Home

Forums

Stories

Knowledge Base

Business Community > Routers > How to allow a specific IP from the internet + port on the local network on the er605?

< Routers

How to allow a specific IP from the internet + port on the local network on the er605?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

How to allow a specific IP from the internet + port on the local network on the er605?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

How to allow a specific IP from the internet + port on the local network on the er605?

2 weeks ago - last edited a week ago

Posts: 5

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2024-12-18

How to allow a specific IP from the internet + port on the local network on the er605?

2 weeks ago - last edited a week ago

Model: ER605 (TL-R605)

Hardware Version: V2

Firmware Version: 2.2.6 Build 20240718 Rel.82712

Please help, I can't find this anywhere
How do I allow a specific IP from the internet + an internal IP port on the er605 that can be used in the local network?
I've been looking everywhere and I can't find a solution or instructions on how to do it
For example, on the internal IP (192.168.0.2) only an IP from the internet can be used, for example 46.128.125.126, port 6060...for example (the numbers are made up)

0

0

#1

2 Accepted Solutions

2 weeks ago - last edited 2 weeks ago

Posts: 7064

Helpful: 3591

Solutions: 1710

Stories: 0

Registered: 2023-06-09

Re:How to allow a specific IP from the internet + port on the local network on the er605?-Solution

2 weeks ago - last edited 2 weeks ago

Thanks for posting in our business forum.

Controller mode, does not support IP-Port Group yet.

Standalone mode, yes, you can do this. Create the Service Type and ACL and it would be possible to do IP-Port ACL.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.

Recommended Solution

1

1

#2

2 weeks ago - last edited 2 weeks ago

Posts: 7064

Helpful: 3591

Solutions: 1710

Stories: 0

Registered: 2023-06-09

Re:How to allow a specific IP from the internet + port on the local network on the er605?-Solution

2 weeks ago - last edited 2 weeks ago

seki1975 wrote

@Clive_A

In no example do I see a specific solution for WAN to LAN access with a restriction only to a specific IP from the Internet to within the local network to a specific local IP address, moreover, half of the instructions are in OMADA, the other in the normal local settings, why? Not all users use OMADA

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.

Recommended Solution

0

0

#13

10 Reply

2 weeks ago - last edited 2 weeks ago

Posts: 7064

Helpful: 3591

Solutions: 1710

Stories: 0

Registered: 2023-06-09

Re:How to allow a specific IP from the internet + port on the local network on the er605?-Solution

2 weeks ago - last edited 2 weeks ago

Thanks for posting in our business forum.

Controller mode, does not support IP-Port Group yet.

Standalone mode, yes, you can do this. Create the Service Type and ACL and it would be possible to do IP-Port ACL.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.

Recommended Solution

1

1

#2

2 weeks ago

Posts: 7064

Helpful: 3591

Solutions: 1710

Stories: 0

Registered: 2023-06-09

Re:How to allow a specific IP from the internet + port on the local network on the er605?

2 weeks ago

Thanks for posting in our business forum.

seki1975 wrote

@Clive_A

can you specifically where the "Service type" item is? and ACL ?

do you mean "preferences"-"service type" and add a rule?

Yes. That's where you create a port. IP also got the group in preferences.

ACL = Access Control in firewall.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.

0

0

#4

2 weeks ago

Posts: 7064

Helpful: 3591

Solutions: 1710

Stories: 0

Registered: 2023-06-09

Re:How to allow a specific IP from the internet + port on the local network on the er605?

2 weeks ago

Thanks for posting in our business forum.

seki1975 wrote

@Clive_A

and where do I set the incoming IP address that I want to allow in, e.g. 115.223.115.223 to 192.168.0.1 ?
somehow I can't do this

I've managed to do this so far, I don't know what else.

SRC 0-65535. DST 3389-3389.

ACL: Deny

SRC IP group A

DST Router IP if you port forward the 3389.

But we never recommend you port forward a LAN PC with 3389. This exposes the computer to the Internet. Use a VPN to access your LAN instead and then connect to the local PC if you want to remote.

You should read the User Guide and the ACL guides. Without knowing what you are after, I don't have other options.

ACL Guide Compilation

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.

0

0

#6

2 weeks ago

Posts: 7064

Helpful: 3591

Solutions: 1710

Stories: 0

Registered: 2023-06-09

Re:How to allow a specific IP from the internet + port on the local network on the er605?

2 weeks ago

Thanks for posting in our business forum.

seki1975 wrote

@Clive_A

yes I know the RDP port is exposed on the internet...but this is just testing and I know how to do it...of course there will be something completely different than the RDP port.....-))) this is just testing how to do it

SRC 0-65535. DST 3389-3389. - OK

ACL: Deny ??? - DENY ???

SRC IP group A - Where can I find it?

DST Router IP if you port forward the 3389. - Where can I find it?

My bad. I misread. You need to allow it. But I recommend you use a different port. I don't care what that is but strongly recommend you not to do it. And do not post your public IP to the forum without being censored.

ACL rule is up to you. Allow or deny. As long it fits what you do.

IP Group should be created in the Preferences like I wrote earlier.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.

0

0

#9

2 weeks ago

Posts: 7064

Helpful: 3591

Solutions: 1710

Stories: 0

Registered: 2023-06-09

Re:How to allow a specific IP from the internet + port on the local network on the er605?

2 weeks ago

Thanks for posting in our business forum.

seki1975 wrote

@Clive_A

Don't worry about the port it will run on for a minute, I'll turn it off if I can get it working....I have nothing else to try it on...do you understand?

now what next? IP Group? and what next there?

I don't know where to make specific addresses that allow access from the internet to a specific IP in the LAN? e.g. 111.112.113.114 to 192.168.0.1

And I still don't know....even if it's supposed to be like this or is it wrong?

In the guide, I sent you the link redirects to:

https://www.tp-link.com/en/support/faq/4025/

If you really need someone to guide you one by one, call the support number. There is already a guide for your reference. I don't think I have to iterate it.

After you create the group, you go to the ACL and set up the rules based on what you need. Which part is not understandable or the guide is not clear? That'd be helpful for us to improve the guides.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.

1

1

#11

2 weeks ago - last edited 2 weeks ago

Posts: 7064

Helpful: 3591

Solutions: 1710

Stories: 0

Registered: 2023-06-09

Re:How to allow a specific IP from the internet + port on the local network on the er605?-Solution

2 weeks ago - last edited 2 weeks ago

seki1975 wrote

@Clive_A

In no example do I see a specific solution for WAN to LAN access with a restriction only to a specific IP from the Internet to within the local network to a specific local IP address, moreover, half of the instructions are in OMADA, the other in the normal local settings, why? Not all users use OMADA

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.

Recommended Solution

0

0

#13

2 weeks ago

Posts: 7064

Helpful: 3591

Solutions: 1710

Stories: 0

Registered: 2023-06-09

Re:How to allow a specific IP from the internet + port on the local network on the er605?

2 weeks ago

Thanks for posting in our business forum.

seki1975 wrote

@Clive_A

test2 ? how to set in IP or IP group? can you show?

On the User Guide, page 65. Or refer to the contents to find the step-by-step guide.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.

0

0

#15

LV1

a week ago

Posts: 5

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2024-12-18

Re:How to allow a specific IP from the internet + port on the local network on the er605?

a week ago

The settings according to your instructions do not work, see the settings photo.

for clarification I want the exact address from the Internet-Wan 46X.XXX.XXX.XX5 - 46X.XXX.XXX.XX6 to connect to the internal IP-LAN 192.XXX.XXX.XXX on RDP 3389

I will create an IP_Adress with an external internet address that should connect to the inside, see photo

then IP group see photo

service type RDP with ports

and finally firewall access control as you showed

result? it doesn't work

0

0

#16

a week ago - last edited a week ago

Posts: 7064

Helpful: 3591

Solutions: 1710

Stories: 0

Registered: 2023-06-09

Re:How to allow a specific IP from the internet + port on the local network on the er605?

a week ago - last edited a week ago

You seem to be pretty sure about what you are trying to do when I told you not to open a port like this to the public Internet. But the question is quite absurd.

Did you configure the virtual server(port forwarding)?
If you did not allow port forwarding, what is this ACL supposed to mean? I don't understand what you are trying to do. Your title and the post only specify that you need to allow an IP.

Try to use some books to understand the basis of networking. Or ChatGPT. There is an NAT and you cannot access it with a simple ACL. This is not OpenWRT. Even for the OpenWRT, you need to port forward as well.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.

0

0

#17

a week ago

Posts: 7064

Helpful: 3591

Solutions: 1710

Stories: 0

Registered: 2023-06-09

Re:How to allow a specific IP from the internet + port on the local network on the er605?

a week ago

seki1975 wrote

@Clive_A

If I enable port forwarding, I don't need to do IP_GROUP or set firewall rules because port 3389 will be visible to all IPs on the internet and I don't want that....I guess we don't understand each other.

I need to allow a specific IP from the internet into the local network.

But of course it's a different service and port, just for the sake of example I'll say that I want RDP port 3389 and I know how to do it

er605 device to which one specific IP from the WAN arrives which is allowed to the internal IP and port (or IP groups in the LAN)

No. If you use Openwrt or any sort of system, you need both of them to work. Same for the Omada.

NAT is about port forwarding which is you have to deal with a router. And ER605 is!

ACL is about behavior control. How come you set up ACL and it automatically bypasses the NAT?

I would not support your comment on this. Feel free to ask anyone else about the same thing.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.

0

0

#19