• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 509
  • Last Modified:

Netopia R7200 Built in Firewall- how to lock out telnet

Experts.

I have a customer that has (x)DSL through my company. They have a Netopia R7200, an they require telnet to be turned off to all IPs except IP address on my companies network for remote managment.
I have been able to get this done, but after I applied the rule set, I cant VPN out from a PC behind the router.
Im sure I'm doing something wrong, and was wondering if someone could look the rule set:

+-#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D.Port--On?-Fwd-+
   +-------------------------------------------------------------------------+
   | 1    209.227.X.X    207.244.X.X   TCP   NC       =23     Yes Yes |
   | 2    0.0.0.0           0.0.0.0           TCP   NC       =2000   Yes No  |
   | 3    0.0.0.0           0.0.0.0           TCP   NC       =6000   Yes No  |
   | 4    0.0.0.0           0.0.0.0           ICMP  NC       NC      Yes Yes |
   | 5    0.0.0.0           0.0.0.0           TCP   NC       >1023   Yes Yes |
   | 6    0.0.0.0           0.0.0.0           UDP   NC       >1023   Yes Yes

thanks

Rich
0
gravydog88
Asked:
gravydog88
  • 2
1 Solution
 
Press2EscCommented:
At first glance, it looks there is no rule set for any VPN ports, 1723 & 43 (PPTP) or 115 (L2TP).  
Also, it appears the telnet port is being forwarded versus "terminating" the telnet at the router itself.  If you are trying to set telnet acccess ONLY to the router via the WAN, try setting Fwd Off.
P2E
0
 
gravydog88Author Commented:
P2E.

 1    0.0.0.0           0.0.0.0           TCP   NC       =2000   Yes No  |
   | 2    0.0.0.0           0.0.0.0           TCP   NC       =6000   Yes No  |
   | 3    209.227.X.X    0.0.0.0           TCP   NC       =23     Yes No  |
   | 4    0.0.0.0           0.0.0.0           ICMP  =8       NC      Yes No  |
   | 5    0.0.0.0           0.0.0.0           ICMP  NC       NC      Yes Yes |
   | 6    0.0.0.0           0.0.0.0           TCP   NC       NC      Yes Yes |
   | 7    0.0.0.0           0.0.0.0           UDP   NC       NC      Yes Yes

I have updated the Built in Firewall. I was able to get VPN to work by No compare to Dest Port. Im still having trouble getting telnet limited to a single fixed address beyond the routers LAN.
I would like 209.*.*.21 to telnet to the WAN IP of the router, and deny all other IPs

thanks

Rich
0
 
Press2EscCommented:
GD, if i am understanding your requirement, you are trying to restrict telnet access to the netopia via wan IP.... correct?  
If the R7200 is like other Netopia's, I suspect Source & Dest IP Addresses IP listed above need to be a public IP and private IP, respectively.  In effect, ip map (aka ip passthrough, address forwarding, etc).  also, I suspect the admin-password requirement is designed to protect remote access to outside intruders...  I dont believe you can restrict the WAN telnet session to a single WAN IP.
P2E
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now