Hello all,
I want to limited the access to a 1-to-1 port NAT rule and was wondering how to go about it.
On 1-to-1 NAT firewall I have the following rule:
test 192.168.1.2 [LAN IP] 1.2.3.4 [WAN IP*] eth1 [public] tcp port xyz
* WAN IP isn't gateway IP, it's a public IP from the IP public subnet.
I have try to use information from:
https://www.clearos.com/clearfoundation/social/community/source-ip-limiting-1-to-1-port-nat-rule,
but I can't restrict the access only for "my_wanted_source_ip".
Command used, run from cli, was:
iptables -I FORWARD -i eth1 ! -s "my_wanted_source_ip" -d 192.168.1.2 -p tcp --dport xyz -j DROP
Previous to run the above command I have disabled 1-to-1 NAT rule.
But the command above isn't work...
What it's wrong on the above command or what rule must be added to limit which public/source IP's can access that internal serverort?
Any help much appreciated!
I want to limited the access to a 1-to-1 port NAT rule and was wondering how to go about it.
On 1-to-1 NAT firewall I have the following rule:
test 192.168.1.2 [LAN IP] 1.2.3.4 [WAN IP*] eth1 [public] tcp port xyz
* WAN IP isn't gateway IP, it's a public IP from the IP public subnet.
I have try to use information from:
https://www.clearos.com/clearfoundation/social/community/source-ip-limiting-1-to-1-port-nat-rule,
but I can't restrict the access only for "my_wanted_source_ip".
Command used, run from cli, was:
iptables -I FORWARD -i eth1 ! -s "my_wanted_source_ip" -d 192.168.1.2 -p tcp --dport xyz -j DROP
Previous to run the above command I have disabled 1-to-1 NAT rule.
But the command above isn't work...
What it's wrong on the above command or what rule must be added to limit which public/source IP's can access that internal serverort?
Any help much appreciated!
In 1-to-1 NAT
Share this post:
Responses (2)
-
Accepted Answer
That rule only works with the 1-to-1 NAT rule enabled, but note also that you will lose any firewall rule entered to to command line when you do a firewall operation in the webconfig. Once you've shown your rule to be working, add it as a Custom Firewall rule but change "iptables" to "$IPTABLES". -
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »