[NEBULA] Cannot create Virtual Server Rule, same Public Port and Multiple Allowed Remote IPs

TCL_Support

I am trying to create new virtual server rules to expose port 443 but to only allow access from a number of defined 'Allowed Remote IP' addresses. However if I create multiple rules for public port 443 and then try to add it several times with different Allowed Remote IP entries - such as 51.140.188.39 and 88.68.100.40 - I cannot Save and there is a warning about 'overlapping ports'.

So how can we create a rule to allow multiple remote ip addresses to access the same port? This must be a very common scenario as you don't want to expose ports to the entire internet or just one remote IP address or subnet?

Zyxel_Jason

Hi @TCL_Support,

From you description, you need multiple Allow remote IPs for one virtual server entry.
You should be able to use " , " to configure more than one IP in that column.
For example:
Uplink   Public IP   Public port   LAN IP              Local port   Allow remote IP
WAN 1  any           443              192.168.1.100   443            51.140.188.39, 88.68.100.40

Hope it helps.

Shobbi

Hi, I tried this, but its only possible to enter max 9 different IP in this field. How can we manage to add more? And this should be tottaly different design like Cisco Merkai Go series, where you can add one and one IP as whitelisted/allowed to access a defined port. 

Zyxel_Jason

Hi Shobbi,

Welcome to Zyxel community.

In current design, the "Allow remote IP" column should be able to configure max 10 different IPs with " , ".
If your remote IP happens to be a range IP, you may use CIDR and " , " to configure.
Ex: 1.2.10.0/24,1.2.20.0/24.
 
Hope it helps.