Asus RT-N66U port forwarding from specific WAN IPs

[windowsnt]

I am using the Asus RT-N66U on a fixed IP (WAN side) to port forward inbound traffic on Ports 80 and 3306 to an XP box on our LAN running Apache and MySQL - that provides interactive membership information to our external web site.

Everything runs fine but recently our Credit Card Merchandising Provider has upgraded their machine from old fashioned dial-up to a LAN based device - and their "mandatory" scans of our network have thrown up a whole bunch of security issues with Apache and MySQL.

We can get the developers to upgrade our systems to close all these security holes (which will cost a lot of money and might be a never ending affair) or we can try and do something clever with the Asus to by-pass the issue altogether - hence my post.

What I would like to do is have Port 80 and Port 3306 inbound traffic forwarded to our XP Box (IP=192.168.1.2) as before - BUT only accept this traffiic if it is coming from the (public) IP address of our external web site. The Credit Card merchandiser will accept a solution like this if I can implement it.

I have read through the documentation and I cannot see a way that the Asus can do this - but others might know better than me - and I would welcome any ideas & suggestions.

Thanks in advance.



Steven

(Posted to the wireless forum in error!)

 

[coxhaus]

Rather than pay for software changes it might be cheaper to buy a new router which supports a feature called access list. An ACL or access list allows you to restrict inbound and outbound traffic by IP. With an ACL you would be able to limit inbound traffic to only specific IP addresses such as your web server.