Netopia R7200 Built in Firewall- how to lock out telnet

Posted on 2008-11-07
Last Modified: 2013-12-14

I have a customer that has (x)DSL through my company. They have a Netopia R7200, an they require telnet to be turned off to all IPs except IP address on my companies network for remote managment.
I have been able to get this done, but after I applied the rule set, I cant VPN out from a PC behind the router.
Im sure I'm doing something wrong, and was wondering if someone could look the rule set:

+-#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D.Port--On?-Fwd-+
   | 1    209.227.X.X    207.244.X.X   TCP   NC       =23     Yes Yes |
   | 2            TCP   NC       =2000   Yes No  |
   | 3            TCP   NC       =6000   Yes No  |
   | 4            ICMP  NC       NC      Yes Yes |
   | 5            TCP   NC       >1023   Yes Yes |
   | 6            UDP   NC       >1023   Yes Yes


Question by:gravydog88
    LVL 9

    Expert Comment

    At first glance, it looks there is no rule set for any VPN ports, 1723 & 43 (PPTP) or 115 (L2TP).  
    Also, it appears the telnet port is being forwarded versus "terminating" the telnet at the router itself.  If you are trying to set telnet acccess ONLY to the router via the WAN, try setting Fwd Off.

    Author Comment


     1            TCP   NC       =2000   Yes No  |
       | 2            TCP   NC       =6000   Yes No  |
       | 3    209.227.X.X           TCP   NC       =23     Yes No  |
       | 4            ICMP  =8       NC      Yes No  |
       | 5            ICMP  NC       NC      Yes Yes |
       | 6            TCP   NC       NC      Yes Yes |
       | 7            UDP   NC       NC      Yes Yes

    I have updated the Built in Firewall. I was able to get VPN to work by No compare to Dest Port. Im still having trouble getting telnet limited to a single fixed address beyond the routers LAN.
    I would like 209.*.*.21 to telnet to the WAN IP of the router, and deny all other IPs


    LVL 9

    Accepted Solution

    GD, if i am understanding your requirement, you are trying to restrict telnet access to the netopia via wan IP.... correct?  
    If the R7200 is like other Netopia's, I suspect Source & Dest IP Addresses IP listed above need to be a public IP and private IP, respectively.  In effect, ip map (aka ip passthrough, address forwarding, etc).  also, I suspect the admin-password requirement is designed to protect remote access to outside intruders...  I dont believe you can restrict the WAN telnet session to a single WAN IP.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
    Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now