DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
2910 Firewall set up
- shadetek
- Topic Author
- Offline
- Banned
Less
More
- Posts: 5
- Thank you received: 0
20 Aug 2009 10:57 #57314
by shadetek
2910 Firewall set up was created by shadetek
I am trying to set up a simple firewall rule on my 2910 which I cannot get to work. It is to block internet access (and allow FTP) to one specific IP address on the network which is a server. It's address is 192.168.170.108. I make a rule in the data rules section of the firewall section.
Settings:
The source IP address setting is "192.168.170.108"
The destination IP address is "any"
Service type is user defined
Protocol type is TCP/UDP
Source port is 80 to port ~80
Destination port is 80 to ~80
Scroll boxes for the ports are both set to =
I check the tick box to enable the rule,
When I go to the "blocked" PC, it can access the internet with no problems. What am I doing wrong? Any help appreciated.
PS. I must point out if I select "ANY" in the service type, it will block everything from that PC to the outside world, which is of course what I don't want. Also, I can't help notice my current firmware level, 3.2.2, is one more than is actually available for download...IE 3.2.1!?
Settings:
The source IP address setting is "192.168.170.108"
The destination IP address is "any"
Service type is user defined
Protocol type is TCP/UDP
Source port is 80 to port ~80
Destination port is 80 to ~80
Scroll boxes for the ports are both set to =
I check the tick box to enable the rule,
When I go to the "blocked" PC, it can access the internet with no problems. What am I doing wrong? Any help appreciated.
PS. I must point out if I select "ANY" in the service type, it will block everything from that PC to the outside world, which is of course what I don't want. Also, I can't help notice my current firmware level, 3.2.2, is one more than is actually available for download...IE 3.2.1!?
Please Log in or Create an account to join the conversation.
- njh
- Offline
- Member
Less
More
- Posts: 306
- Thank you received: 0
20 Aug 2009 12:40 #57317
by njh
2900Gi/v2.5.6; 2900/v2.5.6
Replied by njh on topic 2910 Firewall set up
If you wanted to block http browsing only, change your source port to ANY, but I don't think this is what you are aiming at. It would still allow all sorts of traffic such as https (port 443), telnet, p2p etc.
If the PC is only going to contact the outside world by ftp, your first rule should be Source IP, any ports, any protocol, block if no further match.
You should then have another rule to allow FTP - Source IP, source port = any, destination port = 21, protocol = TCP, allow.
If the PC is only going to contact the outside world by ftp, your first rule should be Source IP, any ports, any protocol, block if no further match.
You should then have another rule to allow FTP - Source IP, source port = any, destination port = 21, protocol = TCP, allow.
2900Gi/v2.5.6; 2900/v2.5.6
Please Log in or Create an account to join the conversation.
- shadetek
- Topic Author
- Offline
- Banned
Less
More
- Posts: 5
- Thank you received: 0
20 Aug 2009 13:16 #57319
by shadetek
Replied by shadetek on topic 2910 Firewall set up
I worked it out by using the [ != port 21]. I.E., Only port 21 using UDP packets can get through.
Please Log in or Create an account to join the conversation.
- njh
- Offline
- Member
Less
More
- Posts: 306
- Thank you received: 0
Moderators: Chris, Sami
Copyright © 2024 DrayTek