traffic not being blocked by IP

traffic not being blocked by IP

traffic not being blocked by IP
traffic not being blocked by IP
2024-10-03 16:05:11
Model: ER7206 (TL-ER7206)  
Hardware Version: V1
Firmware Version: 1.4.2

I have an ER7206 that I setup a virtual server on and I need to restrict it to specific IPs that are allowed to connect, and block everything else.

 


Under NAT->Virtual Servers I have an IP set for the station I want external access to

Under Service Type I added the service and port information

Under IP Groups I have a group (PUBLICIPS) set with the public IP range I want to have access to the server (after adding the IPs into the IP Addresses list)

Under IP Groups I have the IP set of the machine I want external access to

Under Firewall->Access Control I have 2 rules

 

Rule #1 allows the traffic to the server.

 

Direction is WAN IN

Source is the IP group (PUBLICIPS) that I want to allow access from

Destination is the IP of the server I want to connect to

 

Rule #2 is the blocking rule

 

Direction is WAN IN

Source is IPGROUP_ANY

Destination is the IP of the server from Rule #1

 

With this config I can still connect from any external IP. It's not blocking IPs outside of the PUBLICIPS group. I even tried connecting from my cell phone (not on wifi) and I'm able to conenct.

 

If I disable the virtual server i do lose access, so at least that is working.

  0      
  0      
#1
Options
1 Reply
Re:traffic not being blocked by IP
2024-10-08 03:15:13 - last edited 2024-10-08 03:15:20

Hi @vtach3743 

Thanks for posting in our business forum.

Does this persist in your system?

Can you show pictures of the IP group you have set and the ACL?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options