12-23-2020 08:33 AM
I'd like to do the following on an RV345P.
Allow access from external IP address x.x.x.x only on port 50443 which is NAT'd/port forwarded to port 443 on internal IP address 192.168.1.250
I can see how to do this in port forwarding but creating the rule opens traffic from any external IP address. Do I need an access rule also?
Many thanks in advance.
Solved! Go to Solution.
12-23-2020 12:27 PM
Thanks @Georg Pauwen
I think the access would work but theres no way to change the port from 50443 to 443 in an access list
12-23-2020 09:05 AM
just port-forwarding should work. - if the internal IP aware by RV345
12-23-2020 09:18 AM
Thanks @bb - but that would allow access from any external IP address - I want to limit access to a specific IP address.
12-23-2020 09:51 AM
the example to get information - Since most of the config done one GUI only on RV series models -
yes same way make a rule source x.x.x.x (50443) to destination 192.168.1.250(443)
x.x.x.x is already routed to you from your provider ?
12-23-2020 10:26 AM
Hi @bb
I want to allow access from IP address x.x.x.x only (my work address) to y.y.y.y which is the external address of my RV345P, on port 50443 which is NAT'd/port forwarded to port 443 on internal IP address 192.168.1.250
12-23-2020 11:24 AM
Hello,
I think what you need is an access rule. The problem is that the RV345 is not a full IOS router, so I am not sure you can apply an access list in the traditional way to the outside (WAN) interface. Have a look at the example below. If the source is the IP address of your home router, and the destination either the IP address of your WAN interface, or 'any', this might work...
12-23-2020 12:27 PM
Thanks @Georg Pauwen
I think the access would work but theres no way to change the port from 50443 to 443 in an access list
12-23-2020 12:56 PM
Hello Mikey,
Unfortunately, you can't filter specific external public address with the RV340 access rule nor you can do port-forwarding with a specific external IP address.
Regards,
Martin
12-24-2020 04:21 AM
Hello,
I think it would work if you just block the outside port, that is what you are connecting to anyway. The access list does not need to know about the inside port, as this is just happening internally.
12-24-2020 04:14 AM
Thanks all - I'll have to stick with standard ports and restrict access to my work IP address using access rules instead of port forwarding.
03-22-2021 02:05 PM - edited 03-22-2021 02:07 PM
Hi, I've got an RV260 and have set up what I think you are describing but I'm not sure if they run the same firmware though. This is how I'd set up your config on mine like this :-
Set up in Service Management
svc_50443 for port 50443
svc_00443 for port 443
Port Forwarding
External Service = svc_50443
Internal Service = svc_00443
Internal IP = 192.168.1.250
Interfaces = WAN
That config should allow you to come in from anywhere on the Internet via public.ip:50443 and it will pass through to 192.168.1.250:443 so you now need to set up the access rules otherwise it's open.
Access Rules
Allow / svc_00443 / WAN / [Your work IP] / VLAN1 / Any
Deny / All Traffic / WAN / ANY / VLAN1 / Any
On the RV260 there seems to be a significant issue if you think you add an ACL to limit it to certain public IP addresses. The Port Forwarding rule defaults to, and opens up, VLAN1 whereas the built in DENY ALL only blocks to VLAN.
03-29-2021 01:51 AM
Many thanks @SteveC67771
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide