- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm trying to open SSH port 22 on the router to forward to a specific host on my internal network.
And, I'd like to restrict external access to a specific IP address.
So far, I've created a port forwarding rule for the internal host on port 22. But can't figure out how to limit incoming access to a single IP address.
Also, the port forwarding isn't working -- can't connect via ssh from external host.
Can connect if I set the local host as DMZ.
Can you walk me thru the steps to accomplish this?
Thanks in advance.
Solved! Go to Correct Answer
Correct answers
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Port forwarding is always forwarding the port to a specific internal host unless you are forwarding to a network object containing multiple hosts.
To better assist you, can you provide the screenshot of your port forwarding rule? Thanks.
Since G3100 itself uses port 22 for its own SSH, I don't think you can disable it through the GUI. TR-069 at Verizon's backend may achieve this, but that's available only to engineering team I think (engineering team is not accessible to customers).
The easiest solution would be forward from a different external port and, when accessing the SSH remotely, specify a different port to connect.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Port forwarding is always forwarding the port to a specific internal host unless you are forwarding to a network object containing multiple hosts.
To better assist you, can you provide the screenshot of your port forwarding rule? Thanks.
Since G3100 itself uses port 22 for its own SSH, I don't think you can disable it through the GUI. TR-069 at Verizon's backend may achieve this, but that's available only to engineering team I think (engineering team is not accessible to customers).
The easiest solution would be forward from a different external port and, when accessing the SSH remotely, specify a different port to connect.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Changing the ssh port did the trick.
Thanks 👌
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
But...2nd part of my question:
Is it possible to limit an internal port service to a single external IP🤔?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, if you have business service and bought more than one static IP address.
No, if you have residential service.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Cang_Household wrote:
Yes, if you have business service and bought more than one static IP address.
No, if you have residential service.
I believe that they meant, IP Address source
As an example my Linksys E4200 hardware version one running tomato third party firmware has this option in the forwarding page.
Src Address (optional) - Forward only if from this address. Ex: "1.2.3.4", "1.2.3.4 - 2.3.4.5", "1.2.3.0/24", "me.example.com".
Ext Ports - The ports to be forwarded, as seen from the WAN. Ex: "2345", "200,300", "200-300,400".
Int Port (optional) - The destination port inside the LAN. If blank, the destination port is the same as Ext Ports. Only one port per entry is supported when forwarding to a different internal port.
Int Address - The destination address inside the LAN.
I am not sure if their NAT router supports this or not.