FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

12678 questions

15063 answers

24129 comments

47079 members

0 votes
340 views 5 comments
by

Hello,

I have a question about access restriction for RS323 from specific IP.
GUI RS323 allows me to add only one IP from WAN interface.
/edit: I've found that GUI allows to add many IP/

There is no rule for RS at traffic rules so I suppose that should be done via Custom rules in iptables.

Could you provide me information how that must look like? (for RS)

In topic ( https://community.teltonika-networks.com/16091/traffic-rules-duplicate-rules?show=16098#a16098 ) I've asked about that rules for HTTP access to remote access (port 80) but the answer was not to use -A ... and that does not work also.

Summary:
1. How to perform IP restriction for RS323?
2. How to run IP restriction for HTTP remote access?

Best regards,
Grzegorz

1 Answer

0 votes
by

Hello Grzegorz,

You can set up the router to only allow certain IP addresses to have access to the RS232 device. That can be done at the very bottom of the RS232 settings page (use the latest FW version). You will need to select from which interface you want to allow the access and then specify the IP address/range:

Regarding the HTTP access, you will need to go to FIREWALL > TRAFFIC RULES section, then find "Enable_HTTP_WAN" and press edit. When configuration window opens you will need to add IP address/range in "Source IP address" section.

You can find more information here: https://wiki.teltonika-networks.com/view/RUT955_Firewall

Regards,
Justin

by

Hello,

as I edited my post after posting it I have found in new firmware option to add many "Allowed IP" to RS323.
But for router I want to add 2-3 (specific) IP address that are allowed to login to router.

For port forwarding I can duplicate rules but not for Traffic rules.

Traffic rules allows me to add only one IP address that can log in to router via HTTP or HTTPS.
In topic dedicated to traffic rules (from my post) I was informed by Apr that I need to use iptables instead of Traffic rules.
I've done it with and without "append", with short and long form... in "Custom rules" and still can connect from Source IP not listed in iptables rules.

by
In order to allow remote access to the device from more than one IP/range you will need to create separate traffic rules for each IP. The settings on each new rule should be the same as in the first one only IP should differ.

Regards,
Justin
by

Am I able to create new traffic rule?
For Teltonika RUT230 with fv 00.01.11.2 there is no option to create new traffic rule (I can modify unused), same for Teltonika RUT955 with fv 00.06.06.1. Unless we are talking about: 

  • Open Ports On Router
  • New Forward Rule
  • Source NAT
  • New Source NAT

Port forwarding does not allows me to create rule for the device.

Regards,
Grzegorz

by
You can create new "Traffic rule" in "Open Ports On Router" section.

Simply write Name, select Protocol, add External port and press Add button. Then a new "Traffic rule" will appear in the list, which you will be able to edit and add additional settings.

Regards,
Justin
by
Thank you, that method works perfectly.
We can close this topic.

Thank you Justin,
best regards,
Grzegorz