Menu
What's new
By:
Filters Better Search

Wan to Lan filter?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I

IrishVillain

New Around Here
I just bought a RT-N66U N900 device and I have most of my setup done however I want to restrict access to port forwarded ports.

e.g. I enable port foward for say 22 to a lan ip but only want to allow access from a specific public IP

I can't see how to do that, I can only see LAN to WAN filters?
 
So, i understand where you are coming from, but do know that this isn't remotely a foolproof method of security, even when filtering by MAC addresses.

if you still desire this, it can be done if you install asuswrt-merlin. you will need to format/enable JFFS. then you simply add the following to a file, /jffs/firewall-start

Code: 
#!/bin/sh
iptables -t nat -A PREROUTING -p tcp -m tcp -s ALLOWEDIP -d `nvram get wan0_ipaddr` --dport PORTNUMBER -j DNAT --to LANIP

replace ALLOWEDIP, PORTNUMBER and LANIP accordingly. remove the old rule from the webui
 
sinshiva said:
So, i understand where you are coming from, but do know that this isn't remotely a foolproof method of security, even when filtering by MAC addresses.

if you still desire this, it can be done if you install asuswrt-merlin. you will need to format/enable JFFS. then you simply add the following to a file, /jffs/firewall-start

Code: 
#!/bin/sh
iptables -t nat -A PREROUTING -p tcp -m tcp -s ALLOWEDIP -d `nvram get wan0_ipaddr` --dport PORTNUMBER -j DNAT --to LANIP

replace ALLOWEDIP, PORTNUMBER and LANIP accordingly. remove the old rule from the webui
Click to expand...
Thanks, it's not foolproof but it's a hell of a lot better than just having it open and relying on password!

I managed to get this done by editing iptables on the standard firmware

iptables -t nat -A VSERVER -p tcp -m tcp -s $ipRange/25 --dport 22 -j DNAT --to-destination 192.168.1.101:22

Just seems bizarre the system has a LAN to WAN filter but not WAN to LAN!
 
IrishVillain said:
Thanks, it's not foolproof but it's a hell of a lot better than just having it open and relying on password!

I managed to get this done by editing iptables on the standard firmware

iptables -t nat -A VSERVER -p tcp -m tcp -s $ipRange/25 --dport 22 -j DNAT --to-destination 192.168.1.101:22

Just seems bizarre the system has a LAN to WAN filter but not WAN to LAN!
Click to expand...

the problem with this is the rule won't persist across reboots. with asuswrt-merlin, there's various scripts and config overrides you can use, stored in JFFS. JFFS can be enabled for the official firmware, but it's only used as a storage location for logging, etc.
 
You must log in or register to reply here.

Similar threads

S
Troubleshooting Access Point Connectivity: WAN vs. LAN Port Issue
Replies
2
Views
215
Shasoosh
S
T
Open ports on WAN for service running on the router
Replies
8
Views
739
ColinTaylor
C
C
ASUS RT-AX86U Pro - WAN Notice
Replies
4
Views
633
chrisrossetti
C
S
ASUS RT-N65R wan port 100 mbps
Replies
7
Views
2K
sfx2000
sfx2000
P
Accessing remotly Server While Using VPN on Asus Router with Merlin Firmware
Replies
9
Views
201
eibgrad
eibgrad
Similar threads
Thread starter Title Forum Replies Date
S ASUS RT-N65R wan port 100 mbps ASUS N Routers & Adapters 7

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 703 (members: 33, guests: 670)
Top