limit specific IP to access to internal server

limit specific IP to access to internal server

limit specific IP to access to internal server
limit specific IP to access to internal server
2024-05-23 07:45:53 - last edited 2024-05-23 08:07:58
Model: ER706W-4G  
Hardware Version: V1
Firmware Version: ER706W-4G_V1_1_0 1.20231129.54168(4555)

Hi

 

Need some help with the following issue.

 

I want to open up port 22 but then restrict which external IP can access it.

 

I've tried to follow these instructions but it's so confusing.

 

https://www.tp-link.com/us/support/faq/2026/

 

 

Any help would be appreciated.

  0      
  0      
#1
Options
18 Reply
Re:limit specific IP to access to internal server
2024-05-23 08:06:58

Hi @locn 

Thanks for posting in our business forum.

Please specify your question. What part is confusing?

It is using two rules one allow and one deny. That's the common way to set up limited access in ACL.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#2
Options
Re:limit specific IP to access to internal server
2024-05-23 08:11:49
thanks. the description is confusing. none the less I think i've set it up as per the instructions but i can still access the server behind the firewall from a different IP. i'm using SFTP to backup some websites onto a nas so port 22 is open and i've restricted it to the website IP but i can still SFTP into the nas from the different external IP.
  0  
  0  
#3
Options
Re:limit specific IP to access to internal server
2024-05-23 08:15:39

Hi @locn 

Thanks for posting in our business forum.

locn wrote

thanks. the description is confusing. none the less I think i've set it up as per the instructions but i can still access the server behind the firewall from a different IP. i'm using SFTP to backup some websites onto a nas so port 22 is open and i've restricted it to the website IP but i can still SFTP into the nas from the different external IP.

Be sure you reply to my post instead of replying to yourself. I may miss your post if you did not mention me.

 

So you are certain that every single step be followed as the guide writes? The block SRC is any IP address? And the direction is correct as the guide?

Behind the firewall from a different IP? Do you mean a different router with a different public IP address?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#4
Options
Re:limit specific IP to access to internal server
2024-05-23 08:20:33

  @Clive_A 

 

oh sorry about that and thanks for correcting me about the reply.

 

i believe i've done it correctly.

 

  0  
  0  
#5
Options
Re:limit specific IP to access to internal server
2024-05-23 08:21:53

Clive_A wrote

Hi @locn 

Thanks for posting in our business forum.

locn wrote

thanks. the description is confusing. none the less I think i've set it up as per the instructions but i can still access the server behind the firewall from a different IP. i'm using SFTP to backup some websites onto a nas so port 22 is open and i've restricted it to the website IP but i can still SFTP into the nas from the different external IP.

Be sure you reply to my post instead of replying to yourself. I may miss your post if you did not mention me.

 

So you are certain that every single step be followed as the guide writes? The block SRC is any IP address? And the direction is correct as the guide?

Behind the firewall from a different IP? Do you mean a different router with a different public IP address?

  @Clive_A 

 

not sure but i don't think it uploaded the image.

so i'll try here again.

 

  0  
  0  
#6
Options
Re:limit specific IP to access to internal server
2024-05-23 08:27:11

Clive_A wrote

Hi @locn 

Thanks for posting in our business forum.

locn wrote

thanks. the description is confusing. none the less I think i've set it up as per the instructions but i can still access the server behind the firewall from a different IP. i'm using SFTP to backup some websites onto a nas so port 22 is open and i've restricted it to the website IP but i can still SFTP into the nas from the different external IP.

Be sure you reply to my post instead of replying to yourself. I may miss your post if you did not mention me.

 

So you are certain that every single step be followed as the guide writes? The block SRC is any IP address? And the direction is correct as the guide?

Behind the firewall from a different IP? Do you mean a different router with a different public IP address?

  @Clive_A 

 

no i'm not behind the firewall. i'm logging in from a different public IP to test and it's allowing me to connect using SFTP

  0  
  0  
#8
Options
Re:limit specific IP to access to internal server
2024-05-23 08:59:01

Hi @locn 

Thanks for posting in our business forum.

locn wrote

Clive_A wrote

Hi @locn 

Thanks for posting in our business forum.

locn wrote

thanks. the description is confusing. none the less I think i've set it up as per the instructions but i can still access the server behind the firewall from a different IP. i'm using SFTP to backup some websites onto a nas so port 22 is open and i've restricted it to the website IP but i can still SFTP into the nas from the different external IP.

Be sure you reply to my post instead of replying to yourself. I may miss your post if you did not mention me.

 

So you are certain that every single step be followed as the guide writes? The block SRC is any IP address? And the direction is correct as the guide?

Behind the firewall from a different IP? Do you mean a different router with a different public IP address?

  @Clive_A 

 

no i'm not behind the firewall. i'm logging in from a different public IP to test and it's allowing me to connect using SFTP

What about the service you created and the DST IP group?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#9
Options
Re:limit specific IP to access to internal server
2024-05-23 09:25:15

Clive_A wrote

Hi @locn 

Thanks for posting in our business forum.

locn wrote

Clive_A wrote

Hi @locn 

Thanks for posting in our business forum.

locn wrote

thanks. the description is confusing. none the less I think i've set it up as per the instructions but i can still access the server behind the firewall from a different IP. i'm using SFTP to backup some websites onto a nas so port 22 is open and i've restricted it to the website IP but i can still SFTP into the nas from the different external IP.

Be sure you reply to my post instead of replying to yourself. I may miss your post if you did not mention me.

 

So you are certain that every single step be followed as the guide writes? The block SRC is any IP address? And the direction is correct as the guide?

Behind the firewall from a different IP? Do you mean a different router with a different public IP address?

  @Clive_A 

 

no i'm not behind the firewall. i'm logging in from a different public IP to test and it's allowing me to connect using SFTP

What about the service you created and the DST IP group?

  @Clive_A 

 

service is SFTP    TCP    Source Port = 22-22; Destination Port = 22-22

DST IP group is local ip address of NAS 192.168.13.0/24

  0  
  0  
#10
Options
Re:limit specific IP to access to internal server
2024-05-23 09:29:56

Hi @locn 

Thanks for posting in our business forum.

locn wrote

Clive_A wrote

Hi @locn 

Thanks for posting in our business forum.

locn wrote

Clive_A wrote

Hi @locn 

Thanks for posting in our business forum.

locn wrote

thanks. the description is confusing. none the less I think i've set it up as per the instructions but i can still access the server behind the firewall from a different IP. i'm using SFTP to backup some websites onto a nas so port 22 is open and i've restricted it to the website IP but i can still SFTP into the nas from the different external IP.

Be sure you reply to my post instead of replying to yourself. I may miss your post if you did not mention me.

 

So you are certain that every single step be followed as the guide writes? The block SRC is any IP address? And the direction is correct as the guide?

Behind the firewall from a different IP? Do you mean a different router with a different public IP address?

  @Clive_A 

 

no i'm not behind the firewall. i'm logging in from a different public IP to test and it's allowing me to connect using SFTP

What about the service you created and the DST IP group?

  @Clive_A 

 

service is SFTP    TCP    Source Port = 22-22; Destination Port = 22-22

DST IP group is local ip address of NAS 192.168.13.0/24

Should be /32

And the IP should be 192.168.13.X/32.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#11
Options
Re:limit specific IP to access to internal server
2024-05-23 09:34:03

Clive_A wrote

Hi @locn 

Thanks for posting in our business forum.

locn wrote

Clive_A wrote

Hi @locn 

Thanks for posting in our business forum.

locn wrote

Clive_A wrote

Hi @locn 

Thanks for posting in our business forum.

locn wrote

thanks. the description is confusing. none the less I think i've set it up as per the instructions but i can still access the server behind the firewall from a different IP. i'm using SFTP to backup some websites onto a nas so port 22 is open and i've restricted it to the website IP but i can still SFTP into the nas from the different external IP.

Be sure you reply to my post instead of replying to yourself. I may miss your post if you did not mention me.

 

So you are certain that every single step be followed as the guide writes? The block SRC is any IP address? And the direction is correct as the guide?

Behind the firewall from a different IP? Do you mean a different router with a different public IP address?

  @Clive_A 

 

no i'm not behind the firewall. i'm logging in from a different public IP to test and it's allowing me to connect using SFTP

What about the service you created and the DST IP group?

  @Clive_A 

 

service is SFTP    TCP    Source Port = 22-22; Destination Port = 22-22

DST IP group is local ip address of NAS 192.168.13.0/24

Should be /32

And the IP should be 192.168.13.X/32.

  @Clive_A 

 

ok thanks. i'll try that now.

the external IP is 203.xx.xx.144/30 ? i looked up the subnet so is that correct?

  0  
  0  
#12
Options