HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

Remote access from internet on MSR1003-8 router

 
grecuc
Occasional Contributor

Remote access from internet on MSR1003-8 router

Hello,

Please help me with the following problem. I have a MSR1003-8 router.
I'm used to IpTables so this is new to me and I cannot figure it out.
Can someone please make an example how to allow access from na external IP to local IP on some ports. For Example:

External IP:      201.201.201.201

Local IP:            192.168.100.34

Ports:                 502 and 3389

Any help would be greatly appreciated

 

Best regards

1 REPLY
grecuc
Occasional Contributor

Re: Remote access from internet on MSR1003-8 router

I have a test network setup here.

Here is the test  configuration:

 

LAN:                                 192.168.100.0 /24

WAN:                               192.168.10.21/32

Remote user IP:          192.168.10.58

 

 

I have setup na static NAT via CLI:

 

-nat static   3970   192.168.100.123   192.168.10.21

 

 

The ACL 3970 contains:

 

-1       permit ip source 192.168.10.0     0.0.0.255

-10    deny ip

 

With this configuration I can connect normaly from 192.168.10.0 /24. The problem is, that anyone from the subnet "192.168.10.0 / 0.0.0.255" can connect also. What I want is that someone is allowed to connect from a specific IP - like 192.168.10.58 0.0.0.0

 

if I change the ACL rule to a specific IP the connection fails:

-1       permit ip source 192.168.10.58     0.0.0.0

-10    deny ip

 

How do I setup an ACL so that a single Remote IP is allowed?

 

Any help would be greatly appreciated

 

Best regards