Hi @consmast 

Thanks for posting in our business forum.

consmast wrote

I've checked the posts in this Community, but somehow the question hasn't been fully answered. I'd like to refresh the thread.

 

Question is: How to correctly configure NAT and Firewall settings on the router to allow port forwarding from WAN to LAN to one particular host:port, and block any other traffic WAN->LAN other than RELATED?

 

In particular:

1) Is setting Virtual Server for this one particular host:port enough as it has been mentioned many times that "this router is a NAT device, by default it can not actively access the LAN from the WAN side as long as you have not set advanced settings such as port forwarding."?

2) Do I need additionally explicitely allow traffic from WAN to LAN (host:port) in the ACL Firewall rules? How to set it correctly?

3) Do I need additionally the rule to reject all other traffic as the last ACL Firewall rule?

 

Thanks!

A: NAT > Virtual server > to achieve port forwarding from WAN to LAN to a particular host:port. How to set up Port Forwarding feature on TP-Link SMB Router (new UI)

Firewall > ACL > How to limit specific IP to access to internal server by TP-LINK SMB router? In controller mode, WAN IN ACL.

1. Yes.

2. Yes and no. There is a place for you to define what IP can access the port forwarding rule you created. Or you can use something like the FAQ above. They have different application scenarios.

3. Depends. If you have specified the source IP with a Limited IP Address, then you don't have to apply an ACL. But you can always use ACL as an auxiliary way to make your scheme more complete.