11-21-2012 04:40 PM - edited 03-11-2019 05:26 PM
I have a RV042 in one office and we are moving to a VOIP telephone system.
They requested a bunch of ports open, and I wanted to make sure that only thier IP addresses get into the local net.
I setup port forwarding to forward ports internally to their phone server, and then I setup firewall access rules only allowing their IP addresses into that phone server.
Now it seems as if all of the ports I forwarded are wide open!
What did I do wrong?
Any help is greatly appreciated!
Ant
Solved! Go to Solution.
11-21-2012 08:30 PM
Hello Anthony,
You can do print/screen if you like ( easier,faster)
Regards
11-21-2012 04:53 PM
Now it seems as if all of the ports I forwarded are wide open!
What do you mean, do you mean anyone can access it??
Can you share the configuration you used on that router
11-21-2012 05:39 PM
I am unsure as to how to do that?
Do I need to telnet/ssh into the router?
Thanks
Anthony
11-21-2012 08:30 PM
Hello Anthony,
You can do print/screen if you like ( easier,faster)
Regards
11-22-2012 07:33 AM
Here you go.
Thanks again!
11-22-2012 09:00 AM
Hello Anthony Wood,
It is difficult to check the configuration with the screenshots but I will try to help you,
What you need to do with the ACL on the WAN interface is to allow traffic to the WAN interface ip address on the right ports ( SIP.HTTPS,FTP,etc) and then just configure a deny IP any any so you can allow the traffic required and then deny the rest of them,
Also how did you test the router is open to the outside world?
11-22-2012 05:29 PM
I used a port scanner and it came back that ftp, telnet and http were open.
I am not sure what you mean by this.
"What you need to do with the ACL on the WAN interface is to allow traffic to the WAN interface ip address on the right ports ( SIP.HTTPS,FTP,etc) "
Are you saying to create a rule for every outside VOIP address to access WAN IP address, for every protocol needed?
Also if you need clarification on somehting let me know.
Thanks
Anthony
11-22-2012 09:27 PM
Are you saying to create a rule for every outside VOIP address to access WAN IP address, for every protocol needed?
Exactly. that would be the most secure desing, now it will be the less scalable and easy to configure. So as this is a voice desing and there are going to be random ip addresses connecting permit just the right ports on the outside from any to the right TCP/UDP ports and then just a deny IP any/any on that outside interface.
Regards.
Remember to rate all of the helpful posts
*** How to rate a post, mark the stars on the bottom of each reply, 5 being a thanks for the good answer 1 being a bad answer********
11-23-2012 07:44 AM
What is "desing"?
Do the port forward rules apply to traffic before the firewall rules?
Thanks!
11-23-2012 09:36 AM
I mean design
No, NAT goes afterwards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide