Menu
What's new
By:
Filters Better Search

Question about locking a port forward rule to a source IP

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

R

road hazard

Regular Contributor
How safe and secure is it to lock a port forward rule to a source IP?

I recently moved my backup server to my brother's house and on his Asus router, I opened SSH but locked the source IP to my (static) IP address. Is this fairly safe or should I add a little more security by changing the SSH port so we're not using the default one and install fail2ban? (Using Debian 12.)

Or, is locking the rule so only SSH traffic from my IP address is allowed in good enough without fear of somebody spoofing my IP?
 
road hazard said:
How safe and secure is it to lock a port forward rule to a source IP?

I recently moved my backup server to my brother's house and on his Asus router, I opened SSH but locked the source IP to my (static) IP address. Is this fairly safe or should I add a little more security by changing the SSH port so we're not using the default one and install fail2ban? (Using Debian 12.)

Or, is locking the rule so only SSH traffic from my IP address is allowed in good enough without fear of somebody spoofing my IP?
Click to expand...
Since you didn't mention the SSH keys specifically, I would recommend making sure to disallow "Password Login" and use *only* strong SSH keys for authentication (2048-bit RSA or Ed25119 keys). It's good to have a more robust extra layer of security, especially when SSH is open over the WAN, even if the source IP address is locked. The more barriers set up, the better, IMO.
 
Martinski said:
Since you didn't mention the SSH keys specifically, I would recommend making sure to disallow "Password Login" and use *only* strong SSH keys for authentication (2048-bit RSA or Ed25119 keys). It's good to have a more robust extra layer of security, especially when SSH is open over the WAN, even if the source IP address is locked. The more barriers set up, the better, IMO.
Click to expand...

I copied my keys over and followed your advice and disabled password login and changed the key to 2048 RSA. Thanks for the info!
 
You must log in or register to reply here.

Similar threads

E
Multi source selective port forward?
Replies
1
Views
264
RMerlin
RMerlin
E
Solved ASUS GT-AXE16000 Port Forward for VOIP; DMZ or Not?
Replies
16
Views
945
EtheAv8r
E
WonderWoman
RT-AX3000 Error Message: "Not a Valid IP Address" for local IP - Configuring Firewall Rule
Replies
7
Views
998
drinkingbird
drinkingbird
C
IPv4 Firewall/Port-Forwarding - Appear to be the same thing on Asuswrt
Replies
4
Views
839
chrisisbd
C
GShlomi
Sharing my DualWan with port forwarding and DDNS experience
Replies
0
Views
189
GShlomi
GShlomi
Similar threads
Thread starter Title Forum Replies Date
S Can anyone help with a couple of problems with an XT8 Mesh system? Issues with connectivity and client list and question about SSH command line. ASUS AX Routers & Adapters (Wi-Fi 6/6e) 9
Gary_Dexter VLAN Question ASUS AX Routers & Adapters (Wi-Fi 6/6e) 4
R GT-AXE16000 UNII-4 Question ( wireless backhual XT8s) ASUS AX Routers & Adapters (Wi-Fi 6/6e) 8
M Yet another question about VLAN w/ RT-AX88U Pro in AP mode. ASUS AX Routers & Adapters (Wi-Fi 6/6e) 3
H Question about (normal) guest network with ASUS ROG Rapture GT-AX6000 ASUS AX Routers & Adapters (Wi-Fi 6/6e) 9
I Question about multiple 5Ghz networks . Asus GT-AXE16000 ASUS AX Routers & Adapters (Wi-Fi 6/6e) 2
SandmanXX Question on AImesh nodes and ssids.. ASUS AX Routers & Adapters (Wi-Fi 6/6e) 1
U XD5 Firewall URL filtering question / options ASUS AX Routers & Adapters (Wi-Fi 6/6e) 0
P Strange question about Wifi channels ASUS AX Routers & Adapters (Wi-Fi 6/6e) 16
F RT-AX86U Pro Parental Control Question ASUS AX Routers & Adapters (Wi-Fi 6/6e) 9

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 753 (members: 19, guests: 734)
Top