Forums

Resolved
0 votes
Hello all,

I want to limited the access to a 1-to-1 port NAT rule and was wondering how to go about it.

On 1-to-1 NAT firewall I have the following rule:
test 192.168.1.2 [LAN IP] 1.2.3.4 [WAN IP*] eth1 [public] tcp port xyz
* WAN IP isn't gateway IP, it's a public IP from the IP public subnet.

I have try to use information from:
https://www.clearos.com/clearfoundation/social/community/source-ip-limiting-1-to-1-port-nat-rule,
but I can't restrict the access only for "my_wanted_source_ip".

Command used, run from cli, was:
iptables -I FORWARD -i eth1 ! -s "my_wanted_source_ip" -d 192.168.1.2 -p tcp --dport xyz -j DROP
Previous to run the above command I have disabled 1-to-1 NAT rule.
But the command above isn't work...

What it's wrong on the above command or what rule must be added to limit which public/source IP's can access that internal server:port?
Any help much appreciated!
Wednesday, October 21 2020, 12:10 PM
Share this post:
Responses (2)
  • Accepted Answer

    Wednesday, October 21 2020, 12:56 PM - #Permalink
    Resolved
    0 votes
    That rule only works with the 1-to-1 NAT rule enabled, but note also that you will lose any firewall rule entered to to command line when you do a firewall operation in the webconfig. Once you've shown your rule to be working, add it as a Custom Firewall rule but change "iptables" to "$IPTABLES".
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, October 22 2020, 10:04 AM - #Permalink
    Resolved
    0 votes
    Yes, i knew that.

    The rule was correct but the problem was that "my_wanted_source_ip" it wasn't what to be supposed to be..

    Thank you!
    The reply is currently minimized Show
Your Reply