-
Otthon
Routerek
Gyors és megbízható Wi-Fi hálózat létrehozásához
Hálózatkiterjesztés
Könnyedén növelje meg, és tegye jobbá hálózatát
SOHO Switches (Kapcsolók)
Ha több vezetékes kapcsolatra van szüksége otthonában
Egyéb eszközök
Amire még szüksége lehet a kapcsolattartáshoz
-
Intelligens otthon
Kamerák
Tartsa szemmel ami fontos
Wi-Fi-s konnektor
Tegye otthoni eszközeit okosabbá
Wi-Fi-s LED izzók
Fény, minden alkalomra
-
Irodai/üzleti
JetStream Switch
High-Speed wired networking from L3 managed to unmanaged
Omada szoftver kontrolleres AP-k
Professional business Wi-Fi with centralized management
SafeStream Router
Secure VPN and Load Balance gateways to the business
VIGI Surveillance
VIGI video surveillance is dedicated to your security
Pharos Vezeték nélküli szélessáv
Ideal for long range wireless broadband networking
-
Szolgáltatóknak
DSL
Capable of high-speed network and integrated broadband applications
LTE/3G
Gondoskodik az internet hozzáférésről, bárhol is legyen.
PON
The leading technology for delivering gigabit Internet services
Áramköri jeltovábbító
Átalakítja az áramkört belső/külső hálózat részévé.
Range Extender
Easily expand your Wi-Fi coverage.
Switch-ek
Növelje hálózatát kiváló teljesítménnyel.
Üzleti Wi-FI megoldások
A vállalkozás vezeték nélküli hálózatát új szintre emeli.
How to limit specific IP to access to internal server by TP-LINK SMB router?
Application Scenario
In some cases, we just want only some specific external IPs to access internal server behind TP-LINK SMB Router. This demands can be met by Virtual Server with Access Control.
Now we take TL-ER6120 v2 as an example. The Web server is behind TL-ER6120 LAN port as 192.168.0.2:8080. And client is located in 14.28.137.216 out of WAN1. We only want to make external IP 14.28.137.216 be able to access this server. Our topology is connected as follow.
How can we achieve that?
TL-ER6120 is NAT device. Web server is on 192.168.0.2:8080 behind TL-ER6120. First of all we open port of 8080 about 192.168.0.2 for all external IP. And then we configure Access Control to limit only IP 14.28.137.216 to access to Web server. The specific configuration steps are as follows.
Step 1
This step we need to open ports of 8080. Go to Advanced---->NAT----->Virtual Server. For interface, we select WAN1 and set port as 8080. Internal Server IP is 192.168.0.2. Click OK then. When finished, there will form a rule entry in Virtual Server List.
Step 2
This step we configure Service Type to match Web server port 8080. Turn to Preferences---->Service Type. Name service type as Web Service. And Select Protocol TCP/UDP. Source Port Range is 0-65535. Fill in destination port as 8080. Click OK.
Step 3
This step let’s configure IP group. Turn to Preferences----->IP Group---->IP address. Add entry as above.
Access_Client is the same with Web_Server. Then there will be two new entries in IP Address List.
Turn to IP Group. Corresponds to the Address Name and Group Name. Set according to the picture respectively.
This step is simple. Match Access_Client with Access_Client Group then.
Step 4 Let’s configure Access Control now.
On Firewall---->Access Control, set as the picture above. We select Allow Policy first and choose Web_Service we just now set up for 8080 port for Service Type. In Source option, we select IP Group-- Access_Client we set before. In destination we choose Web_Server. ID as 1. Then click OK.
And then we configure a Block policy. The policy is Block and Source is IPGROUP_ANY. Don’t forget set ID as 2. Click OK.
After finishing, there will be two entries in List of Rules.
Verification
As the screenshot above, on client 14.28.137.216 we type in 14.28.137.2:8080. (14.28.137.2 is WAN1 address) We’ll find it can access Web server normally.
And on any other client like 14.28.137.210, we cannot access Web server. It works as expected!
Note:
1. The ID order of Access Control List present the priority and it is important.
2. TL-R600VPN could meet demands only with hardware version v4.
3. For other models’ different hardware versions, there will be different UI. The configuration process of different UI is the same as the example’s UI basically. Lack of IP Group configuration, other configuration options just changed position.
Véleménye segíti az oldal fejlesztését