Correct NAT and Firewall settings on ER605

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Correct NAT and Firewall settings on ER605

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Correct NAT and Firewall settings on ER605
Correct NAT and Firewall settings on ER605
2023-09-10 18:10:17
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.1.2 Build 20230210 Rel.62992

I've checked the posts in this Community, but somehow the question hasn't been fully answered. I'd like to refresh the thread.

 

Question is: How to correctly configure NAT and Firewall settings on the router to allow port forwarding from WAN to LAN to one particular host:port, and block any other traffic WAN->LAN other than RELATED?

 

In particular:

1) Is setting Virtual Server for this one particular host:port enough as it has been mentioned many times that "this router is a NAT device, by default it can not actively access the LAN from the WAN side as long as you have not set advanced settings such as port forwarding."?

2) Do I need additionally explicitely allow traffic from WAN to LAN (host:port) in the ACL Firewall rules? How to set it correctly?

3) Do I need additionally the rule to reject all other traffic as the last ACL Firewall rule?

 


Thanks!

  0      
  0      
#1
Options
1 Reply
Re:Correct NAT and Firewall settings on ER605
2023-09-11 01:39:30

Hi @consmast 

Thanks for posting in our business forum.

consmast wrote

I've checked the posts in this Community, but somehow the question hasn't been fully answered. I'd like to refresh the thread.

 

Question is: How to correctly configure NAT and Firewall settings on the router to allow port forwarding from WAN to LAN to one particular host:port, and block any other traffic WAN->LAN other than RELATED?

 

In particular:

1) Is setting Virtual Server for this one particular host:port enough as it has been mentioned many times that "this router is a NAT device, by default it can not actively access the LAN from the WAN side as long as you have not set advanced settings such as port forwarding."?

2) Do I need additionally explicitely allow traffic from WAN to LAN (host:port) in the ACL Firewall rules? How to set it correctly?

3) Do I need additionally the rule to reject all other traffic as the last ACL Firewall rule?

 


Thanks!


A: NAT > Virtual server > to achieve port forwarding from WAN to LAN to a particular host:port. How to set up Port Forwarding feature on TP-Link SMB Router (new UI)

Firewall > ACL > How to limit specific IP to access to internal server by TP-LINK SMB router? In controller mode, WAN IN ACL.

 

1. Yes.

2. Yes and no. There is a place for you to define what IP can access the port forwarding rule you created. Or you can use something like the FAQ above. They have different application scenarios.


3. Depends. If you have specified the source IP with a Limited IP Address, then you don't have to apply an ACL. But you can always use ACL as an auxiliary way to make your scheme more complete.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options