Access Control List - Can't select direction LAN->WAN/LAN1

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

Access Control List - Can't select direction LAN->WAN/LAN1

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Access Control List - Can't select direction LAN->WAN/LAN1
Access Control List - Can't select direction LAN->WAN/LAN1
2023-07-24 02:41:10 - last edited 2023-07-31 01:55:14
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.1.2 Build 20230210 Rel.62992

Hello!

 

I have the router with a backup link in the second WAN (namely WAN/LAN1), in the access control list I want to block all traffic to the second WAN except for one PC.

In the direction it allows only to select LAN->WAN, but not LAN->WAN/LAN1 (the second WAN port).

 

ACL

 

How can I achieve this?

 

Thank you!

  0      
  0      
#1
Options
16 Reply
Re:Access Control List - Can't select direction LAN->WAN/LAN1
2023-07-25 01:21:26 - last edited 2023-07-25 02:34:14

Hi @Andres123 

Thanks for posting in our business forum.

Direction means the out-flow traffic from LAN to WAN. It does not mean a specific port. After you pick up this, then you select the WAN port in the settings below.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options
Re:Access Control List - Can't select direction LAN->WAN/LAN1
2023-07-25 02:33:37

  @Clive_A Thanks for the reply!

 

Unfortunately it does not allow me to select the port.

  0  
  0  
#3
Options
Re:Access Control List - Can't select direction LAN->WAN/LAN1
2023-07-25 03:16:18 - last edited 2023-07-25 03:16:33

Hi @Andres123 

What's your goal? The sole goal is to force all traffic on other computers to flow through WAN1. Just a single one uses WAN2. Do you need load balance functioning and do you need a link backup for all other computers?

 

I can point another way, just use the Policy Routing. Route all traffic from other computers to WAN1. And a single IP for this PC to WAN2.

No load balance is available for all of them. That'll be Priority or Only mode.

Priority for the only PC which allows the PC to enjoy the backup link on WAN1.

Only mode for all other computers. Never switch to the WAN2.

Does this fit your expectation?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#4
Options
Re:Access Control List - Can't select direction LAN->WAN/LAN1
2023-07-25 03:37:25 - last edited 2023-07-25 03:39:59

  @Clive_A Thanks for taking your time to reply!

 

I need to use only the WAN2 when the WAN1 fails, and through WAN2 will only pass packets from device x.x.x.x and outgoing ports x and y.

 

With a proper Access Control List it would be very simple, but it seems that it can't be done with this TP-Link router.

 

Using Routing Policy I can force all devices except x.x.x.x to go through WAN1, although it's a pain to maintain a list of devices and adding them manually to the routing table, but this solves the first part of the problem.

 

Part 2 of the problem, how do I block all ports except for 2 (x and y) that go through WAN2?

 

WAN2 connection is VERY expensive and its for critical communications.

 

Thanks a lot for your help!

  0  
  0  
#5
Options
Re:Access Control List - Can't select direction LAN->WAN/LAN1
2023-07-25 03:53:50

Hi @Andres123 

What you can route is layer 3. Routing happens to layer 3 alone. So, we cannot route the ports.

This is more like to be ACL. But can you take a look at the Policy Routing? It should be the one you asked for.

If you just wanna force ports x and y to flow through WAN2, then your mode has to be Only. This PC will only allow ports x and y to flow through WAN2. Other devices don't take up WAN2.

If you just need it to enjoy the backup link and still force x and y to be accessible, on WAN2, if this is port forwarding, you don't create a port forward rule on WAN1. Then it's not open. Problem solved.

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#6
Options
Re:Access Control List - Can't select direction LAN->WAN/LAN1
2023-07-25 20:05:31

  @Clive_A Thanks!

 

I don't have it very clear, when the WAN1 is down all ports have to be blocked except for X and Y that should go through WAN2. When WAN1 is up no port is blocked and all packets flow through WAN1 (including ports X and Y).

 

Is this possible?

 

Thanks

  0  
  0  
#7
Options
Re:Access Control List - Can't select direction LAN->WAN/LAN1
2023-07-26 02:08:19

Hi @Andres123

 

It's been several back and forth replies. This is making it too complicated.

I think I need to conclude what you request here:

 

1. You require failover on WAN1 and WAN2. WAN2 is up when WAN1 is down.

2. On WAN2, just a device x.x.x.x will have access to the public IPs, and ports x and y (The ports are destination ports, right? Not gonna be port forwarding)

 

And several parts I gotta explain clearly:

You don't need to maintain a list of devices because you can set an IP group to include and exclude IP addresses.

You don't have to add them to the routing table. Unless you are doing something else.

 

Order:

 

Rule 1

WAN=WAN1

No failover.

 

Rule 2

WAN=WAN1

X & Y IP-Port Group is specified as the port X and Y only. The subnet can be optional or 1.0.0.0/1

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#8
Options
Re:Access Control List - Can't select direction LAN->WAN/LAN1
2023-07-27 01:25:10

  @Clive_A Hi, thanks a lot!

 

I was going to do that very happy until I realized I can't specify ports :(

 

 

Is there something else to do?

 

Thanks

  0  
  0  
#9
Options
Re:Access Control List - Can't select direction LAN->WAN/LAN1
2023-07-27 09:12:03

Hi @Andres123 

Thanks for posting in our business forum.

Are you able to use the software controller which enables you to do like what I do? As you can see that I can implement that in Controller mode.

Before you integrate this into the controller, make sure you back it up. Controller adoption will reset the deviec first.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#10
Options
Re:Access Control List - Can't select direction LAN->WAN/LAN1
2023-07-27 15:04:07

  @Clive_A

Thanks for the warning, as far as I know the controller needs to run 24/7 so I will need to setup a new server to run the controller there, right?

 

If that is the case I will have to do it, and it will take some time (I'm waiting for new racks to arrive), meanwhile there is not something else I could do?

 

Thanks a lot for your help!

  0  
  0  
#11
Options