Enable port forwarding on NF18ACV from a single remote IP only

I am with ABB and would like to enable portforwarding for a single remote IP on my NF18ACV.
If I use the 'virtual server' feature, it opens up that port for the whole world.
If I configure it only under 'Security > IP filtering > Incoming' it simply does not accept connections from outside.
Is there anyone else who tried similar?
Thanks in advance!

Comments

  • Don't own an NF18ACV but check the Port Forwarding Guide. Checked it on an emulator and it does appear to work. (Obviously I cannot actually port forward as it's an emulator)

    • Thank you.
      If I use the 'virtual server' feature, it works, but it opens up that port for the whole world and I cannot find a way to restrict access to one remote ip.

      • Not sure if it's possible to open it for a specific IP, you could use TeamViewer VPN or Hamachi to connect to your LAN outside of your network. That way no ports are open and only people you trust have access to it.

        • +1

          Thank you.

  • I've just got a LAN port enabled & opened for HTTP in Security>"Access Control" then in Security>"IP Filtering", I've allowed incoming for a specific external IP for that port. Also if you're using FTTB like me, pretty sure ABB are using carrier-grade NAT which shares a single public IP amongst multiple services, you'd have to speak to them about getting your own dynamic IP.

    • /I am not on CGNAT./
      Were you able to connect to the LAN IP:port from your remote IP and portscan still showed the port closed?
      (ie https://www.ipfingerprints.com/portscan.php )

      Edit: Could you please link here (or send me) a screenshot of the page 'Incoming IP Filtering Setup' ? You can mask your remote or local IP.

      Thanks!

      • Im also trying to do this without much luck.
        Simply port forwarding works, but security risks.
        Would like to limit to a single source IP.

  • You could firewall on the endpoint, e.g. if you're port forwarding to a windows pc, use the windows firewall.

    Tread carefully though, opening something like remote desktop from the internet is dangerous. You'd be better off VPNing into the LAN and then performing whatever service (e.g. CCTV access, remote desktop, etc.)

    • Thank you, I am aware of the risks, that is why I would want to restrict access on the router from a single remote IP only.
      I can't trust any endpoint protection when a random packet is already inside the perimeter.

Login or Join to leave a comment