @Clive_A I figured out how to specify IP ranges and added a 0.0.0.0/0 range marked "All". Configuring these for 3389 specifically and I found that everything I created was ineffective. Removing all the allowed IP ranges should have blocked 3389 as a port entirely. Which did not. 

I did some googling. Found that another forum described this issue aswell. Is this an issue that will be fixed in the future?

https://community.tp-link.com/en/business/forum/topic/592348

  0  
  0  
#3
Options
Re:Port Forwarding - Blocking all IP's except those within a specified range. -Solution
2024-04-24 01:42:26 - last edited 2024-04-25 00:58:24

Hi @dillonb 

Thanks for posting in our business forum.

dillonb wrote

  @Clive_A I figured out how to specify IP ranges and added a 0.0.0.0/0 range marked "All". Configuring these for 3389 specifically and I found that everything I created was ineffective. Removing all the allowed IP ranges should have blocked 3389 as a port entirely. Which did not. 

I did some googling. Found that another forum described this issue aswell. Is this an issue that will be fixed in the future?

https://community.tp-link.com/en/business/forum/topic/592348

Please provide the screenshots of your config.

This should be something we supported a long time ago.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  0  
  0  
#4
Options
Re:Port Forwarding - Blocking all IP's except those within a specified range.
2024-04-24 03:31:54

  @Clive_A 
I followed the procedure in this link. https://www.tp-link.com/cac/support/faq/2026/

This works fine. I just needed to be pointed in the correct direction. 

I am experiancing another issue. I am trying to isolate communication between VLANs and when I create policies to do so. This is a result. Unable to determine. 

  0  
  0  
#5
Options
Re:Port Forwarding - Blocking all IP's except those within a specified range.
2024-04-24 06:02:30

Hi @dillonb 
Thanks for posting in our business forum.

dillonb wrote

  @Clive_A 
I followed the procedure in this link. https://www.tp-link.com/cac/support/faq/2026/

This works fine. I just needed to be pointed in the correct direction. 

I am experiancing another issue. I am trying to isolate communication between VLANs and when I create policies to do so. This is a result. Unable to determine. 

 

Get into it via incognito or private mode. Cache issue, AFAICS.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#6
Options
Re:Port Forwarding - Blocking all IP's except those within a specified range. -Solution
2024-04-24 06:49:25 - last edited 2024-04-25 00:58:20

  @Clive_A Used HTTPS and it worked fine. 

 

 

One last issue I am experiencing. 

My previous router was a Cisco RV320, and we had setup port forwarding for Vital PBX. I noted and printed off the settings to ensure ports are forwarded on this router. The router also gets the same IP on WAN and LAN as the old so it's a direct "swap-swap"

 

I applied these settings and the mobile app works fine and anyone can register. However, outside of the LAN (anywhere on the Internet) there is no audio for calls. 

 

I reinstalled the old RV320 to confirm that my issue is related to the router and not to VitalPBX and the old router works fine. 

 

Appears I have an RTP issue despite ports being forwarded. Any suggestions? I can upload screenshots tomorrow morning. 


**Followup** I fiddled with this and determined SIP ALG must be unchecked. Now calls are working

Recommended Solution
  1  
  1  
#7
Options