good morning everyone I have a brume2 and I should configure the opening of a tcp/udp port coming from an external static ip towards my internal server below is the example scenario.
the scenario is the following:
the internal server ip 192.xxx.xxx.xxx must have an open port eg.1234 TCP/UDP towards an external static ip eg.321.321.321.321 and only this ip can communicate with the local server towards that specific port.
thanks for support !!!
I would say the easiest way to achieve this is by manually editing the /etc/config/firewall config file according to [OpenWrt Wiki] IPv4 firewall examples in combination with the port forwarding itself Port Forwarding - GL.iNet Router Docs 4
In the Advanced LUCI GUI, using the Network/Firewall/Traffic Rules page and tapping ‘Add’ allows me to create custom Rules where I can enter both source and destination IP addresses. It even allows me to restrict it to the source or destination mac-address, as well as, time restrictions.
excuse my total ignorance on the subject but where do I have to insert the external IP authorized to enter towards my local IP? I attach a screen of the rule
thanks for your patience
Your under Network/Firewall/Port Forward tab. Open the next tab for Network/Firewall/Traffic Rules.
good morning I did some tests but nothing to do ... the external IP address does not reach my internal server at the port set in tcp / udp if instead I set a port forwarding open to all the server port is reachable, but I can not leave a port open to all on the server I need it to be reachable only for the remote server to which I give access otherwise it becomes vulnerable.
a simple consideration, but is it possible that it is so complicated to create a simple rule that accepts only one connection from an external IP address to a port of my internal server. with the default routers of various Internet providers it is usually a very simple thing to give access to a default IP to an internal IP. Brume is a product that we use a lot and is also very versatile but in some things the logic of use is very complicated, it would be enough to put an external IP or Mac address entry in the port forwarding screen. I hope someone can help me solve this problem….
Just for your understanding: MAC works in directly connected LANs only. As soon as routing is done, the MAC vanishes from the IP package.
Thanks Admon for your reply but a similar test has already been done if you read the previous posts
Interesting. When you use the port forwarding rule that works, I would think that the GL.iNet logs should show the remote source IP that’s coming in so you should be able to verify it to make sure your source IP address you are using is the IP address making it to your GL.iNet router. Perhaps the remote external IP is being NAT’d (transposed) to a different IP address somewhere along the connection.
As for myself, I haven’t used firewall rules for years since most of the standard TCP/UDP protocols are unencrypted, and internet service providers can do anything they want with the TCP/UDP protocols and IP traffic. So, I use site to site VPN tunnels for bulk encryption of all the protocols by using another GL.iNet device at the remote end. And the remote network now has AdGuard enabled on that GL.iNet router which they really like.
