Orbi WiFi 7 RBE973
Reply

Re: Limit port forwarding to whitelisted IP Addresses

JimByron
Aspirant

Limit port forwarding to whitelisted IP Addresses

I am looking for a modem/router product recommendation please.

 

I owned a really basic Netgear DG834G modem a few years ago which had a neat Port Forwarding feature which would only port forward from a finite whitelist of external IP Addresses (instead of the more common feature of having a blacklist of IP addresses). And since I only have 5 sites, all on fixed IP addresses, this would immediately block cyber-criminals from getting as far as my windows login screen on port 3389 because I would program the router to reject anything except requests from my 5 sites.

 

The only other meaningful feature I require is an IPSEC VPN capability to allow remote file access and remote printing across my sites.

 

Is anyone aware of a modem/router (or even just a router) which will give me these 2 key pieces of functionality?

 

I have been told about a Netgear BR500 but the staff at Netgear's call centre are so incompetent that I cannot ascertain whether it has this whitelisted IP functionality.

 

Many thanks.

Message 1 of 6
DaneA
NETGEAR Employee Retired

Re: Limit port forwarding to whitelisted IP Addresses

@JimByron,

 

Welcome to the community! 🙂 

 

The BR500 supports both IPSec VPN and Port Forwarding. 

 

Let me share the article below:

 

How do I set up a site-to-site IPSec VPN on my NETGEAR BR500 Business Router?

 

About Port Forwarding on the BR500, kindly read pages 136-141 of the BR500 user manual here.  

 

To learn more about the specifications of the BR500, kindly check its data sheet here

 

If ever your concern has been addressed or resolved, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 2 of 6
JimByron
Aspirant

Re: Limit port forwarding to whitelisted IP Addresses

Whilst I thank you for your quick reply, you actually didnt answer the question. I know the BR500 has both IPSEC VPN and Port Forwarding because it says so on the sales page, but nothing in that page or the manual you sent indicates whether the port forwarding rule can be enabled ONLY FOR CERTAIN EXTERNAL IP ADDRESSES.. That's the dilemma - I want a router that only forwards traffic that comes from a whitelist of external IP Addresses. Can you confirm this is possible on the BR500?

Message 3 of 6
DaneA
NETGEAR Employee Retired

Re: Limit port forwarding to whitelisted IP Addresses

@JimByron,

 

As I understand your concern, you wanted to create a port forwarding rule to secondary WAN IP addresses, am I right?  If yes, I regret to inform you that this is not possible on the BR500.  

 

 

Regards, 

 

DaneA

NETGEAR Community Team

Message 4 of 6
JimByron
Aspirant

Re: Limit port forwarding to whitelisted IP Addresses

No, I dont think you understood. I want to create a port forwarding rule which only works for a list of external IP addresses. In other words, if a user at an address with a "trusted" IP address tries to access the server using remote desktop port 3389, they will be forwarded to the server, but if someone at any other IP address tried, the forward will fail

Message 5 of 6
schumaku
Guru

Re: Limit port forwarding to whitelisted IP Addresses

You ask for the ability to configure firewall rules e.g for WAN -> LAN allowing a defined set of IPv4 (and probably IPv6) addresses to these ports (and protocol) on the port forwarded LAN IP. Not a very difficult question, indeed.

 

Seriously, I don't know - we have given up the BR500.  However I'm keen to learn if this is possible now using the BR500 Web UI and then again using the Insight Pro control.

 

Indeed, older Netgear consumer routers had this capability, but today's Netgear consumer routers (not talking of the BR500 here) lack of this feature, too. Complained many times - Netgear does not give a ****. - they think some crappy firewall rules for LAN->Internet are more important. They simply don't understand networking.

Message 6 of 6
Discussion stats
  • 5 replies
  • 5289 views
  • 0 kudos
  • 3 in conversation
Announcements