Menu
What's new
By:
Filters Better Search

restrict port forwarding to a domain

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

E

eurochez

New Around Here
I am trying to implement rsync backups between 2 NASes I own over the WAN however I am worried about compromising my security by doing so without a VPN or SSH in place (which I do not have currently).

One solution I was thinking of (which admittedly does not protect data in transit but should protect against intrusion at router level) would be to rsync over an obscure port and to only allow incoming connections to that obscure port if those connections originated from a certain domain.

I have been investigating to see if any consumer-grade (i.e. US$250 or less) routers provide this limitation (i.e. only allowing incoming packets on a defined port if those packets originate from a pre-set domain)...

Anyone have any ideas if this is possible? Any products out there that do this?

thanks in advance!
 
Last edited:
Some routers allow you to do this for admin remote access. But not for general port forwarding.

Can you run encrypted rsync?
 
My WRT54GL, flashed with third-party Tomato firmware, allows one to specify a source address range for each port-forward rule. It also support SSH tunneling.

Since I'm running an additional mod to Tomato, the firmware supports OpenVPN as well.

To connect securely from a remote location to my home network, I alternate between SSH tunneling and OpenVPN.
 
thiggins said:
Can you run encrypted rsync?
Click to expand...
Yes I can if I tinker with the firmware of the NASes (ReadyNAS Duo) however my skills (and available time) for this task are lacking!

bigclaw said:
My WRT54GL, flashed with third-party Tomato firmware, allows one to specify a source address range for each port-forward rule. It also support SSH tunneling.
Click to expand...
The routers at each end of the connection are a Netgear WNR854T and an Apple Airport Extreme, neither of which are supported by open-source firmware alternatives (I believe)...

Maybe time to invest in a ReadyNAS NVX or a more hardcore router such as the Netgear SRXN3205...

cheers for the responses
 
The Linksys/Cisco RV0 series allows you to put ACLs on. I often employ that for my clients Exchange servers for example...as I always have them setup on an SMTP Smart Host, so on the router I'll have port 25 fowarded to the Exchange server...and only allowing incoming traffic from a range of IPs from the smart host..instead of wide open to the world. Yes you can do this in Exchange too, but my rule of thumb...if you can do a firewall feature in hardware first...tis best.
 
eurochez said:
I am trying to implement rsync backups between 2 NASes I own over the WAN however I am worried about compromising my security by doing so without a VPN or SSH in place (which I do not have currently).
thanks in advance!
Click to expand...

Umm you could use putty which is a free ssh/telnet client.
 
Many of the free Linux firewall distros come with site to site VPN. I had used smoothwall's VPN to connect to my friends smothwall across the world (US to Greece). Once configured it just comes up as another subnet. I was able to browse his shares and copy files. we were only limited by his slow internet connection.

k
 
You must log in or register to reply here.

Similar threads

TanyaC
cannot add domain to router URL filter
Replies
15
Views
516
TanyaC
TanyaC
C
IPv4 Firewall/Port-Forwarding - Appear to be the same thing on Asuswrt
Replies
4
Views
759
chrisisbd
C
Q
VPN Fusion and firewall/port forwarding
Replies
0
Views
186
qpeg
Q
C
Port Forwarding and Firewall - not working as I expect
Replies
4
Views
461
chrisisbd
C
GShlomi
Sharing my DualWan with port forwarding and DDNS experience
Replies
0
Views
146
GShlomi
GShlomi

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 957 (members: 18, guests: 939)
Top