Results 1 to 4 of 4
  1. #1
    Master Untangler
    Join Date
    Oct 2010
    Posts
    115

    Default Allow external incoming access from specific IP addresses

    Hello,

    I need to restrict inbound access to our LAN on certain ports from specific external IP addresses, for example:

    TCP 8000 and TCP 5964 need to be restricted to only allow access from certain external IP addresses
    UDP 5060 needs to be restricted to only allow traffic inbound from a certain external IP address
    UDP 10020 to 20533 needs to be to be allowed inbound from a certain external IP address

    I recall in the past that the Untangle firewall app is really just for outbound traffic (traffic originating from our LAN).

    I checked the Filter Rules section but this doesn't seem to let you specify a source port (only a source address).

    Can anyone point me in the right direction?

    Thanks

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,546

    Default

    You recall incorrectly. The Firewall App sees any and all TCP or UDP traffic transiting Untangle. In or out, doesn't matter. The only thing about it that can be confusing is the app runs POST NAT. Which means your "destination address" and "destination port" targets will match against the values after NAT happens. So the internal address, and the new port both as determined by your forward rule.

    Or, you can simply put your forward rule into advanced mode, and add a source address flag with the appropriate list or range of IP addresses right there. This is what I do in these cases honestly, I find it vastly easier to read.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,761

    Default

    The only inbound is from port forwards or bridged interfaces to the external. I would just add source address condition to port forward to limit inbound port forwards to those source addresses.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Master Untangler
    Join Date
    Oct 2010
    Posts
    115

    Default

    Many thanks for your help - much appreciated!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2