cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
87swrbills
Beginner
1,717 Views
Message 1 of 8

HH6 Port Forward Restrict External IP

Hi,

 

Just disconnected my 5 year old Sky router and moved to the Home Hub. I'm trying to set it up to so I can access my home servers from public & SSH from work. i.e.

 

1) Port forward 80 to the home webserver

2) Allow SSH port 443 from one particular external IP address (my office)  to another server in the house.
The UI seemed to only allow internal and external ports but didn't allow external IP ranges to be specified (even £20 routers allow this!!!).

 

I also want to IPSEC vpn from home back to the office.

 

Do we think this is possible?

 

I'm yet to try VPNing via Window's inbuilt VPN back to my office but I've read that others have problems.

 

I was on a chat with BT about the WAN IP address restrivtion last night & they didn't know what I meant & needed to contact someone more technical (the deptartment was closed at that point).

 

Thanks for any comments.

 

Steve

0 Ratings
7 REPLIES 7
licquorice
Distinguished Sage
Distinguished Sage
1,703 Views
Message 2 of 8

Re: HH6 Port Forward Restrict External IP

If you want to anything other than vanilla web browsing and email, ditch the hub and get a third party router.

0 Ratings
smf22
Recognised Expert
1,702 Views
Message 3 of 8

Re: HH6 Port Forward Restrict External IP

The port forwarding to a web server on port 80 is simple enough. Simply add the port forwarding for TCP port 80 in both the 'Internal' and 'External' port range from the Advanced Settings -> Firewall -> Port forwarding page. SSH would be similar, though presumably your server is listening for SSH on TCP port 22, so you want to use TCP port 443 as the external port, and TCP port 22 as the internal port.

 

There is no option to specify an external IP range that is allowed for the port forwarding on the Smart Hub. Depending on the server OS, one option might be to use iptables to restrict the external IP range.

 

As far as the VPN, the Smart Hub has problems with this if the VPN client uses PPTP. See Hub 6 not connecting to VPN for details. I've not seen or read of any issues with IPSec based VPN through the Hub, and indeed I use exactly that on a regular basis to connect to my office.

 

Regards

0 Ratings
87swrbills
Beginner
1,683 Views
Message 4 of 8

Re: HH6 Port Forward Restrict External IP

Thanks for the feedback.  I saw the port to port settings internal/external & that was straightforward... but not been able to specify external ip ranges is a dire omission & makes more work for me to securely access my home servers.  I've had a few routers & it's the first time I've seen the setting missing.  They really dumbed it down.

 

Additionally, I'm at work now & we do use PPTP (I'm in IT & should have known - memory slip!) so possible problems for me when I work at home.

 

Do people actually buy this HH router?  I'd prefer not to and use the money to buy one that works.   Hopefully I can get the 5 year old Sky router to work with BT.  The TV box was supposed to be installed today too so I stayed home longer & they called up to say the engineer was ill.

 

My 2 week deadline for cancelling my BT contract was up on Sunday. Pity.  Not happy so far 1 day in to my broadband service....

 

Steve

0 Ratings
smf22
Recognised Expert
1,677 Views
Message 5 of 8

Re: HH6 Port Forward Restrict External IP

I don't believe any of the BT Hubs have allowed the external IP address to be specified under the port forwarding. As you say... dumbed down.

 

Some people seem to have got the HH6 'free' as part of a contract renewal, but others have paid £50 + postage. If you read posts on the forum I think many are regretting doing so, and trying to figure out how to get their money back under sale of goods... see Smart Hub 6 - Returns and Refunds.

 

It's very likely you'll have problems with PPTP. @nix99 confirmed in message 59 of the thread I referenced that the latest firmware (SG4B100021F4) still exhibits the problem... and that problem being a crash of the router. There seems to be some that are not affected depending on the client OS e.g., MAC works, but Windows generally doesn't.

 

Regards

0 Ratings
87swrbills
Beginner
1,671 Views
Message 6 of 8

Re: HH6 Port Forward Restrict External IP

Thanks. will test VPN tonight. We're W7-W10 in the house that maybe VPNing. Great. The HH6 is barely fit for purpose really. Had I known I would have stayed with Sky. I'll see how far complaining gets me.
0 Ratings
Keith_Beddoe
Distinguished Sage
Distinguished Sage
1,661 Views
Message 7 of 8

Re: HH6 Port Forward Restrict External IP

If you are prepared to do a little work, you can create an IP policy on Windows computers which you can specify which IP addresses are allowed to connect to your computer. That will only allow connections to those specified IP addresses.

 

You can disable the policy when you need access to other addresses.

 

If its specific IP addresses or subnets you wish to block, then that can also be done.

 

 

0 Ratings
87swrbills
Beginner
1,638 Views
Message 8 of 8

Re: HH6 Port Forward Restrict External IP

Hi,

 

Had BT done the little work then we wouldn't have to go the extra mile!  I'll add more IP rules to the Linux machines if I have to. For now I'll live with the dumbed down functionality and count the days down until we go back to Sky.

 

I PPTP'd from a W7 & a W10 pc. No router reboots in the 5 minutes of connection I had.  Not the most complete test but it appeared ok.

 

Cheers for ideas guys.

 

Steve

0 Ratings