• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 875
  • Last Modified:

How can I controll acess to my FTP server with a RV082

I have a Linksys router RV082.  I have set firewall rules to only allow inbound port 21 from my office 62.33.33.21 [WAN1] (source) to the server 192.168.1.10 (destination) using Access Rules and no traffic is being passed to the server.  When I added Forwarding (port range) the FTP works fine, except I can also FTP from my house.  Thus the firewall rule is out the door as all inbound 21 traffic is forwarding to the server.  At this point I have both firewall rules and port forwarding in effect.

I need to restrict all inbound traffic to the LAN and allow only specific ports to go to the server from my office and nowhere else.

Where did I go wrong?
0
vic45708
Asked:
vic45708
  • 4
  • 3
1 Solution
 
marcokrecicCommented:
In order to correctly configure the FTP service you have to include the port 20 (used for FTP data transfer).
0
 
vic45708Author Commented:
I used the 21 as an example, as I type slow.  

I have 7 ranges that I am forwarding including 20-23 for FTP and Telnet.

I have Rule 1 as 20-23, with the above settings.
0
 
marcokrecicCommented:
Only FTP server use port 21, the FTP client use a random port for FTP connection, so you have to create a rule ANY to 20-21 for FTP service.
Please send a screenshot of rules.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
vic45708Author Commented:
Here are the screen shots of the firewall and port forwarding.  

Remember ... all of my services are working.  

I am trying to restrict access from anywhere but from my office IP.
Firewall.doc
0
 
marcokrecicCommented:
try to change the destination in your access rules to your public ip address.
0
 
vic45708Author Commented:
I made the change and it made no difference. [in the access rules I changed 192.168.0.10 to the ip of the server site]

I am still able to reach the server from home.
0
 
vic45708Author Commented:
Found the answer:

1. Port Forwarding must be setup to allow the ports to be forwarded.
2. A firewall rule must be created to allow port traffic from the specific public address to the private ip address.
3. A firewall rule must be created to DENY all traffic to the private ip address.
4. the rules must be placed in order ... first allow specific then deny all.

Thanks!

Note: I did not try but the DENY rule can be made DENY all destination addresses.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now