11384 questions

13563 answers

21250 comments

31888 members

0 votes
507 views 1 comments
by

https://community.teltonika-networks.com/?qa=blob&qa_blobid=4634188025944562380

Hi All,

I have a customer is asking me the below questions, could you please help me out with.

I am planning to deploy the test RUT240 (4G) into a production site for some further live tests, and locking down the configuration before rolling it our to all our new sites.  We require port forwarding rules configured so our cloud servers can interact with site equipment. I have the usual port forwarding rules working fine with setting “Any Source IP”.   

Question1: But when I try to lock down a port forwarding rule to accept traffic from a particular source IP, I cannot get it to work (example setting screenshot  below).   I have tried a number of endpoints to no avail. Is there some other setting in the router, that I have overlooked to enable this ?

Question 2: Is it possible in the system logs to record Firewall rule matching? I cannot seem to find any log setting that records this. This is a useful feature so we can see what firewall rules are matched or not and the source IP; port  etc? This is possible in other routers, like even the most basic standard Netgear. I used a Netgear to test and verify the source host IP rules.

Question 3: The manual/Wiki suggests :

Source IP address

ip; Default: " "

Matches incoming traffic from this IP or range of IPs only

Source port

integer [0..65535] | range of integers [0..65534] - [1..65535]; Default: " "

Matches incoming traffic originating from the given source port or port range on the client host only

External IP address

ip; Default: " "

Matches incoming traffic directed at the given IP address only

External port

integer [0..65535] | range of integers [0..65534] - [1..65535]; Default: " "

S

Assuming we can get 1 IP to work (Q1) What is the syntax to define a range of IPs?

 

Question 4: I am confused by the difference/meaning of Source IP vs External IP

Thanks in advance.

Mohsen

1 Answer

0 votes
by

Hello,

1. Try setting only External and Internal ports, and leave Source port as any. Since most likely you are not leaving yours network on this port if you are connecting through router or any other NAT device. AND make sure that source IP you are setting in port forwarding rule is Public IP.

2. As of now there are no Firewall logs reachable through GUI, even though functionality like that is considered for future FW releases. In the following thread there is couple of examples how you can see firewall logs using CLI: https://community.teltonika-networks.com/15284/rutx11-log-specific-firewall-rule-hit 

3. Range of IPs is defined by Network IP address and its subnet using Most common Private IP range as example putting in the rule source IP as 192.168.1.0/24 (/24 subnet)  would accept connection from all IPs from 192.168.1.1 to 192.168.1.254, Setting IP range to 192.168.1.0/28 would accept connections from 192.168.1.1 to 192.168.1.14. If you want that IPs from totally different Networks would be able to go through Port Forward, you will have to create separate rules for them.

4. Source IP address is Public address of a device that is connecting to the router, while External IP is Public address of a router that you are setting Port forwarding:

Device that is connecting (Source IP/Port)--->(internet)--->(External IP/Port) Router with port forward--->(LAN)--->(internal IP Address/Port) Device receiving port forward connection.

Hope this helps.
Best Regards,
VidasKac.

by
Thanks.

Much appreciated.