External access to an internal service by a known IP address

DMN · ‎10-12-2014

Hi all - need to configure access to an internal service (i.e. ssh) but only allow only 1 x external IP address so what is the best and effective way to achieve this? - thanks in advance :)

ede_pfau · ‎10-13-2014

hi, create a VIP to map your public IP address to the internal address. If your public WAN is dynamic, use ' 0.0.0.0' as a wildcard. Otherwise, use your static address. If you need your WAN address for other services also then enable port forwarding and only forward the (e.g.) ssh port 22 (or whatever). Then create a policy src IF: wan src address: the_one_external_address_allowed dst IF: internal dst address: your_VIP service: either ANY/ALL or specific e.g. ssh NAT: disable That should be all.

Ede

"Kernel panic: Aiee, killing interrupt handler!"

DMN · ‎10-13-2014

thanks for the response and will give it a go :)

DMN · ‎10-13-2014

Hi ede_pfau - I am currently forwarding port 80 ext-int so of course when I add a new VIP it states a duplicate entry exists (which is correct) so how do I get around this as I cannot enable port forwarding and have both 80 and 22 open? :)

ede_pfau · ‎10-14-2014

Of course you can create 2 VIPs from ' 0.0.0.0' on wan1 to the same internal address, using different ports for multiple services. I' ll attach screenshots from my FGT.

Ede

"Kernel panic: Aiee, killing interrupt handler!"

ede_pfau · ‎10-14-2014

and the details...

Ede

"Kernel panic: Aiee, killing interrupt handler!"

DMN · ‎10-14-2014

great and thanks for the info...makes perfect sense when I think about it :)