Enable port forwarding on NF18ACV from a single remote IP only

LDetonal on 17/08/2019 - 21:52

I am with ABB and would like to enable portforwarding for a single remote IP on my NF18ACV.
If I use the 'virtual server' feature, it opens up that port for the whole world.
If I configure it only under 'Security > IP filtering > Incoming' it simply does not accept connections from outside.
Is there anyone else who tried similar?
Thanks in advance!

Computing

Comments

  • CC123 on 17/08/2019 - 23:35

    Don't own an NF18ACV but check the Port Forwarding Guide. Checked it on an emulator and it does appear to work. (Obviously I cannot actually port forward as it's an emulator)

    • Detonal on 17/08/2019 - 23:41

      Thank you.
      If I use the 'virtual server' feature, it works, but it opens up that port for the whole world and I cannot find a way to restrict access to one remote ip.

      • CC123 on 17/08/2019 - 23:43

        Not sure if it's possible to open it for a specific IP, you could use TeamViewer VPN or Hamachi to connect to your LAN outside of your network. That way no ports are open and only people you trust have access to it.

        • Detonal on 17/08/2019 - 23:52
          +1

          Thank you.

  • pln on 17/08/2019 - 23:47

    I've just got a LAN port enabled & opened for HTTP in Security>"Access Control" then in Security>"IP Filtering", I've allowed incoming for a specific external IP for that port. Also if you're using FTTB like me, pretty sure ABB are using carrier-grade NAT which shares a single public IP amongst multiple services, you'd have to speak to them about getting your own dynamic IP.

    • Detonal on 17/08/2019 - 23:52

      /I am not on CGNAT./
      Were you able to connect to the LAN IP:port from your remote IP and portscan still showed the port closed?
      (ie https://www.ipfingerprints.com/portscan.php )

      Edit: Could you please link here (or send me) a screenshot of the page 'Incoming IP Filtering Setup' ? You can mask your remote or local IP.

      Thanks!

      • dom_christo on 21/07/2021 - 15:37

        Im also trying to do this without much luck.
        Simply port forwarding works, but security risks.
        Would like to limit to a single source IP.

  • Tnetennba on 18/08/2019 - 00:17

    You could firewall on the endpoint, e.g. if you're port forwarding to a windows pc, use the windows firewall.

    Tread carefully though, opening something like remote desktop from the internet is dangerous. You'd be better off VPNing into the LAN and then performing whatever service (e.g. CCTV access, remote desktop, etc.)

    • Detonal on 18/08/2019 - 00:21

      Thank you, I am aware of the risks, that is why I would want to restrict access on the router from a single remote IP only.
      I can't trust any endpoint protection when a random packet is already inside the perimeter.

Login or Join to leave a comment
Login Join