Business Community > Routers > limit specific IP to access to internal server
< Routers

limit specific IP to access to internal server

12

limit specific IP to access to internal server

limit specific IP to access to internal server
limit specific IP to access to internal server
3 weeks ago - last edited 3 weeks ago
Tags: #Gateway ACL #NAT
Model: ER706W-4G  
Hardware Version: V1
Firmware Version: ER706W-4G_V1_1_0 1.20231129.54168(4555)

Hi

 

Need some help with the following issue.

 

I want to open up port 22 but then restrict which external IP can access it.

 

I've tried to follow these instructions but it's so confusing.

 

https://www.tp-link.com/us/support/faq/2026/

 

 

Any help would be appreciated.

  0      
 
  0      
 
#1
Options
18 Reply
Re:limit specific IP to access to internal server
3 weeks ago

Hi @locn 

Thanks for posting in our business forum.

Please specify your question. What part is confusing?

It is using two rules one allow and one deny. That's the common way to set up limited access in ACL.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ (Disclaimer: Short links are used above solely for guidance to TP-Link subdomains and are safe and tracker-free. Exercise caution with short links from non-official members on forums. We are not liable for external content or damage from non-official members' link use.)
  1  
  1  
#2
Options
Re:limit specific IP to access to internal server
3 weeks ago
thanks. the description is confusing. none the less I think i've set it up as per the instructions but i can still access the server behind the firewall from a different IP. i'm using SFTP to backup some websites onto a nas so port 22 is open and i've restricted it to the website IP but i can still SFTP into the nas from the different external IP.
  0  
  0  
#3
Options
Re:limit specific IP to access to internal server
3 weeks ago

Hi @locn 

Thanks for posting in our business forum.

locn wrote

thanks. the description is confusing. none the less I think i've set it up as per the instructions but i can still access the server behind the firewall from a different IP. i'm using SFTP to backup some websites onto a nas so port 22 is open and i've restricted it to the website IP but i can still SFTP into the nas from the different external IP.

Be sure you reply to my post instead of replying to yourself. I may miss your post if you did not mention me.

 

So you are certain that every single step be followed as the guide writes? The block SRC is any IP address? And the direction is correct as the guide?

Behind the firewall from a different IP? Do you mean a different router with a different public IP address?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ (Disclaimer: Short links are used above solely for guidance to TP-Link subdomains and are safe and tracker-free. Exercise caution with short links from non-official members on forums. We are not liable for external content or damage from non-official members' link use.)
  1  
  1  
#4
Options
Re:limit specific IP to access to internal server
3 weeks ago

  @Clive_A 

 

oh sorry about that and thanks for correcting me about the reply.

 

i believe i've done it correctly.

 

  0  
  0  
#5
Options
Re:limit specific IP to access to internal server
3 weeks ago

Clive_A wrote

Hi @locn 

Thanks for posting in our business forum.

locn wrote

thanks. the description is confusing. none the less I think i've set it up as per the instructions but i can still access the server behind the firewall from a different IP. i'm using SFTP to backup some websites onto a nas so port 22 is open and i've restricted it to the website IP but i can still SFTP into the nas from the different external IP.

Be sure you reply to my post instead of replying to yourself. I may miss your post if you did not mention me.

 

So you are certain that every single step be followed as the guide writes? The block SRC is any IP address? And the direction is correct as the guide?

Behind the firewall from a different IP? Do you mean a different router with a different public IP address?

  @Clive_A 

 

not sure but i don't think it uploaded the image.

so i'll try here again.

 

  0  
  0  
#6
Options
Re:limit specific IP to access to internal server
3 weeks ago

Clive_A wrote

Hi @locn 

Thanks for posting in our business forum.

locn wrote

thanks. the description is confusing. none the less I think i've set it up as per the instructions but i can still access the server behind the firewall from a different IP. i'm using SFTP to backup some websites onto a nas so port 22 is open and i've restricted it to the website IP but i can still SFTP into the nas from the different external IP.

Be sure you reply to my post instead of replying to yourself. I may miss your post if you did not mention me.

 

So you are certain that every single step be followed as the guide writes? The block SRC is any IP address? And the direction is correct as the guide?

Behind the firewall from a different IP? Do you mean a different router with a different public IP address?

  @Clive_A 

 

no i'm not behind the firewall. i'm logging in from a different public IP to test and it's allowing me to connect using SFTP

  0  
  0  
#8
Options
Re:limit specific IP to access to internal server
3 weeks ago

Hi @locn 

Thanks for posting in our business forum.

locn wrote

Clive_A wrote

Hi @locn 

Thanks for posting in our business forum.

locn wrote

thanks. the description is confusing. none the less I think i've set it up as per the instructions but i can still access the server behind the firewall from a different IP. i'm using SFTP to backup some websites onto a nas so port 22 is open and i've restricted it to the website IP but i can still SFTP into the nas from the different external IP.

Be sure you reply to my post instead of replying to yourself. I may miss your post if you did not mention me.

 

So you are certain that every single step be followed as the guide writes? The block SRC is any IP address? And the direction is correct as the guide?

Behind the firewall from a different IP? Do you mean a different router with a different public IP address?

  @Clive_A 

 

no i'm not behind the firewall. i'm logging in from a different public IP to test and it's allowing me to connect using SFTP

What about the service you created and the DST IP group?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ (Disclaimer: Short links are used above solely for guidance to TP-Link subdomains and are safe and tracker-free. Exercise caution with short links from non-official members on forums. We are not liable for external content or damage from non-official members' link use.)
  0  
  0  
#9
Options
Re:limit specific IP to access to internal server
3 weeks ago

Clive_A wrote

Hi @locn 

Thanks for posting in our business forum.

locn wrote

Clive_A wrote

Hi @locn 

Thanks for posting in our business forum.

locn wrote

thanks. the description is confusing. none the less I think i've set it up as per the instructions but i can still access the server behind the firewall from a different IP. i'm using SFTP to backup some websites onto a nas so port 22 is open and i've restricted it to the website IP but i can still SFTP into the nas from the different external IP.

Be sure you reply to my post instead of replying to yourself. I may miss your post if you did not mention me.

 

So you are certain that every single step be followed as the guide writes? The block SRC is any IP address? And the direction is correct as the guide?

Behind the firewall from a different IP? Do you mean a different router with a different public IP address?

  @Clive_A 

 

no i'm not behind the firewall. i'm logging in from a different public IP to test and it's allowing me to connect using SFTP

What about the service you created and the DST IP group?

  @Clive_A 

 

service is SFTP    TCP    Source Port = 22-22; Destination Port = 22-22

DST IP group is local ip address of NAS 192.168.13.0/24

  0  
  0  
#10
Options
Re:limit specific IP to access to internal server
3 weeks ago

Hi @locn 

Thanks for posting in our business forum.

locn wrote

Clive_A wrote

Hi @locn 

Thanks for posting in our business forum.

locn wrote

Clive_A wrote

Hi @locn 

Thanks for posting in our business forum.

locn wrote

thanks. the description is confusing. none the less I think i've set it up as per the instructions but i can still access the server behind the firewall from a different IP. i'm using SFTP to backup some websites onto a nas so port 22 is open and i've restricted it to the website IP but i can still SFTP into the nas from the different external IP.

Be sure you reply to my post instead of replying to yourself. I may miss your post if you did not mention me.

 

So you are certain that every single step be followed as the guide writes? The block SRC is any IP address? And the direction is correct as the guide?

Behind the firewall from a different IP? Do you mean a different router with a different public IP address?

  @Clive_A 

 

no i'm not behind the firewall. i'm logging in from a different public IP to test and it's allowing me to connect using SFTP

What about the service you created and the DST IP group?

  @Clive_A 

 

service is SFTP    TCP    Source Port = 22-22; Destination Port = 22-22

DST IP group is local ip address of NAS 192.168.13.0/24

Should be /32

And the IP should be 192.168.13.X/32.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ (Disclaimer: Short links are used above solely for guidance to TP-Link subdomains and are safe and tracker-free. Exercise caution with short links from non-official members on forums. We are not liable for external content or damage from non-official members' link use.)
  0  
  0  
#11
Options
Re:limit specific IP to access to internal server
3 weeks ago

Clive_A wrote

Hi @locn 

Thanks for posting in our business forum.

locn wrote

Clive_A wrote

Hi @locn 

Thanks for posting in our business forum.

locn wrote

Clive_A wrote

Hi @locn 

Thanks for posting in our business forum.

locn wrote

thanks. the description is confusing. none the less I think i've set it up as per the instructions but i can still access the server behind the firewall from a different IP. i'm using SFTP to backup some websites onto a nas so port 22 is open and i've restricted it to the website IP but i can still SFTP into the nas from the different external IP.

Be sure you reply to my post instead of replying to yourself. I may miss your post if you did not mention me.

 

So you are certain that every single step be followed as the guide writes? The block SRC is any IP address? And the direction is correct as the guide?

Behind the firewall from a different IP? Do you mean a different router with a different public IP address?

  @Clive_A 

 

no i'm not behind the firewall. i'm logging in from a different public IP to test and it's allowing me to connect using SFTP

What about the service you created and the DST IP group?

  @Clive_A 

 

service is SFTP    TCP    Source Port = 22-22; Destination Port = 22-22

DST IP group is local ip address of NAS 192.168.13.0/24

Should be /32

And the IP should be 192.168.13.X/32.

  @Clive_A 

 

ok thanks. i'll try that now.

the external IP is 203.xx.xx.144/30 ? i looked up the subnet so is that correct?

  0  
  0  
#12
Options
12

Information

Helpful: 0

Views: 318

Replies: 18

Tags

Gateway ACL NAT
Related Articles
Limit bandwidth for a specific IP
417 0
Disable access to HTTP manage server in specific VLAN
774 0
Port Forwarding 443 Forwards to the WebUI of the Router Instead of the Internal Server
1149 0
TL-ER6020 route a internal IP to a specific WAN
3142 0
access internal server with external address
3141 0
R600VPN internal server via external IP.
1311 0
About Us
Press
Copyright © TP-LINK CORPORATION PTE. LTD. All rights reserved.