Fios G3100 - Port Forward from specific external IP -> specific internal IP
DonJo2
Enthusiast - Level 2

I'm trying to open SSH port 22 on the router to forward to a specific host on my internal network.

And, I'd like to restrict external access to a specific IP address.

So far, I've created a port forwarding rule for the internal host on port 22. But can't figure out how to limit incoming access to a single IP address.

Also, the port forwarding isn't working -- can't connect via ssh from external host.

Can connect if I set the local host as DMZ.

Can you walk me thru the steps to accomplish this?

Thanks in advance.

0 Likes
Reply
1 Solution
Cang_Household
Community Leader
Community Leader

Port forwarding is always forwarding the port to a specific internal host unless you are forwarding to a network object containing multiple hosts.

To better assist you, can you provide the screenshot of your port forwarding rule? Thanks.

Since G3100 itself uses port 22 for its own SSH, I don't think you can disable it through the GUI. TR-069 at Verizon's backend may achieve this, but that's available only to engineering team I think (engineering team is not accessible to customers).

The easiest solution would be forward from a different external port and, when accessing the SSH remotely, specify a different port to connect.

View solution in original post

5 Replies
Cang_Household
Community Leader
Community Leader

Port forwarding is always forwarding the port to a specific internal host unless you are forwarding to a network object containing multiple hosts.

To better assist you, can you provide the screenshot of your port forwarding rule? Thanks.

Since G3100 itself uses port 22 for its own SSH, I don't think you can disable it through the GUI. TR-069 at Verizon's backend may achieve this, but that's available only to engineering team I think (engineering team is not accessible to customers).

The easiest solution would be forward from a different external port and, when accessing the SSH remotely, specify a different port to connect.

DonJo2
Enthusiast - Level 2

Changing the ssh port did the trick.

Thanks 👌

DonJo2
Enthusiast - Level 2

But...2nd part of my question:

Is it possible to limit an internal port service to a single external IP🤔?

Cang_Household
Community Leader
Community Leader

Yes, if you have business service and bought more than one static IP address.

No, if you have residential service.

dslr595148
Community Leader
Community Leader

@Cang_Household wrote:

Yes, if you have business service and bought more than one static IP address.

No, if you have residential service.


I believe that they meant, IP Address source

As an example my Linksys E4200 hardware version one running tomato third party firmware has this option in the forwarding page.

Src Address (optional) - Forward only if from this address. Ex: "1.2.3.4", "1.2.3.4 - 2.3.4.5", "1.2.3.0/24", "me.example.com".

Ext Ports - The ports to be forwarded, as seen from the WAN. Ex: "2345", "200,300", "200-300,400".

Int Port (optional) - The destination port inside the LAN. If blank, the destination port is the same as Ext Ports. Only one port per entry is supported when forwarding to a different internal port.

Int Address - The destination address inside the LAN.


I am not sure if their NAT router supports this or not.