gravydog88
asked on
Netopia R7200 Built in Firewall- how to lock out telnet
Experts.
I have a customer that has (x)DSL through my company. They have a Netopia R7200, an they require telnet to be turned off to all IPs except IP address on my companies network for remote managment.
I have been able to get this done, but after I applied the rule set, I cant VPN out from a PC behind the router.
Im sure I'm doing something wrong, and was wondering if someone could look the rule set:
+-#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D
+-------------------------
| 1 209.227.X.X 207.244.X.X TCP NC =23 Yes Yes |
| 2 0.0.0.0 0.0.0.0 TCP NC =2000 Yes No |
| 3 0.0.0.0 0.0.0.0 TCP NC =6000 Yes No |
| 4 0.0.0.0 0.0.0.0 ICMP NC NC Yes Yes |
| 5 0.0.0.0 0.0.0.0 TCP NC >1023 Yes Yes |
| 6 0.0.0.0 0.0.0.0 UDP NC >1023 Yes Yes
thanks
Rich
I have a customer that has (x)DSL through my company. They have a Netopia R7200, an they require telnet to be turned off to all IPs except IP address on my companies network for remote managment.
I have been able to get this done, but after I applied the rule set, I cant VPN out from a PC behind the router.
Im sure I'm doing something wrong, and was wondering if someone could look the rule set:
+-#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D
+-------------------------
| 1 209.227.X.X 207.244.X.X TCP NC =23 Yes Yes |
| 2 0.0.0.0 0.0.0.0 TCP NC =2000 Yes No |
| 3 0.0.0.0 0.0.0.0 TCP NC =6000 Yes No |
| 4 0.0.0.0 0.0.0.0 ICMP NC NC Yes Yes |
| 5 0.0.0.0 0.0.0.0 TCP NC >1023 Yes Yes |
| 6 0.0.0.0 0.0.0.0 UDP NC >1023 Yes Yes
thanks
Rich
ASKER
P2E.
1 0.0.0.0 0.0.0.0 TCP NC =2000 Yes No |
| 2 0.0.0.0 0.0.0.0 TCP NC =6000 Yes No |
| 3 209.227.X.X 0.0.0.0 TCP NC =23 Yes No |
| 4 0.0.0.0 0.0.0.0 ICMP =8 NC Yes No |
| 5 0.0.0.0 0.0.0.0 ICMP NC NC Yes Yes |
| 6 0.0.0.0 0.0.0.0 TCP NC NC Yes Yes |
| 7 0.0.0.0 0.0.0.0 UDP NC NC Yes Yes
I have updated the Built in Firewall. I was able to get VPN to work by No compare to Dest Port. Im still having trouble getting telnet limited to a single fixed address beyond the routers LAN.
I would like 209.*.*.21 to telnet to the WAN IP of the router, and deny all other IPs
thanks
Rich
1 0.0.0.0 0.0.0.0 TCP NC =2000 Yes No |
| 2 0.0.0.0 0.0.0.0 TCP NC =6000 Yes No |
| 3 209.227.X.X 0.0.0.0 TCP NC =23 Yes No |
| 4 0.0.0.0 0.0.0.0 ICMP =8 NC Yes No |
| 5 0.0.0.0 0.0.0.0 ICMP NC NC Yes Yes |
| 6 0.0.0.0 0.0.0.0 TCP NC NC Yes Yes |
| 7 0.0.0.0 0.0.0.0 UDP NC NC Yes Yes
I have updated the Built in Firewall. I was able to get VPN to work by No compare to Dest Port. Im still having trouble getting telnet limited to a single fixed address beyond the routers LAN.
I would like 209.*.*.21 to telnet to the WAN IP of the router, and deny all other IPs
thanks
Rich
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also, it appears the telnet port is being forwarded versus "terminating" the telnet at the router itself. If you are trying to set telnet acccess ONLY to the router via the WAN, try setting Fwd Off.
P2E