1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RV082, etc - Port Forwarding .vs. Access Rules - I NEED BOTH!

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by WmArnold1, Mar 7, 2007.

  1. WmArnold1

    WmArnold1 LI Guru Member

    Greetings; I have the following setup:

    RV082 running os ver 1.3.5
    Wan1 - T1 with static IP
    Wan2 - Cable with DHCP
    Outgoing Wan interfaces load balanced, automatically.
    Incoming Port 1433 (ms-SQL-server) forwarded to LAN IP 192.168.158.3

    THE PROBLEM is that I want access rules and forwarding too.

    When I add any access rules regarding Port-1433, forwarding stops working

    ==> it's especially interesting to note that my wallwatcher software reports that port 1433 is correctly being passed even though the Windows ODBC DSN consistently fails to connect from the remote IP when the Access Rules are enabled.

    Please advise, quickly, because I robots are trying to guess my passwords!

    Thanks in advance, William in Indianapolis
     
  2. WmArnold1

    WmArnold1 LI Guru Member

    Hello, I'm responding to my own question - please feel free to comment on my work-around ;-)

    Although I was unable to use neither allow nor deny Access Rules specifically for my forwarded port; 1433 (ms-sql-server) I was able to Deny-anything from the hacker's IP.

    Personally, I'd think that Deny-anything-from-this-IP would already be covered by the default Deny access rules, but I would also think that I could overide implied access rules regarding forwarded ports too. Weird..

    LINKSYS/CISCO: Please enable access rules regarding forwarded ports or just show the default forwarded port access rule anywhere I can edit it.

    Hopefully Yours, William in Indianapolis, IN
     
  3. YeOldeStonecat

    YeOldeStonecat Network Guru Member

    I have access rules and forwarding working...what is the order you have on access rules? I do this on my clients with Exchange servers..port 25...since I always put an ACL on the outside only allowing port 25 to be accessed by their mail host smart server..instead of leaving port 25 open to the entire world.
     
  4. pablito

    pablito Network Guru Member

    Opening an SQL server to the internet is never a good thing no matter how well filtered. You'll attract a huge number of crackheads, as you've seen.

    However, WAN filtering doesn't work against any ports setup in port forwarding. An allow rule is created that you don't see and any deny rules are ignored. Put those forwarding rules in the UPnP section instead (keep UPnP turned off). This functions the same way as port forwarding except that you can add allow and deny rules in the firewall and they will be used as expected.
     

Share This Page