Port Forwarding settings

Comments

12 comments

  • Avatar
    Steve

    I have this same question... I would like to allow a port to forward to a wan device but only from one or two source (incoming) IP addresses, not for the entire world.

    Is this possible on my gold device? If so, how to set this up? If not, can this feature be on the roadmap?

    My previous setup allowed such limiting as an option but I have not found it here yet.

    Thanks for your help!

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    What you can do is not select allow on Firewall, but manually create an allow rule of IP/Port in the rule section for each IP address/section you need to come into that port. 

     

     

    0
    Comment actions Permalink
  • Avatar
    Steve

    Cool. Can you point me to your best documentation on doing this?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    See this https://help.firewalla.com/hc/en-us/articles/1500009502622

    The key is not to use the "allow on firewall" when doing port forwarding.  Then use the rules to manually create the rules you want to allow inside.

    0
    Comment actions Permalink
  • Avatar
    Chris Thomas

    Can we clean that up?  Only in rare instances would users want to forward all ports to a NAT'd device.  This just seems like a very poor 'default' option to provide users.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    What we encounter most are people open ports to provide services, and it is fairly hard for know the access controls to the port. (IP address allowed).  The biggest use likely for gaming, and a few of you run web and mail servers. 

    0
    Comment actions Permalink
  • Avatar
    Nf200x

    Hello.
    I want to port forward only certain IP addresses.
    https://help.firewalla.com/hc/en-us/articles/1500009502622
    I set it up like this page so that only specific IP addresses can access the local port. Of course, "Allow on Firewall" is turned off.
    However, it does not seem to be able to block access from an unspecified number of IP addresses.
    If you add a rule that blocks all traffic from the internet, it looks like it's working.
    Is this usage suitable?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    The rule "block" all traffic from the internet should be "on" by default.  This rule is your ingress firewall, it will block any connections from outside, but do allow anything from inside to go outside.  Unless you know what you are doing, this rule should not be turned off. 

    So to secure incoming port forward, make sure you do not remove or pause the block all traffic from internet rule, and follow the doc https://help.firewalla.com/hc/en-us/articles/1500009502622

    0
    Comment actions Permalink
  • Avatar
    Nf200x

    Is the "Block all traffic from internet" rule separate from the "Allow on Firewall" switch?
    Also, where is the rule? I can't find it, so I may have deleted it.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Tap on rules->tap on All devices

    Under block, you will see "Traffic from internet"

    0
    Comment actions Permalink
  • Avatar
    Nf200x

    It seems to have been deleted.
    Thanks.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @Nf200x, best to add back that rule, it will help you to block all the scans, and probs from other people on the internet. 

    0
    Comment actions Permalink

Please sign in to leave a comment.