How can I controll acess to my FTP server with a RV082

I have a Linksys router RV082.  I have set firewall rules to only allow inbound port 21 from my office 62.33.33.21 [WAN1] (source) to the server 192.168.1.10 (destination) using Access Rules and no traffic is being passed to the server.  When I added Forwarding (port range) the FTP works fine, except I can also FTP from my house.  Thus the firewall rule is out the door as all inbound 21 traffic is forwarding to the server.  At this point I have both firewall rules and port forwarding in effect.

I need to restrict all inbound traffic to the LAN and allow only specific ports to go to the server from my office and nowhere else.

Where did I go wrong?
vic45708Asked:
Who is Participating?
 
vic45708Author Commented:
Found the answer:

1. Port Forwarding must be setup to allow the ports to be forwarded.
2. A firewall rule must be created to allow port traffic from the specific public address to the private ip address.
3. A firewall rule must be created to DENY all traffic to the private ip address.
4. the rules must be placed in order ... first allow specific then deny all.

Thanks!

Note: I did not try but the DENY rule can be made DENY all destination addresses.
0
 
marcokrecicCommented:
In order to correctly configure the FTP service you have to include the port 20 (used for FTP data transfer).
0
 
vic45708Author Commented:
I used the 21 as an example, as I type slow.  

I have 7 ranges that I am forwarding including 20-23 for FTP and Telnet.

I have Rule 1 as 20-23, with the above settings.
0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

 
marcokrecicCommented:
Only FTP server use port 21, the FTP client use a random port for FTP connection, so you have to create a rule ANY to 20-21 for FTP service.
Please send a screenshot of rules.
0
 
vic45708Author Commented:
Here are the screen shots of the firewall and port forwarding.  

Remember ... all of my services are working.  

I am trying to restrict access from anywhere but from my office IP.
Firewall.doc
0
 
marcokrecicCommented:
try to change the destination in your access rules to your public ip address.
0
 
vic45708Author Commented:
I made the change and it made no difference. [in the access rules I changed 192.168.0.10 to the ip of the server site]

I am still able to reach the server from home.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.