What's new

creating port pinhole on asus router

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

BBE

Occasional Visitor
So my software company wants me to create a "pinhole" connection for them. They want a specific port opened on my network that's only accessible by THEIR ip address, no other connections allowed. I guess I'm not familiar with how to open a port network wide, as I thought each opened port on the network needs to be pointed to a specific workstation (ip address)?

Any ideas? I have an asus ac88u
 
as I thought each opened port on the network needs to be pointed to a specific workstation (ip address)?
You are correct. If they want to connect from their network to your network then you have to be running some sort of service for them to connect to, either on your LAN or on your router.

So the first question is what are they trying to connect to? A VPN server, an SSH server, a web server, a PC, etc., etc.?
 
A web server. I can point the port they want opened to the ip address of the web server. My assumption is that this is what they mean. But I can't seem to make it restricted to a single ip address. Even with using the "source ip" option in asus port forwarding, it still blocks the port even from the ip address that I've designated as the only one to allow connections from. kind of odd...
 
Yes, port forwarding would be how you would do it. It should be straight forward. What is your web server running on, a PC? Have you checked from another PC on your LAN that the web server is running and accessible locally? Have you changed the firewall on the web server to allow incoming connections from the work IP address?
 
Yes, I can open the port on the web server and access it just fine outside of the network, but I can't figure out how to restrict outside access to only a single ip address.
 
If it's working fine at the moment the only thing you need to do to restrict it to an individual IP address is to add that address to the "Source IP" field. If that stops your work from accessing your web server then I'd suspect that they've given you the wrong IP address.

Check the logs on your web server to see what IP address they were using the last time they connected successfully.
 
Set the Source IP as the IP address you want to allow through the forward. This must be the public IP address of the Internet connection at work, not the local IP address of their workstation.

Not sure if Asus implemented CIDR support (if you want to allow a whole subnet), I remember suggesting it to them a while ago. It`s possible with my firmware. (EDIT: it seems they did, their demoui accepted a CIDR).

Note that you can add multiple forward with multiple Source IP if needed (for instance if you need to allow access from more than one location).


1596829273247.png
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top