-
Hogar
SOHO Switches
Manteniendo el hogar conectado para conexiones de calidad
Accesorios
Todo lo demás que necesitas para un estilo de vida conectado
-
Hogar Inteligente
Enchufes Inteligentes
Mejora tus dispositivos domésticos
Cámaras de Seguridad
Vigilando lo que importa
Bombillas Inteligentes
Luz para cada ocasión
Extensor de Cobertura+
Extienda el Wi-Fi y administre con la aplicación Kasa
-
Empresa
Switches
Redes cableadas de alta velocidad desde gestión L3 a switches sin gestión
Omada Cloud SDN
La solución en la nube más inteligente para redes empresariales
Banda Ancha Inalámbrica Pharos
Ideal para redes de banda ancha inalámbrica de largo alcance
Routers SafeStream
VPN segura y puertas de enlace de equilibrio de carga para el negocio
-
Proveedor de Servicios
DSL
Capaz de red de alta velocidad y aplicaciones integradas de banda ancha
Wi-Fi Router
La elección fiable para redes domésticas
LTE/3G
Mantiene el acceso a Internet donde quiera que vaya.
PON
La tecnología líder para brindar servicios de Internet gigabit
Adaptadores Powerline
Transforma el cableado eléctrico para llevar la señal de red.
Range Extender
Amplía fácilmente la cobertura de Wi-Fi.
Switches
Aumenta la red de su empresa con un rendimiento de primera calidad.
Wi-Fi Empresarial
Lleve su red Wi-Fi empresarial a nuevos niveles.
How to limit specific IP to access to internal server by TP-LINK SMB router?
Application Scenario
In some cases, we just want only some specific external IPs to access internal server behind TP-LINK SMB Router. This demands can be met by Virtual Server with Access Control.
Now we take TL-ER6120 v2 as an example. The Web server is behind TL-ER6120 LAN port as 192.168.0.2:8080. And client is located in 14.28.137.216 out of WAN1. We only want to make external IP 14.28.137.216 be able to access this server. Our topology is connected as follow.
How can we achieve that?
TL-ER6120 is NAT device. Web server is on 192.168.0.2:8080 behind TL-ER6120. First of all we open port of 8080 about 192.168.0.2 for all external IP. And then we configure Access Control to limit only IP 14.28.137.216 to access to Web server. The specific configuration steps are as follows.
Step 1
This step we need to open ports of 8080. Go to Advanced---->NAT----->Virtual Server. For interface, we select WAN1 and set port as 8080. Internal Server IP is 192.168.0.2. Click OK then. When finished, there will form a rule entry in Virtual Server List.
Step 2
This step we configure Service Type to match Web server port 8080. Turn to Preferences---->Service Type. Name service type as Web Service. And Select Protocol TCP/UDP. Source Port Range is 0-65535. Fill in destination port as 8080. Click OK.
Step 3
This step let’s configure IP group. Turn to Preferences----->IP Group---->IP address. Add entry as above.
Access_Client is the same with Web_Server. Then there will be two new entries in IP Address List.
Turn to IP Group. Corresponds to the Address Name and Group Name. Set according to the picture respectively.
This step is simple. Match Access_Client with Access_Client Group then.
Step 4 Let’s configure Access Control now.
On Firewall---->Access Control, set as the picture above. We select Allow Policy first and choose Web_Service we just now set up for 8080 port for Service Type. In Source option, we select IP Group-- Access_Client we set before. In destination we choose Web_Server. ID as 1. Then click OK.
And then we configure a Block policy. The policy is Block and Source is IPGROUP_ANY. Don’t forget set ID as 2. Click OK.
After finishing, there will be two entries in List of Rules.
Verification
As the screenshot above, on client 14.28.137.216 we type in 14.28.137.2:8080. (14.28.137.2 is WAN1 address) We’ll find it can access Web server normally.
And on any other client like 14.28.137.210, we cannot access Web server. It works as expected!
Note:
1. The ID order of Access Control List present the priority and it is important.
2. TL-R600VPN could meet demands only with hardware version v4.
3. For other models’ different hardware versions, there will be different UI. The configuration process of different UI is the same as the example’s UI basically. Lack of IP Group configuration, other configuration options just changed position.
Sus comentarios nos ayudan a mejorar este sitio.