Block Port for Browsing Servers

I have a new Linksys RV082 and I want to know what port I have to block from preventing someone from browsing a server I have on a Live IP.  I had to create a one to one NAT for my email server and my Citrix server, however if you browse the IP that is on the outside, you can see my files.  Granted you have to authenticate but I do not want it even coming up.
tbjbsAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MikeKaneCommented:
In the WebGui, you'll need to create some Firewall Access Rules to handle this.  

I am assuming you enabled the 1 to 1 IP by assigning the DMZ ip host to this internal server.    

You would create an Access Rule to allow the Citrix ports from all IP on the WAN interface to the Server IP on the LAN.  
You would create an Access Rule to allow http port 80 from all IP on the WAN interface to the Server IP on the LAN.
Finally, create a DENY rule from all IP on the WAN to the server IP on the LAN.   <-  This keeps eveything else out and must be last in the priority order so that the other Allow rules can be evaluated 1st.  

For exact info, check pg 34 of the admin guide here.... http://www.cisco.com/en/US/docs/routers/csbr/rv082/administration/guide/RV082_V10_UG_D-WEB.pdf
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tbjbsAuthor Commented:
This is what I have last: Deny      All Traffic [1]      WAN1      Any      Any      Always  however it still is allowing me to browse my servers from outside the network.  Also I had to DENY 3389 because I could RDP to my Exchange Server.
0
montezzCommented:
Normally instead of a 1to1 NAT you would do PAT and only open the ports that are needed. There are a lot more dangerous ports than 80 and 3389 that are open.
0
tbjbsAuthor Commented:
Eventhough I had a DENY WAN1 ANY ANY it actually ignores this line and you must put in a DENY WAN1 ANY Range for it to Deny all ports.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.