limit specific IP to access to internal server
limit specific IP to access to internal server
Hi
Need some help with the following issue.
I want to open up port 22 but then restrict which external IP can access it.
I've tried to follow these instructions but it's so confusing.
https://www.tp-link.com/us/support/faq/2026/
Any help would be appreciated.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @locn
Thanks for posting in our business forum.
Please specify your question. What part is confusing?
It is using two rules one allow and one deny. That's the common way to set up limited access in ACL.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hi @locn
Thanks for posting in our business forum.
locn wrote
thanks. the description is confusing. none the less I think i've set it up as per the instructions but i can still access the server behind the firewall from a different IP. i'm using SFTP to backup some websites onto a nas so port 22 is open and i've restricted it to the website IP but i can still SFTP into the nas from the different external IP.
Be sure you reply to my post instead of replying to yourself. I may miss your post if you did not mention me.
So you are certain that every single step be followed as the guide writes? The block SRC is any IP address? And the direction is correct as the guide?
Behind the firewall from a different IP? Do you mean a different router with a different public IP address?
- Copy Link
- Report Inappropriate Content
oh sorry about that and thanks for correcting me about the reply.
i believe i've done it correctly.
- Copy Link
- Report Inappropriate Content
Clive_A wrote
Hi @locn
Thanks for posting in our business forum.
locn wrote
thanks. the description is confusing. none the less I think i've set it up as per the instructions but i can still access the server behind the firewall from a different IP. i'm using SFTP to backup some websites onto a nas so port 22 is open and i've restricted it to the website IP but i can still SFTP into the nas from the different external IP.Be sure you reply to my post instead of replying to yourself. I may miss your post if you did not mention me.
So you are certain that every single step be followed as the guide writes? The block SRC is any IP address? And the direction is correct as the guide?
Behind the firewall from a different IP? Do you mean a different router with a different public IP address?
not sure but i don't think it uploaded the image.
so i'll try here again.
- Copy Link
- Report Inappropriate Content
Clive_A wrote
Hi @locn
Thanks for posting in our business forum.
locn wrote
thanks. the description is confusing. none the less I think i've set it up as per the instructions but i can still access the server behind the firewall from a different IP. i'm using SFTP to backup some websites onto a nas so port 22 is open and i've restricted it to the website IP but i can still SFTP into the nas from the different external IP.Be sure you reply to my post instead of replying to yourself. I may miss your post if you did not mention me.
So you are certain that every single step be followed as the guide writes? The block SRC is any IP address? And the direction is correct as the guide?
Behind the firewall from a different IP? Do you mean a different router with a different public IP address?
no i'm not behind the firewall. i'm logging in from a different public IP to test and it's allowing me to connect using SFTP
- Copy Link
- Report Inappropriate Content
Hi @locn
Thanks for posting in our business forum.
locn wrote
Clive_A wrote
Hi @locn
Thanks for posting in our business forum.
locn wrote
thanks. the description is confusing. none the less I think i've set it up as per the instructions but i can still access the server behind the firewall from a different IP. i'm using SFTP to backup some websites onto a nas so port 22 is open and i've restricted it to the website IP but i can still SFTP into the nas from the different external IP.Be sure you reply to my post instead of replying to yourself. I may miss your post if you did not mention me.
So you are certain that every single step be followed as the guide writes? The block SRC is any IP address? And the direction is correct as the guide?
Behind the firewall from a different IP? Do you mean a different router with a different public IP address?
no i'm not behind the firewall. i'm logging in from a different public IP to test and it's allowing me to connect using SFTP
What about the service you created and the DST IP group?
- Copy Link
- Report Inappropriate Content
Clive_A wrote
Hi @locn
Thanks for posting in our business forum.
locn wrote
Clive_A wrote
Hi @locn
Thanks for posting in our business forum.
locn wrote
thanks. the description is confusing. none the less I think i've set it up as per the instructions but i can still access the server behind the firewall from a different IP. i'm using SFTP to backup some websites onto a nas so port 22 is open and i've restricted it to the website IP but i can still SFTP into the nas from the different external IP.Be sure you reply to my post instead of replying to yourself. I may miss your post if you did not mention me.
So you are certain that every single step be followed as the guide writes? The block SRC is any IP address? And the direction is correct as the guide?
Behind the firewall from a different IP? Do you mean a different router with a different public IP address?
no i'm not behind the firewall. i'm logging in from a different public IP to test and it's allowing me to connect using SFTP
What about the service you created and the DST IP group?
service is SFTP TCP Source Port = 22-22; Destination Port = 22-22
DST IP group is local ip address of NAS 192.168.13.0/24
- Copy Link
- Report Inappropriate Content
Hi @locn
Thanks for posting in our business forum.
locn wrote
Clive_A wrote
Hi @locn
Thanks for posting in our business forum.
locn wrote
Clive_A wrote
Hi @locn
Thanks for posting in our business forum.
locn wrote
thanks. the description is confusing. none the less I think i've set it up as per the instructions but i can still access the server behind the firewall from a different IP. i'm using SFTP to backup some websites onto a nas so port 22 is open and i've restricted it to the website IP but i can still SFTP into the nas from the different external IP.Be sure you reply to my post instead of replying to yourself. I may miss your post if you did not mention me.
So you are certain that every single step be followed as the guide writes? The block SRC is any IP address? And the direction is correct as the guide?
Behind the firewall from a different IP? Do you mean a different router with a different public IP address?
no i'm not behind the firewall. i'm logging in from a different public IP to test and it's allowing me to connect using SFTP
What about the service you created and the DST IP group?
service is SFTP TCP Source Port = 22-22; Destination Port = 22-22
DST IP group is local ip address of NAS 192.168.13.0/24
Should be /32
And the IP should be 192.168.13.X/32.
- Copy Link
- Report Inappropriate Content
Clive_A wrote
Hi @locn
Thanks for posting in our business forum.
locn wrote
Clive_A wrote
Hi @locn
Thanks for posting in our business forum.
locn wrote
Clive_A wrote
Hi @locn
Thanks for posting in our business forum.
locn wrote
thanks. the description is confusing. none the less I think i've set it up as per the instructions but i can still access the server behind the firewall from a different IP. i'm using SFTP to backup some websites onto a nas so port 22 is open and i've restricted it to the website IP but i can still SFTP into the nas from the different external IP.Be sure you reply to my post instead of replying to yourself. I may miss your post if you did not mention me.
So you are certain that every single step be followed as the guide writes? The block SRC is any IP address? And the direction is correct as the guide?
Behind the firewall from a different IP? Do you mean a different router with a different public IP address?
no i'm not behind the firewall. i'm logging in from a different public IP to test and it's allowing me to connect using SFTP
What about the service you created and the DST IP group?
service is SFTP TCP Source Port = 22-22; Destination Port = 22-22
DST IP group is local ip address of NAS 192.168.13.0/24
Should be /32
And the IP should be 192.168.13.X/32.
ok thanks. i'll try that now.
the external IP is 203.xx.xx.144/30 ? i looked up the subnet so is that correct?
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 860
Replies: 18
Voters 0
No one has voted for it yet.