If I understand this correctly, all incoming connections should be blocked.
I want to communicate to a device with IP 192.168.1.199 connected to the router via ethernet.
I want to reach the SSH port of this device from one specific public IP.
I have therefore created a traffic rule as:
Hi,
thanks for your reply.
Now I see, but I feel saying this is a little confusing.
Normally port forwarding stands after traffic rules: traffic rules filter out unwanted connections to the modem, and those that are not filtered may pass through a port forwarding chain/rule.
Why we can specify external IPs also in the port forwarding rules? It should be only specified in traffic rules…? Or am I missing something?
In fact it seems that the traffic rule I have shown in the second picture of my first post is not effective at all…
the rule in your second picture says:
if a packet comes from your own WAN IP on (tcp or udp) port 43
and tries to access 192.168.1.199 port 22
then ACCEPT it. So, source IP is your public IP and destination IP
is an internal address.
That’s not going to work because from your WAN IP you can’t access
the internal IP addresses without NAT. So this rule is useless.
I also suggest you disable the UDP protocol in your forwarding rule
if you don’t need it - and for SSH you don’t.
