Search
Search

How to limit specific IP to access to internal server by TP-LINK SMB router?

Configuration Guide
Actualizado08-03-2021 03:44:31 AM 50815
Este artículo se aplica a: 

Application Scenario

In some cases, we just want only some specific external IPs to access internal server behind TP-LINK SMB Router. This demands can be met by Virtual Server with Access Control.

Now we take TL-ER6120 v2 as an example. The Web server is behind TL-ER6120 LAN port as 192.168.0.2:8080. And client is located in 14.28.137.216 out of WAN1. We only want to make external IP 14.28.137.216 be able to access this server. Our topology is connected as follow.

How can we achieve that?

TL-ER6120 is NAT device. Web server is on 192.168.0.2:8080 behind TL-ER6120. First of all we open port of 8080 about 192.168.0.2 for all external IP. And then we configure Access Control to limit only IP 14.28.137.216 to access to Web server. The specific configuration steps are as follows.

Step 1

This step we need to open ports of 8080. Go to Advanced---->NAT----->Virtual Server. For interface, we select WAN1 and set port as 8080. Internal Server IP is 192.168.0.2. Click OK then. When finished, there will form a rule entry in Virtual Server List.

Step 2

This step we configure Service Type to match Web server port 8080. Turn to Preferences---->Service Type. Name service type as Web Service. And Select Protocol TCP/UDP. Source Port Range is 0-65535. Fill in destination port as 8080. Click OK.

Step 3

This step let’s configure IP group. Turn to Preferences----->IP Group---->IP address. Add entry as above.

Access_Client is the same with Web_Server. Then there will be two new entries in IP Address List.

Turn to IP Group. Corresponds to the Address Name and Group Name. Set according to the picture respectively.

This step is simple. Match Access_Client with Access_Client Group then.

Step 4 Let’s configure Access Control now.

On Firewall---->Access Control, set as the picture above. We select Allow Policy first and choose Web_Service we just now set up for 8080 port for Service Type. In Source option, we select IP Group-- Access_Client we set before. In destination we choose Web_Server. ID as 1. Then click OK.

And then we configure a Block policy. The policy is Block and Source is IPGROUP_ANY. Don’t forget set ID as 2. Click OK.

After finishing, there will be two entries in List of Rules.

Verification

As the screenshot above, on client 14.28.137.216 we type in 14.28.137.2:8080. (14.28.137.2 is WAN1 address) We’ll find it can access Web server normally.

And on any other client like 14.28.137.210, we cannot access Web server. It works as expected!

Note:
1. The ID order of Access Control List present the priority and it is important.
2. TL-R600VPN could meet demands only with hardware version v4.
3. For other models’ different hardware versions, there will be different UI. The configuration process of different UI is the same as the example’s UI basically. Lack of IP Group configuration, other configuration options just changed position.

SuscripciónTP-Link toma en serio su privacidad. Para obtener más detalles sobre las prácticas de privacidad de TP-Link, consulte Política de privacidad de TP-Link .

Síguenos

Acerca de Nosotros
Notas de Prensa
Partners
Dónde Comprar
Catálogos de Producto
Learning Center
Promotions
España / español
Copyright © TP-Link Corporation Limited. 2021. Todos los derechos reservados

De United States?

Obtener productos, eventos y servicios para su región.

Ir Otras opciones

Este sitio web utiliza cookies para mejorar la navegación del sitio web, analizar las actividades en línea y brindar a los usuarios la mejor experiencia en nuestro sitio web. Puede oponerse al uso de cookies en cualquier momento. Puede obtener más información en nuestra política de privacidad .

Configuración de cookies Aceptar todas las Cookies

Este sitio web utiliza cookies para mejorar la navegación del sitio web, analizar las actividades en línea y brindar a los usuarios la mejor experiencia en nuestro sitio web. Puede oponerse al uso de cookies en cualquier momento. Puede obtener más información en nuestra política de privacidad .

Cookies Básicas

Estas cookies son necesarias para el funcionamiento del sitio web y no se pueden desactivar en sus sistemas.

Ventana emergente de selección de sitio

accepted_local_switcher

Sistema de selección de productos SMB

tp_smb-select-product_scence, tp_smb-select-product_scenceSimple, tp_smb-select-product_userChoice, tp_smb-select-product_userChoiceSimple, tp_smb-select-product_userInfo, tp_smb-select-product_userInfoSimple

Live Chat

__livechat, __lc2_cid, __lc2_cst, __lc_cid, __lc_cst, CASID

Youtube

VISITOR_INFO1_LIVE, YSC, LOGIN_INFO, PREF, CONSENT, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC

Cookies de análisis y marketing

Las cookies de análisis nos permiten analizar sus actividades en nuestro sitio web para mejorar y ajustar la funcionalidad de nuestro sitio web.

Nuestros socios publicitarios pueden establecer cookies de marketing a través de nuestro sitio web para crear un perfil de sus intereses y para mostrarle anuncios relevantes en otros sitios web.

Google Analytics & Google Tag Manager & Google Optimize

_gid, _gat, _gat_global, _ga, _gaexp

Google Ads & DoubleClick

NID, IDE, test_cookie, id, 1P_JAR

Facebook

fr, spin, xs, datr, c_user, sb, _fbp

Crazy Egg

_ce.s, _CEFT, _gid, cean, _fbp, ceac, _drip_client_9574608, cean_asoc

Hotjar

_hjKB, _fbp, ajs_user_id, _BEAMER_LAST_UPDATE_zeKLgqli17986, _hjid, _gcl_au, _ga, ajs_anonymous_id, _BEAMER_USER_ID_zeKLgqli17986, _hjAbsoluteSessionInProgress, _hjFirstSeen, _hjIncludedInPageviewSample, _hjTLDTest

Baidu

Hm_lpvt_33178d1a3aad1dcf1c9b345501daa675, Hm_lvt_33178d1a3aad1dcf1c9b345501daa675, HMACCOUNT_BFESS

Linkedin

lms_analytics, AnalyticsSyncHistory, _gcl_au, liap