Firewall vs Virtual Server

[matthew]

I've just got a 7800N, upgrading from a Netgear DG843g - so far, so good, the Billion seems to have all the features I want. However, I'm stuck with allowing port forwarding only from a specific IP.

What I want is simply to forward traffic from external address A on port B to internal address C. Or, IOW, I specifically only want Service B on server C available to external user A.

I could do this on the Netgear, since port forwarding and the firewall were one and the same thing. On the Billion, it seems:

* Setting up this rule in Firewall doesn't work until I also set it up in Virtual Server

* Once I set it up in Virtual Server, it allows through traffic from any IP address, regardless of the presence of an allow rule in the firewall - and even does so if I have a drop rule.

This should be doable - would be great if anyone could point me as to what combination of things I need to set up to enable it.

[sabre999uk]

Hi,
I do this to forward ftp traffic for 1 IP to my NAS using 1.06d firmware and the log entries show its working as expected:
Caused me no end of hair pulling out till someone on the Australian Whirlpool forum gave me the solution.

portmapping.jpg

packetfilter.jpg

Steve

[matthew]

Thank you Steve! I almost had it by using both port mapping and 2 firewall rules to drop all and allow the IP in question... but it seems that leaving the external port blank in the firewall rules is the key point. I'm not sure I'd have ever figured that out, so your helpful reply and screenshots are much appreciated.

Needing the port map as well likely rules out something I do sometimes, which is to route a given port to different internal IPs depending on the external IP. I might be able to do it by mapping things to different ports, I wonder if the firewall rule or the port map comes first?

[sabre999uk]

Hi
Glad it helped, over at Whirlpool I was told the port mapping comes first then the packet filter.

Steve