Ask a question

3527 questions

4381 answers

6494 comments

4677 members

Ask a question
0 votes
138 views 0 comments
in Networks by
Hi to all, I'm working on a RUT230 with updated firmware to RUT2XX_R_00.01.11.3.

I can't understand how NAT and firewall works.
I'm working from static public IP: let's say 92.145.15.15

My firewall rules (traffic rules) are:

1) "allow myself input":
- protocol = ALL
- source = from IP 92.145.15.15 in wan
- destination = To any router IP on this device
- action = accept input
- status = enabled

2) "allow myself forward":
- protocol = ALL
- source = from IP 92.145.15.15 in wan
- destination = To any host in any zone
- action: accept forward
- status = enabled

3) "drop all input":
- protocol = ALL
- source =From any host in wan
- destination = To any router IP on this device
- action = discard input
- status = enabled

3) "drop all forward":
- protocol = ALL
- source =From any host in wan
- destination = To any host in any zone
- action = discard forward
- status = enabled

In this case I can access to RUT230 only from my IP.

I set port forwarding to access to device behind RUT230
1) "SSH 2222":
- protocol = ALL
- source = From any host in wan
- via  = To any router IP at port 2222
- destination = Forward to IP 192.168.1.10, port 22 in lan
- status = enabled

The only way to access on device behind RUT230 is to disable firewall rule "drop all forward".
Why if I already allow forward traffic through rule  "allow myself forward"?
I also added following rule before all others:
"Forward 2222":
- protocol = ALL
- source = from IP 92.145.15.15 in wan
- destination = To any host, port 2222 in lan
- action = accept forward
- status = enabled

with no success.
What's wrong? Thanks.

1 Answer

0 votes
by
Hi elberto,

Can you tell me the end result of the solution?
You want, only with specific IP through WAN side reach device behind router via LAN interface, correct?

Will be waiting for your response.
Regards