1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Incoming Access Restriction

Discussion in 'Tomato Firmware' started by jochen, Mar 10, 2010.

  1. jochen

    jochen LI Guru Member

    On the access restriction page I can restrict outgoing wan access for clients on my lan. Is there a way to do this in the opposite direction (restrict incoming connection requests)?
    I have a NAS acting as a webserver and defined a port forwarding. It looks like some hackers have programmed robots that test vulnerability of webservers. These attempts to hack my server cause it to wake up from sleep, and the harddisc is spinning up. Debugging these wakeups, I found that these attacks mainly come from ips from china. So I'm searching for a solution to limit access to my webserver to known ip ranges from my country.

    I tried to use some unusual port for my webserver, but then I cannot access it from work. At work we have to use a proxy for internet access (firewall) that only allows port 80 and 443.
     
  2. rhester72

    rhester72 Network Guru Member

  3. jochen

    jochen LI Guru Member

    Thank you for that link. Is there also the other way round, not blacklisting some ip ranges but whitelisting some ip ranges?
    Since I don't know all china ip ranges, it would be easier to enter only the known ip ranges.
     
  4. rhester72

    rhester72 Network Guru Member

    You could theoretically whitelist by having a "block all" rule followed by a series of whitelist rules, but (depending on what you're trying to accomplish) you are potentially talking about a *LOT* of rules/ranges.

    Do you know specifically what ranges you want to be able to connect to your web site?

    Rodney
     
  5. jochen

    jochen LI Guru Member

    Yes, that are only a few: my cell phone providers adresses and at work the companys ip address.
     

Share This Page