Home/Support/Support Forum/How to setup firewall so that only a specified computer can connect
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

How to setup firewall so that only a specified computer can connect

0 votes
Hello,
I am fairly new at setting up Transport. I have several questions.

I have a WR44. I am using NATP. What is the script I would use to block everything except the computer I designate?

Are there any other ways to add security to further protect WR44 from unauthorized use?

Also, which ports, by default, are being used by the WR44?


Thanks, Joe
asked Aug 26, 2014 in Digi TransPort Cellular by Stoene New to the Community (1 point)

Please log in or register to answer this question.

1 Answer

0 votes
Firewall rules are described in the FIREWALL SCRIPTS section of the Transport User Guide.

The default firewall rule is BLOCK. You can use a firewall rule to allow traffic from a specific host or network. For example:

pass in break end from 10.1.2.3 to any

Ports Open and Used by TransPort (sorry for the formatting)
Services: The following services are available on the TransPort:
Service Default Port Comments
Telnet 23 TransPort will also respond on 8023.
Telnet over SSL 992
WEB (HTTP) 80 WebUI uses either HTTP or HTTPS but not both.
TransPort will also respond on 8080.
Secure WEB (HTTPS) 443 WebUI uses either HTTP or HTTPS but not both.
TransPort will also respond on 8443.
SSH / SFTP 22 TransPort will also respond on 8022.
SNMP 161 (configurable) SNMPv1, SNMPv2c and SNMPv3 can be individually enabled or disabled
RealPort 771 (configurable) Digi’s COM port redirector protocol (works with Digi’s RealPort driver)
Encrypted RealPort 1027 (configurable)
SNTP Server 123
DHCP Server 67
DNS Server 53
FTP Server 21
SSL Server serial port access 4200 + serial port # Terminal server functionality
Serial port access 4000 + Serial port # Terminal server functionality
XOT 1998
ADDP 2362 Digi device discovery protocol
Device Cloud (iDigi / iDigi SSL) 3197 / 3199 3199 is the default and uses SSL to secure the traffic

Things like IKE, L2TP, PPTP, etc are not really services, so I did not list them. But the TransPort does listen on those well-known ports.

Any of the above ports can be blocked or redirected by the firewall.
answered Sep 4, 2014 by billw1 Community Contributor (56 points)
Hello BillW1,

Thanks for the response.  I have been crawling up that learning curve.  I believe I have the device much more secure.  I am using a variation of the script you described.  

I would also like to use MAC filtering on the asy serial ports but I don't see how to apply MAC rules to a PPP or ASY ports.  I have gotten it two work on devices via Eth0-Eth3 but not when connecting thru PPP1.  Any ideas on how to associate ASY0-ASY3 to Eth0?  Thanks again, Joe
MAC filtering only applies to Ethernet ports (incl Wi-Fi when installed).

ASY ports 0-3 are mapped to TCP ports 4000-4003 (which can be changed via the Network Services page as needed). Our RealPort driver can also be used if your application can only talk to a COM port.
...