×

Switch Account

Advanced filtering doesn't appear to filter

Reply
Highlighted
Contributor
Contributor
Posts: 1
Registered: ‎12-04-2011

Advanced filtering doesn't appear to filter

Message 1 of 6
(1,767 Views)

My setup:

Firmware Version:20.19.8
Model Name:MI424WR-GEN2
Hardware Version:E

 

So I'm trying to configure my SSH server so I can access it from work (for personal use), but I don't see any reason I should be forced to open it to the entire internet in doing so.  I've tried port forwarding and, unsurprisingly, it works, however it is a completely unnecessary security risk when all I want is to access it from my static IP at work.

 

I noticed "Advanced Filtering" and realized that it suits my needs perfectly, however it doesn't appear to do anything.  Currently I have it configured as "Any" to "Any" on port 22, but it still doesn't work.  I've tried several other configurations including opening 22 with port forwarding and then setting all packets to drop for "Any" to "Any" on port 22 in Advanced Filtering, but instead of blocking SSH connections it still allowed them!

 

 filtering.jpg

 

The firewall message I get is (censored):

blocked.jpg

 

Currently I'm using "Typical Security (Medium)" in the Firewall Settings->General tab.  I have a feeling that it completely overrides advanced filtering.

 

Usually I'd solve this problem by configuring the firewall on the host, but unfortunately the host is a NAS with busybox and no firewall.  Perhaps I could null-route most of the Internet, but I don't know how to do that. 

 

So if I set the security to "Minimum Security (Low)" will advanced filtering rules stop getting ignored, and if so, how would I manually restore "Typical Security (Medium)"?  Also, I'd like to avoid double NAT, and I'm betting you know why.

5 REPLIES 5
Highlighted
Employee Emeritus Employee Emeritus
Employee Emeritus
Posts: 447
Registered: ‎01-02-2011

Re: Advanced filtering doesn't appear to filter

Message 2 of 6
(1,735 Views)

Good Afternoon,

 

In reference to your screen shot, under the "source address" column, there is no source address it is still listed as "any". This is where your static IP should be entered.

 

Let me know if this works, you can send a PM if you still need assistance.

 

Shamika_Vz
Verizon Support

 

Notice: Content posted by Verizon employees is meant to be informational and does not supersede or change the Verizon Forums User Guidelines or Terms or Service, or your Customer Agreement Terms and Conditions or Plan.

 

Highlighted
Nickel Contributor
Nickel Contributor
Posts: 28
Registered: ‎01-12-2010

Re: Advanced filtering doesn't appear to filter

Message 3 of 6
(1,667 Views)

did you every get this to work? if so, can you post your advanced filtering rule

Highlighted
Platinum Contributor III
Platinum Contributor III
Posts: 5,881
Registered: ‎07-22-2009

Re: Advanced filtering doesn't appear to filter

Message 4 of 6
(1,650 Views)

people with this complex an issue, I would recommend you hit actiontec directly.    they can't be called, or at least they referred me back to verizon over the phone, but their chat or email support is free for whoever.   so do that at the following link, they gave me exemplary detailed instructions and my question was answered in a heart beat.

 

 

so try them

 

 

http://support.actiontec.com/email_support/support_form.php#tsrf

Highlighted
Platinum Contributor III Platinum Contributor III
Platinum Contributor III
Posts: 7,480
Registered: ‎12-15-2010

Re: Advanced filtering doesn't appear to filter

Message 5 of 6
(1,642 Views)

As a stab in the dark, I would try the Advanced Filtering rules for either the Ethernet Broadband connection or Coax Broadband connection, whichever you use for the connection. Otherwise, are you simply trying to port forward?

Highlighted
Copper Contributor
Copper Contributor
Posts: 11
Registered: ‎11-07-2013

Re: Advanced filtering doesn't appear to filter

Message 6 of 6
(1,042 Views)

I did this by putting in a port forwarding rule to my internal PC running my SSH daemon. Then followed it up with an Advance filtering rule allowing my (SRC) static IP from work I wanted to let in with (DST) Any for port 22 action accept. Then after that I followed up with a Any (SRC) Any (DST) to port 22 action deny. The implicit deny for port 22 should be your last rule.

How-To Videos
 
The following videos were produced by users like you!
   
Videos are subject to the Verizon Fios Community Terms of Service and User Guidelines and contains content that is not created by Verizon.
Covid19


Browse Categories
Categories:
Posts

Verizon Troubleshooters
Unable to find your answer here? Try searching Verizon Troubleshooters for more options.