SonicWall TZ 180 Wireless, port fwd, Only allow a single public static ip access to ftp, telnet & 3003
OK I have a customer who was convinced to buy a Sonic Wall TZ 180 no by me, it has sat for almost 2 years till they got a tech they like. (Me) The reason they got it was hackers were trying to hit the ftp and it kept filling up the log file, they were not actually getting in.
I have never configured one of these before from scratch. They HAD a linksys wireless router it is just acting as a switch i disabled the dhcp & wireless all together for a laptop/desktop on a kvm.
What im trying to do is fwd FTP, Telnet & 3003 To the server with a internal ip of 192.168.1.10
They have a static ip address. (My customer in MO)
The company on the other end has a static ip. The software company in KS
The goal is to fwd the ports BUT only allow the KS Static ip to be able to access it.
I know this is possible but it seems that I am only going in circles with this.
Also they have a fancy copier scanner large scale that can scan directly to each of there computers and since I put this in the the scanning part stopped working I figure that needs some rules also. Don't have the ip for that at the moment.
I have the wireless on the 172 address locked out from the LAN only has internet access which is fine. It's using WPA2
Here is the info on the Sonic Wall
Modem TZ 180 Wireless Enhanced
Firmware version SonicOS Enhanced 4.2.1.0-20e (I updated it to this latest stable ver)
ROM Version SonicRom 4.0.1.1
Total Memory 128MB Ram, 16MB Flash
I have never configured one of these before from scratch. They HAD a linksys wireless router it is just acting as a switch i disabled the dhcp & wireless all together for a laptop/desktop on a kvm.
What im trying to do is fwd FTP, Telnet & 3003 To the server with a internal ip of 192.168.1.10
They have a static ip address. (My customer in MO)
The company on the other end has a static ip. The software company in KS
The goal is to fwd the ports BUT only allow the KS Static ip to be able to access it.
I know this is possible but it seems that I am only going in circles with this.
Also they have a fancy copier scanner large scale that can scan directly to each of there computers and since I put this in the the scanning part stopped working I figure that needs some rules also. Don't have the ip for that at the moment.
I have the wireless on the 172 address locked out from the LAN only has internet access which is fine. It's using WPA2
Here is the info on the Sonic Wall
Modem TZ 180 Wireless Enhanced
Firmware version SonicOS Enhanced 4.2.1.0-20e (I updated it to this latest stable ver)
ROM Version SonicRom 4.0.1.1
Total Memory 128MB Ram, 16MB Flash
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I will try to get over there tomorrow and look at it.
So are all those settings in the firewall or the network section?? or both if so which
A step by step would be Wonderful.
Thanks
Mike
So are all those settings in the firewall or the network section?? or both if so which
A step by step would be Wonderful.
Thanks
Mike
They are located in the Firewall tab on the left side of the page. On the left you see all the navigation buttons, just click Firewall (this is where you need to go to create port forwards etc) and you will see all of your access rules on the right. You will need to find the rules you've created for the ports to be forwarded. Just need to edit them one at a time and specify the remote IP in the rule itself. I will grab some screenshots and post so you know exactly where to look.
Kenny
Kenny
ASKER
Sweet thanks
Just as an example (and since you need FTP as well) I highlighted the FTP access rule in the SonicWall.
Click the Edit button to the right of the rule. Will look something like this:
Rule-Edit.JPG
Click the Edit button to the right of the rule. Will look something like this:
Rule-Edit.JPG
ASKER
Ok that one makes sense but what about narrowing it down to a single ip?
Thanks
Mike
Thanks
Mike
ASKER
Ok I reply to quick.lol
So this is all done in the firewall section, is that also where the I create the service for port 3003?
So I need to also disable all the other rules I created, I had also run the wizard for a public ftp just to make sure that he Could connect, he did then I just disabled the rule that it created do I need to disable anything else so that to be sure that its closed to public? Right now he cant access it of course.
Thanks
Mike
So this is all done in the firewall section, is that also where the I create the service for port 3003?
So I need to also disable all the other rules I created, I had also run the wizard for a public ftp just to make sure that he Could connect, he did then I just disabled the rule that it created do I need to disable anything else so that to be sure that its closed to public? Right now he cant access it of course.
Thanks
Mike
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sorry, reading through that last post I think I made an error. In the SOURCE line, you want the ethernet to be set to WAN, and then in the Address Range Begin AND Address Range End put the external IP of the customer in MO.
Then, in the DESTINATION line, set the ethernet to LAN, and in the Address Range Begin AND Address Range End you would put 192.168.1.10
Think that I was thinking faster than I was typing.
Kenny
Then, in the DESTINATION line, set the ethernet to LAN, and in the Address Range Begin AND Address Range End you would put 192.168.1.10
Think that I was thinking faster than I was typing.
Kenny
Also, just re-enable the FTP access rule, then edit it to only allow the MO public IP to access it. Then only that IP will have access to port 21. Same with the Telnet port 23 and the 3003 (CGMS?).
ASKER
I have not gotten over there yet will try to get over there tomorrow when there are fewer people.
Thanks
Mike
Thanks
Mike
ASKER
Shooting for tomorrow.
ASKER
I GOT IT.... Woohooo. I also had to set the nat for each one, the 3003 is for remote sites to connect, but actually don't need that part.
Thanks
Mike
Thanks
Mike
glad to hear it..
Kenny
Kenny
ASKER
Thanks
Mike