Posted: Thu Oct 12, 2017 20:19 Post subject: allowing all traffic from source address through firewall
Hello. I just installed DD-WRT on my RT-AC1750 and I'm having trouble figuring out how to setup a firewall rule to allow all traffic from certain IP blocks through the firewall.
For example, I want to allow all TCP traffic from 64.61.160.32/27 on ports 16384-65533 through the firewall. How would I go about doing this?
Normally when a client form the outside wants to contact something on your networik you do this by forwarding a port.
What is it you want to accomplish?
Just opening your firewall is bad practice.
Our hosted VOIP provider is blaming our firewall for dropped/1-way calls. We replaced it with an Asus RT-AC1750 running DD-WRT. They want us to allow all traffic only from their servers (IP blocks were provided to us) through the firewall. There are about 6 phones at this location getting their addresses through DHCP and from what I understand any phone could use any of these ports, so there is no way to implement port forwarding.
I don't see much of a security risk for allowing traffic only from a few IP blocks through our firewall.
I've worked with other firwalls where this is pretty simple, but I'm unfamiliar with DD-WRT.
But I am not 100% sure and it is a real security risk, anybody can spoof this address. If I had a vendor asking me to do this I would have looked for another vendor.
There are definitely other solutions possible.
DDWRT has a SIP proxy this could be what you need, or a public STUN server, but your vendor should come up with a better solution.