creating port pinhole on asus router

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

BBE

New Around Here
So my software company wants me to create a "pinhole" connection for them. They want a specific port opened on my network that's only accessible by THEIR ip address, no other connections allowed. I guess I'm not familiar with how to open a port network wide, as I thought each opened port on the network needs to be pointed to a specific workstation (ip address)?

Any ideas? I have an asus ac88u
 

ColinTaylor

Part of the Furniture
as I thought each opened port on the network needs to be pointed to a specific workstation (ip address)?
You are correct. If they want to connect from their network to your network then you have to be running some sort of service for them to connect to, either on your LAN or on your router.

So the first question is what are they trying to connect to? A VPN server, an SSH server, a web server, a PC, etc., etc.?
 

BBE

New Around Here
A web server. I can point the port they want opened to the ip address of the web server. My assumption is that this is what they mean. But I can't seem to make it restricted to a single ip address. Even with using the "source ip" option in asus port forwarding, it still blocks the port even from the ip address that I've designated as the only one to allow connections from. kind of odd...
 

ColinTaylor

Part of the Furniture
Yes, port forwarding would be how you would do it. It should be straight forward. What is your web server running on, a PC? Have you checked from another PC on your LAN that the web server is running and accessible locally? Have you changed the firewall on the web server to allow incoming connections from the work IP address?
 

BBE

New Around Here
Yes, I can open the port on the web server and access it just fine outside of the network, but I can't figure out how to restrict outside access to only a single ip address.
 

ColinTaylor

Part of the Furniture
If it's working fine at the moment the only thing you need to do to restrict it to an individual IP address is to add that address to the "Source IP" field. If that stops your work from accessing your web server then I'd suspect that they've given you the wrong IP address.

Check the logs on your web server to see what IP address they were using the last time they connected successfully.
 

RMerlin

Asuswrt-Merlin dev
Set the Source IP as the IP address you want to allow through the forward. This must be the public IP address of the Internet connection at work, not the local IP address of their workstation.

Not sure if Asus implemented CIDR support (if you want to allow a whole subnet), I remember suggesting it to them a while ago. It`s possible with my firmware. (EDIT: it seems they did, their demoui accepted a CIDR).

Note that you can add multiple forward with multiple Source IP if needed (for instance if you need to allow access from more than one location).


1596829273247.png
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top