traffic not being blocked by IP
I have an ER7206 that I setup a virtual server on and I need to restrict it to specific IPs that are allowed to connect, and block everything else.
Under NAT->Virtual Servers I have an IP set for the station I want external access to
Under Service Type I added the service and port information
Under IP Groups I have a group (PUBLICIPS) set with the public IP range I want to have access to the server (after adding the IPs into the IP Addresses list)
Under IP Groups I have the IP set of the machine I want external access to
Under Firewall->Access Control I have 2 rules
Rule #1 allows the traffic to the server.
Direction is WAN IN
Source is the IP group (PUBLICIPS) that I want to allow access from
Destination is the IP of the server I want to connect to
Rule #2 is the blocking rule
Direction is WAN IN
Source is IPGROUP_ANY
Destination is the IP of the server from Rule #1
With this config I can still connect from any external IP. It's not blocking IPs outside of the PUBLICIPS group. I even tried connecting from my cell phone (not on wifi) and I'm able to conenct.
If I disable the virtual server i do lose access, so at least that is working.