Solved: Blocking ports from WAN to LAN SRP 527W

sky_valley · ‎08-05-2011

Hi all,

Just purchased a Cisco SRP 527W router.

I have been trying to figure outhow to block Telnet access from WAN to LAN (VLAN) and in the Firewall section I can only see the option to block from LAN To WAN.

I'm sure its simple but I'm just not seeing it. Can someone please point me in the right direction?

Andrew Hickman · ‎08-05-2011

Port forwarding only opens port 25 in this case. If someone attempts to use port 23 (or any other port for that matter) the traffic will be dropped.

Of course, it would be possible for someone to attempt to open a telnet session on port 25- but your server should deal with that (i.e. it only binds the SMTP app to that port).

Andy

View solution in original post

Andrew Hickman · ‎08-05-2011

Hi Ewhen,

All WAN to LAN ports are blocked by default. Ports are effectively only opened when you create an port forwarding rule.

For the SRP527, it is not possible to define any further granualarity.

Andy

sky_valley · ‎08-05-2011

Hi Andy,

Thanks for the response.

That makes sense, kind of. I have a port 25 forward to mail server, which is fine. But I then wanted to block port 23 to that address to stop external people being able to telnet to the exchange server via external address. I assume this allows it through becuase you are telneting via port 25 which is open.

Is there any way of curing this without having to block port 23 access on the server itself?

Andrew Hickman · ‎08-05-2011

Port forwarding only opens port 25 in this case. If someone attempts to use port 23 (or any other port for that matter) the traffic will be dropped.

Of course, it would be possible for someone to attempt to open a telnet session on port 25- but your server should deal with that (i.e. it only binds the SMTP app to that port).

Andy