Limit port forwarding to whitelisted IP Addresses

Question

I am looking for a modem/router product recommendation please.

I owned a really basic Netgear DG834G modem a few years ago which had a neat Port Forwarding feature which would only port forward from a finite whitelist of external IP Addresses (instead of the more common feature of having a blacklist of IP addresses). And since I only have 5 sites, all on fixed IP addresses, this would immediately block cyber-criminals from getting as far as my windows login screen on port 3389 because I would program the router to reject anything except requests from my 5 sites.

The only other meaningful feature I require is an IPSEC VPN capability to allow remote file access and remote printing across my sites.

Is anyone aware of a modem/router (or even just a router) which will give me these 2 key pieces of functionality?

I have been told about a Netgear BR500 but the staff at Netgear's call centre are so incompetent that I cannot ascertain whether it has this whitelisted IP functionality.

Many thanks.

DaneA · Answer

JimByron,

&nbsp;

Welcome to the community! :)&nbsp;

&nbsp;

The BR500 supports both IPSec VPN and Port Forwarding.&nbsp;

&nbsp;

Let me share the article below:

&nbsp;

How do I set up a site-to-site IPSec VPN on my NETGEAR BR500 Business Router?

&nbsp;

About Port Forwarding on the BR500, kindly read pages 136-141 of the BR500 user manual here.&nbsp;&nbsp;

&nbsp;

To learn more about the specifications of the BR500, kindly check its data sheet here.&nbsp;

&nbsp;

If ever your concern has been addressed or resolved, I&nbsp;encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR&nbsp;Community&nbsp;looks forward to hearing from you and being a helpful resource in the future!

&nbsp;

Regards,

&nbsp;

DaneA

NETGEAR Community Team

JimByron · Answer

Whilst I thank you for your quick reply, you actually didnt answer the question. I know the BR500 has both IPSEC VPN and Port Forwarding because it says so on the sales page, but nothing in that page or the manual you sent indicates whether the port forwarding rule can be enabled ONLY FOR CERTAIN EXTERNAL IP ADDRESSES.. That's the dilemma - I want a router that only forwards traffic that comes from a whitelist of external IP Addresses. Can you confirm this is possible on the BR500?

DaneA · Answer

JimByron,

&nbsp;

As I understand your concern, you wanted to&nbsp;create a port forwarding rule to secondary WAN IP addresses, am I right?&nbsp; If yes,&nbsp;I regret to inform you that this&nbsp;is not possible&nbsp;on the BR500.&nbsp;&nbsp;

&nbsp;

Regards,&nbsp;

&nbsp;

DaneA

NETGEAR Community Team

JimByron · Answer

No, I dont think you understood. I want to create a port forwarding rule which only works for a list of external IP addresses. In other words, if a user at an address with a "trusted" IP address tries to access the server using remote desktop port 3389, they will be forwarded to the server, but if someone at any other IP address tried, the forward will fail

schumaku · Answer

You ask for the ability to configure firewall rules e.g for WAN -&gt; LAN allowing a defined set of IPv4 (and probably IPv6) addresses to these ports (and protocol) on the port forwarded LAN IP. Not a very difficult question, indeed.&nbsp;Seriously, I don't know - we have given up the BR500.&nbsp; However I'm keen to learn if this is possible now using the BR500 Web UI and then again using the Insight Pro control.&nbsp;Indeed, older Netgear consumer routers had this capability, but today's Netgear consumer routers (not talking of the BR500 here) lack of this feature, too. Complained many times - Netgear does not give a ****. - they&nbsp;think some crappy firewall rules for LAN-&gt;Internet are more important. They simply don't understand networking.

Forum Discussion

Limit port forwarding to whitelisted IP Addresses

5 Replies

Related Content

Whitelist MAC-Addresses on GS724T

How do you whitelist MAC addresses on the XR500

Port forwarding

Netgear Armor URL exclusions or whitelisting

XR500 Port Forwarding

NETGEAR Academy

ProSupport for Business