cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

596
Views
4
Helpful
9
Replies
Highlighted
Beginner

Port forwarding and firewall rules

I have a RV042 in one office and we are moving to a VOIP telephone system.

They requested a bunch of ports open, and I wanted to make sure that only thier IP addresses get into the local net.

I setup port forwarding to forward ports internally to their phone server, and then I setup firewall access rules only allowing their IP addresses into that phone server.

Now it seems as if all of the ports I forwarded are wide open!

What did I do wrong?

Any help is greatly appreciated!

Ant

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Port forwarding and firewall rules

Hello Anthony,

You can do print/screen if you like ( easier,faster)

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

9 REPLIES 9
Highlighted

Port forwarding and firewall rules

Now it seems as if all of the ports I forwarded are wide open!

What do you mean, do you mean anyone can access it??

Can you share the configuration you used on that router

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Highlighted
Beginner

Port forwarding and firewall rules

I am unsure as to how to do that?

Do I need to telnet/ssh into the router?

Thanks

Anthony

Highlighted

Port forwarding and firewall rules

Hello Anthony,

You can do print/screen if you like ( easier,faster)

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Highlighted
Beginner

Port forwarding and firewall rules

Here you go.

Thanks again!

Highlighted

Port forwarding and firewall rules

Hello Anthony Wood,

It is difficult to check the configuration with the screenshots but I will try to help you,

What you need to do with the ACL on the WAN interface is to allow traffic to the WAN interface ip address on the right ports ( SIP.HTTPS,FTP,etc) and then just configure a deny IP any any so you can allow the traffic required and then deny the rest of them,

Also how did you test the router is open to the outside world?

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Highlighted
Beginner

Re: Port forwarding and firewall rules

I used a port scanner and it came back that ftp, telnet and http were open.

I am not sure what you mean by this.

 "What you need to do with the ACL on the WAN interface is to allow  traffic to the WAN interface ip address on the right ports (  SIP.HTTPS,FTP,etc) "

Are you saying to create a rule for every outside VOIP address to access WAN IP address, for every protocol needed?

Also if you need clarification on somehting let me know.

Thanks

Anthony

Highlighted

Re: Port forwarding and firewall rules

Are you saying to create a rule for every outside VOIP address to access WAN IP address, for every protocol needed?

     Exactly. that would be the most secure desing, now it will be the less scalable and easy to configure. So as this is a voice desing and there are going to be random ip addresses connecting permit just the right ports on the outside from any to the right TCP/UDP ports and then just a deny IP any/any on that outside interface.

Regards.

Remember to rate all of the helpful posts

*** How to rate a post, mark the stars on the bottom of each reply, 5 being a thanks for the good answer 1 being a bad answer********

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Highlighted
Beginner

Re: Port forwarding and firewall rules

What is "desing"?

Do the port forward rules apply to traffic before the firewall rules?

Thanks!

Highlighted

Re: Port forwarding and firewall rules

I mean design

No, NAT goes afterwards.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC