WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

RUT955 LAN firewall open specific address

0 votes
428 views 13 comments
by anonymous
Hi,

All is working fine with OpenVPN Cloud. I would like from device connected on LAN to reach specific IP address (Azure Cloud) on internet via the mobile WAN. How to set such connection ?

Best regards,

Pat

1 Answer

0 votes
by anonymous
Hi,

Based on your comment, it seems like you need to implement a policy-based routing solution. To get this solution to work, you can try one of the following options:

VPN Policy Routing:

https://wiki.teltonika-networks.com/wikibase/index.php?title=OpenVPN_traffic_split&mobileaction=toggle_view_desktop

Advanced static routes:

https://wiki.teltonika-networks.com/view/RUT955_Routing#Advanced_Static_Routes

Also, I will drop a link below from another query on the forum related to this topic:

https://community.teltonika-networks.com/39990/configure-three-different-clients-route-different-devices

Please let me know if this solution helps you with your query. I will keep an eye on your comments.

Regards.
Best answer
Show 8 previous comments
by anonymous

Hi adevs,

I have blocked all internet traffic as described. I would like add a rule to let the device to synchronize with external NTP server (time.windows.com) by adding a rule to UDP with port 123, but it doesn't work. I need to add any other rule ?

If I disabled the rule blockTraffic it's working.

by anonymous
Hi,

Could you please verify the source UDP port from your NTP client is in deed 123 when it's trying to establish a connection with the server? As a test, you can let all the source UDP ports from your LAN connect to the internet or let them reach the specific Windows NTP server UDP port 123.

The other possible cause could be the router is not updating its firewall rules order and is currently reading the block-traffic rule first. You could try to enter the Command-Line interface and execute the following command:

/etc/init.d/firewall restart

Please wait for a couple of minutes and check.

If anything from the above doesn't work, please try rebooting the device to be sure it has a clean boot and check again.

I will be waiting for your feedback.

Regards.
by anonymous

Ok, it's my request in the cmd that use another port, but  windows 10 sync use port 123.

I need to reach server for Widows Update, I set a rule for TCP port 443 and 80. But I guess it's not the best solution ?

Is it possible to create a whitelist (http://windowsupdate.microsoft.com, ...., ..... ,  etc...)  ?

by anonymous
Hi,

It is possible to create a white list; however, it might not work if you are currently blocking all the traffic to the internet.

Below you can find more information related to this function:

https://wiki.teltonika-networks.com/view/RUT955_Web_Filter

Based on your comments, here are some suggested options that might work for you:

1. You could specify the server IP address on the traffic rule. (Through a nslookup command in the CMD, you can get this IP address).

2. Let the LAN-Connected devices reach any server listening to a specific port. (Your current solution)

3. Combining the options above.

However, it seems that the last two questions are no longer inside the initial query scenario. Therefore, following the forum best practices, I will kindly ask you to submit another query for these upcoming questions regarding Traffic rule configuration since your initial query subject is no longer the issue.

Regards.
by anonymous
Hi adevs,

Thank you very much for your great support !

Regards,

Pat