Port Forwarding redirects communication request to a different IP and port. It is usually used to redirect a request from the WAN side to the LAN side servers. It is very convenient to access your internal servers from external, but you will find that the forwarding rule doesn’t filter out the IP address. So, if you create a forwarding rule such as HTTP port 80 to 192.168.1.100, then all of the Internet devices can access your internal Web server. This article will guide you on how to configure access rules for restricted port forwarding to enhance your network security.

NOTE: You can also deny all source IP addresses first, then only allow exclusive IP address such as the following figure shows. Notice the priority of access rules.

Step 1:
On your web browser, access your Linksys Gigabit VPN router. For instructions, click here.
Step 2:
Click Configuration > Forwarding.
On your web browser, access your Linksys Gigabit VPN router. For instructions, click here.
Step 2:
Click Configuration > Forwarding.
Step 3:
Select the Service, enter the IP Address then click the Add to list button.
NOTE: The IP address should be in LAN or Multiple Subnet IP range.
Select the Service, enter the IP Address then click the Add to list button.
NOTE: The IP address should be in LAN or Multiple Subnet IP range.

Step 4:
Click Firewall > Access Rules.
Click Firewall > Access Rules.

Step 5:
Click Add.
Click Add.
Step 6:
Enter the values of the IP address range that you want to deny access to the internal Web server.
NOTE: In this example, an access rule with IP address range 223.1.1.1 ~ 223.1.1.254 has been set to deny from accessing the internal Web server with IP address 192.168.1.100.
Enter the values of the IP address range that you want to deny access to the internal Web server.
NOTE: In this example, an access rule with IP address range 223.1.1.1 ~ 223.1.1.254 has been set to deny from accessing the internal Web server with IP address 192.168.1.100.
- Action – Allow or deny network traffic.
- Service – Select TCP/UDP port number. You can add service in Service Management.
- Log – Log packets match this rule or not.
- Source Interface – LAN, WAN1, WAN2 and ANY.
- Source IP – Enter IP address by range, single, or select ANY.
- Destination IP – Enter IP address by range, single, or select ANY.
- SCHEDULING – Set access rules to Always in effect or taken effect by schedule.

NOTE: You can also deny all source IP addresses first, then only allow exclusive IP address such as the following figure shows. Notice the priority of access rules.
