Home

Forums

Stories

Knowledge Base

Business Community > All Threads > Blocking traffic except IPsec VPN traffic (esp port 5432)

< All Threads

Blocking traffic except IPsec VPN traffic (esp port 5432)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Blocking traffic except IPsec VPN traffic (esp port 5432)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Max_TP

2023-03-11 15:36:23

Posts: 3

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2023-03-11

Blocking traffic except IPsec VPN traffic (esp port 5432)

2023-03-11 15:36:23

Tags: #VPN

Model: ER7206 (TL-ER7206)

Hardware Version: V1

Firmware Version: V1.2.3

Hi, guys.

I would like to know if I can block all the traffic except the traffic over the IPsec VPN.

We have AWS RDS (Postgres) database, we would like to block all communication from specific computer except the pgAdmin4 access to the Postgres database.

Router will be only connected to this PC, so far, I created rule "Block all access except THIS COMPUTER and AWS IP". It didn't work.

They I tried to create allow only communication between these two. And the few others, nothing seemed to work. It does block the traffic, but pgAdmin doesn't connect to the DB.

Let me know if you have any suggestions on this. Or if someone else has already done it. Really appreicate it.

Thank you in advance.

Max

5 Reply

Hank21

2023-03-13 06:49:33

Posts: 3673

Helpful: 718

Solutions: 497

Stories: 8

Registered: 2021-12-13

Re:Blocking traffic except IPsec VPN traffic (esp port 5432)

2023-03-13 06:49:33

Hi @Max_TP

Are you using Omada Controller to manage your router? The IPSec VPN tunnel is LAN-to-LAN right?

Try this rules:

Policy: Permit

Direction: LAN->WAN

Source: specific computer IP

Des: database LAN IP

Note you will need another Deny All rule on the end, so it can block all other communication.

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*

Max_TP

LV1

2023-03-13 10:06:56

Posts: 3

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2023-03-11

Re:Blocking traffic except IPsec VPN traffic (esp port 5432)

2023-03-13 10:06:56

@Hank21

Hi Hank,

Thank you for your suggestion.

I tried yours but pgAdmin4 still doesn't connect.

Currently, I have these rules in my firewall.

Hank21

2023-03-13 10:53:32 - last edited 2023-03-13 10:55:30

Posts: 3673

Helpful: 718

Solutions: 497

Stories: 8

Registered: 2021-12-13

Re:Blocking traffic except IPsec VPN traffic (esp port 5432)

2023-03-13 10:53:32 - last edited 2023-03-13 10:55:30

Hi @Max_TP

The block_all rule, what will happen if you change the Source to "Me"?

Can I have more details about your IPSec VPN configuration?

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*

Max_TP

LV1

2023-03-14 01:59:18

Posts: 3

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2023-03-11

Re:Blocking traffic except IPsec VPN traffic (esp port 5432)

2023-03-14 01:59:18

@Hank21

The block_all rule, if I change the Source to "Me", it doesn't block anything.

IPsec VPN is connected to AWS Site-to-Site VPN. There is nothing special about it. In fact, I followed this post here -> https://community.tp-link.com/en/business/forum/topic/515292

However, I found one way to do block traffic:

Basically including https, http, ICMP into firewall rules. But it is not very efficient one. I read somewhere that all ports are closed by default on TP-link router. Not sure if that's true.

But still want to block all ports and internet communication except 5432 which is port for AWS RDS Postgres.

If I can't find good solution to do that, maybe I will just include all of the ports one by one which is tedious task.

Let me know if you have any other ways, Hank!

Thank you.

Hank21

2023-03-14 04:19:30

Posts: 3673

Helpful: 718

Solutions: 497

Stories: 8

Registered: 2021-12-13

Re:Blocking traffic except IPsec VPN traffic (esp port 5432)

2023-03-14 04:19:30

Hi @Max_TP

I have no other idea.

But about how to add the service ports, you can create two service type, so no need to add the ports one by one.

One service type from port 1 to 5431, another service type from port 5433 to 65535.

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*

Max_TP

2023-03-11 15:36:23

Posts: 3

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2023-03-11

Information

Helpful: 0

Replies: 5

Blocking traffic except IPsec VPN traffic (esp port 5432)

Blocking traffic except IPsec VPN traffic (esp port 5432)

Information

Voters 0

Tags