How to configure an ACL rule to only allow a public IP to access the local port

 

Requirements
A Company has a web server inside the local network, but they only want the remote branch office to visit this web server; the remote branch office’s public IP Address is 200.200.203.211 and they use the default port 80 as the web server’s port; the server’s IP address is 192.168.16.233;
 
Components Used
 
UTT Router HiPER 811;
Firmware version: ReOS V10

 

Background Information
Configure

Network Diagram

 

 

 

7.Configure another ACL to block other IP’s access port 801
 

You can check the ACL rules in the ACL list:

 

 

Verify
The WAN IP is 200.200.203.211

 

 

And it can access the web server(through its translated port 8081)

 

 

While tempting using other IP address to access the web server, it failed;

 

 

Troubleshoot
1.       The system default access control rule pass is always listed in the bottom of the Access Control List, you cannot move it.
2.       You cannot delete the system default access control rules in the Access Control List, and cannot modify its parameters except Action.
3.       Please make sure that the Allow ACL Rule is before the Deny ACL Rule in the ACL List; As the router will excute the rules in the order of the ACL list displays.

 
Configuration

Configuring port forwarding on Router HiPER 811 for web server

Go to NAT > Port Forwarding page, click Static Mapping Configuration Tab

 

 
 
 

Configuring the Port Forwarding external port as 8081, source IP 192.168.16.233(Web server’s IP Address), source port 80 and bind to WAN1;

 

 

 

 

 Configuring the service group as follows:
 

Click ==> button to import the services to the service members, and click Save;

 

 

Go to Security > Firewall > Policy Configuration£¬enable Access Control, and click save; click New button

 

 

Configure one ACL to allow the Public IP’s access port 801