Netopia R7200 Built in Firewall- how to lock out telnet


I have a customer that has (x)DSL through my company. They have a Netopia R7200, an they require telnet to be turned off to all IPs except IP address on my companies network for remote managment.
I have been able to get this done, but after I applied the rule set, I cant VPN out from a PC behind the router.
Im sure I'm doing something wrong, and was wondering if someone could look the rule set:

+-#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D.Port--On?-Fwd-+
   | 1    209.227.X.X    207.244.X.X   TCP   NC       =23     Yes Yes |
   | 2            TCP   NC       =2000   Yes No  |
   | 3            TCP   NC       =6000   Yes No  |
   | 4            ICMP  NC       NC      Yes Yes |
   | 5            TCP   NC       >1023   Yes Yes |
   | 6            UDP   NC       >1023   Yes Yes


Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Press2EscSystems IntegratorCommented:
At first glance, it looks there is no rule set for any VPN ports, 1723 & 43 (PPTP) or 115 (L2TP).  
Also, it appears the telnet port is being forwarded versus "terminating" the telnet at the router itself.  If you are trying to set telnet acccess ONLY to the router via the WAN, try setting Fwd Off.
gravydog88Author Commented:

 1            TCP   NC       =2000   Yes No  |
   | 2            TCP   NC       =6000   Yes No  |
   | 3    209.227.X.X           TCP   NC       =23     Yes No  |
   | 4            ICMP  =8       NC      Yes No  |
   | 5            ICMP  NC       NC      Yes Yes |
   | 6            TCP   NC       NC      Yes Yes |
   | 7            UDP   NC       NC      Yes Yes

I have updated the Built in Firewall. I was able to get VPN to work by No compare to Dest Port. Im still having trouble getting telnet limited to a single fixed address beyond the routers LAN.
I would like 209.*.*.21 to telnet to the WAN IP of the router, and deny all other IPs


Press2EscSystems IntegratorCommented:
GD, if i am understanding your requirement, you are trying to restrict telnet access to the netopia via wan IP.... correct?  
If the R7200 is like other Netopia's, I suspect Source & Dest IP Addresses IP listed above need to be a public IP and private IP, respectively.  In effect, ip map (aka ip passthrough, address forwarding, etc).  also, I suspect the admin-password requirement is designed to protect remote access to outside intruders...  I dont believe you can restrict the WAN telnet session to a single WAN IP.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.