WAN Source IP in Port Forward Rule?

Discussion in 'Cisco/Linksys Wireless Routers' started by Andrewt, Nov 17, 2006.

  1. Andrewt

    Andrewt Guest

    I'm looking for firmware for my WRTSL54GS that allows me to choose the WAN "From" (or source) IP from which to forward.

    For example,
    From WAN IP:
    From Port: 23

    To LAN IP:
    To Port: 23

    The example above would forward the Telnet port to a device on my LAN *but only if the connection is from my work IP*. In other words I am not opening up that port to the whole world and his mother.

    So far I have tried DD-WRT v23 SP2 and v2.00.5, HyperWRT + thibor15c (they looked like my best bets) and they both appear to just forward connections from any WAN IP. I'm sure it can be scripted and maybe that's what I'll end up doing but I'm surprised this (basic?) functionality isn't already there in the GUI.

    I have looked at Toxic's great firmware comparison guide for clues but it (understandably) doesn't cover port forwarding in this kind of detail.

    Can anyone suggest a firmware release that allows the specification of the source IP for port forwarding, please?

  2. ifican

    ifican Network Guru Member

    I do not believe you are going to find that base feature set on any of the 3rd party firmware as its not something that has already been written into the code. Can it be done yes, for me though i find it much simpler to just put those devices behind a router thats capable of doing that right out of the box. I run a linksys vpn router at my edge for quickvpn capabilites currently, but dump anything like you want to do off to a netscreen or a cisco router to handle the same type of granularity that you are after. That way i can limit incomming packets by whatever parameter i choose.
  3. HennieM

    HennieM Network Guru Member

    I have a Netgear DG834GT which allows you to do this in the GUI, but it's missing so many other features Netgear might as well not have provided that.

    Anyway, you'll probably have to add something like this to iptables:

    -A PREROUTING -s -p tcp --dport 23 -j DNAT --to

    Thibor15c let's you add a startup script from the GUI, so maybe that's the place to do it. Dunno if this will be overwritten again.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice