So I'm trying to configure my SSH server so I can access it from work (for personal use), but I don't see any reason I should be forced to open it to the entire internet in doing so. I've tried port forwarding and, unsurprisingly, it works, however it is a completely unnecessary security risk when all I want is to access it from my static IP at work.
I noticed "Advanced Filtering" and realized that it suits my needs perfectly, however it doesn't appear to do anything. Currently I have it configured as "Any" to "Any" on port 22, but it still doesn't work. I've tried several other configurations including opening 22 with port forwarding and then setting all packets to drop for "Any" to "Any" on port 22 in Advanced Filtering, but instead of blocking SSH connections it still allowed them!
The firewall message I get is (censored):
Currently I'm using "Typical Security (Medium)" in the Firewall Settings->General tab. I have a feeling that it completely overrides advanced filtering.
Usually I'd solve this problem by configuring the firewall on the host, but unfortunately the host is a NAS with busybox and no firewall. Perhaps I could null-route most of the Internet, but I don't know how to do that.
So if I set the security to "Minimum Security (Low)" will advanced filtering rules stop getting ignored, and if so, how would I manually restore "Typical Security (Medium)"? Also, I'd like to avoid double NAT, and I'm betting you know why.
In reference to your screen shot, under the "source address" column, there is no source address it is still listed as "any". This is where your static IP should be entered.
Let me know if this works, you can send a PM if you still need assistance.
Notice: Content posted by Verizon employees is meant to be informational and does not supersede or change the Verizon Forums User Guidelines or Terms or Service, or your Customer Agreement Terms and Conditions or Plan.
people with this complex an issue, I would recommend you hit actiontec directly. they can't be called, or at least they referred me back to verizon over the phone, but their chat or email support is free for whoever. so do that at the following link, they gave me exemplary detailed instructions and my question was answered in a heart beat.
so try them
As a stab in the dark, I would try the Advanced Filtering rules for either the Ethernet Broadband connection or Coax Broadband connection, whichever you use for the connection. Otherwise, are you simply trying to port forward?
I did this by putting in a port forwarding rule to my internal PC running my SSH daemon. Then followed it up with an Advance filtering rule allowing my (SRC) static IP from work I wanted to let in with (DST) Any for port 22 action accept. Then after that I followed up with a Any (SRC) Any (DST) to port 22 action deny. The implicit deny for port 22 should be your last rule.