Port Forwarding settings

Follow

Nf200x

• October 22, 2020 05:55

What does the "Allow on Firewall" section in Port Forwarding settings mean?

Is it possible to set up Port Forwarding with a limited number of IP addresses?

0

• 

  Steve

  • May 05, 2021 15:04

  I have this same question... I would like to allow a port to forward to a wan device but only from one or two source (incoming) IP addresses, not for the entire world.

  Is this possible on my gold device? If so, how to set this up? If not, can this feature be on the roadmap?

  My previous setup allowed such limiting as an option but I have not found it here yet.

  Thanks for your help!

  0

  Comment actions Permalink
• 

  Firewalla

  • May 05, 2021 16:48

  What you can do is not select allow on Firewall, but manually create an allow rule of IP/Port in the rule section for each IP address/section you need to come into that port. 

   

   

  0

  Comment actions Permalink
• 

  Steve

  • May 05, 2021 16:53

  Cool. Can you point me to your best documentation on doing this?

  0

  Comment actions Permalink
• 

  Firewalla

  • May 06, 2021 05:39
  • Edited

  See this https://help.firewalla.com/hc/en-us/articles/1500009502622

  The key is not to use the "allow on firewall" when doing port forwarding.  Then use the rules to manually create the rules you want to allow inside.

  0

  Comment actions Permalink
• 

  Chris Thomas

  • May 11, 2021 21:01

  Can we clean that up?  Only in rare instances would users want to forward all ports to a NAT'd device.  This just seems like a very poor 'default' option to provide users.

  0

  Comment actions Permalink
• 

  Firewalla

  • May 11, 2021 22:41

  What we encounter most are people open ports to provide services, and it is fairly hard for know the access controls to the port. (IP address allowed).  The biggest use likely for gaming, and a few of you run web and mail servers. 

  0

  Comment actions Permalink
• 

  Nf200x

  • May 24, 2021 13:02

  Hello.
  I want to port forward only certain IP addresses.
  https://help.firewalla.com/hc/en-us/articles/1500009502622
  I set it up like this page so that only specific IP addresses can access the local port. Of course, "Allow on Firewall" is turned off.
  However, it does not seem to be able to block access from an unspecified number of IP addresses.
  If you add a rule that blocks all traffic from the internet, it looks like it's working.
  Is this usage suitable?

  0

  Comment actions Permalink
• 

  Firewalla

  • May 24, 2021 16:32

  The rule "block" all traffic from the internet should be "on" by default.  This rule is your ingress firewall, it will block any connections from outside, but do allow anything from inside to go outside.  Unless you know what you are doing, this rule should not be turned off. 

  So to secure incoming port forward, make sure you do not remove or pause the block all traffic from internet rule, and follow the doc https://help.firewalla.com/hc/en-us/articles/1500009502622

  0

  Comment actions Permalink
• 

  Nf200x

  • May 26, 2021 09:05

  Is the "Block all traffic from internet" rule separate from the "Allow on Firewall" switch?
  Also, where is the rule? I can't find it, so I may have deleted it.

  0

  Comment actions Permalink
• 

  Firewalla

  • May 26, 2021 16:50

  Tap on rules->tap on All devices

  Under block, you will see "Traffic from internet"

  0

  Comment actions Permalink
• 

  Nf200x

  • May 27, 2021 08:20

  It seems to have been deleted.
  Thanks.

  0

  Comment actions Permalink
• 

  Firewalla

  • May 27, 2021 16:29

  @Nf200x, best to add back that rule, it will help you to block all the scans, and probs from other people on the internet. 

  0

  Comment actions Permalink

Please sign in to leave a comment.