text.skipToContent text.skipToNavigation

Configuring Access Rules for restricted port forwarding on your LRT2x4 router

Port Forwarding redirects communication request to a different IP and port.  It is usually used to redirect a request from the WAN side to the LAN side servers. It is very convenient to access your internal servers from external, but you will find that the forwarding rule doesn’t filter out the IP address.  So, if you create a forwarding rule such as HTTP port 80 to 192.168.1.100, then all of the Internet devices can access your internal Web server.  This article will guide you on how to configure access rules for restricted port forwarding to enhance your network security.
 
Step 1:
On your web browser, access your Linksys Gigabit VPN router.  For instructions, click here.
 
Step 2:
Click Configuration > Forwarding.
 
User-added image
 
Step 3:
Select the Service, enter the IP Address then click the Add to list button.
 
NOTE:  The IP address should be in LAN or Multiple Subnet IP range.
 
User-added image
 
Step 4:
Click Firewall > Access Rules.
 
User-added image
 
Step 5:
Click Add.
 
User-added image
 
Step 6:
Enter the values of the IP address range that you want to deny access to the internal Web server.
 
NOTE:  In this example, an access rule with IP address range 223.1.1.1 ~ 223.1.1.254 has been set to deny from accessing the internal Web server with IP address 192.168.1.100.
 
User-added image
 
  • Action – Allow or deny network traffic. 
  • Service – Select TCP/UDP port number.  You can add service in Service Management.
  • Log – Log packets match this rule or not.
  • Source Interface – LAN, WAN1, WAN2 and ANY.
  • Source IP – Enter IP address by range, single, or select ANY.
  • Destination IP – Enter IP address by range, single, or select ANY.
  • SCHEDULING – Set access rules to Always in effect or taken effect by schedule.
QUICK TIP:  You can check the rule list on Access Rules page.  The access rule created can deny TCP/80 request from 223.1.1.1 ~ 223.1.1.254 on WAN1.  If you use dual WAN, create another rule and change source interface WAN1 into WAN2.
 
User-added image
 
NOTE:  You can also deny all source IP addresses first, then only allow exclusive IP address such as the following figure shows.  Notice the priority of access rules.
 
User-added image

Was this support article useful?

Additional Support Questions?

Search Again

CONTACT SUPPORT