I have setup port forwarding for an RDP port.
I’d like to know how I can lock down this port forward, to only be accessed from a single external IP address.
e.g.
1.1.1.1:3389 can only be accessed from 2.2.2.2.
I created the server, assigned the service for 3389 to be accessed on the main WAN interface.
I have tried setting up inbound rules within the firewall, to only allow access from 2.2.2.2:3389 to 192.168.0.1:3389, I then created a rule to disallow any other IP address trying to access 192.168.0.1:3389.
You need the port forwarding rule, but then limit access with a pair of inbound firewall rules. The first rule allows what you want to happen. The second rule blocks the rest of the world.
In this case, the source is the external client you are allowing into your network. You would use the public IP address of that external device.
The destination is the LAN address of your server. It became the destination for any inbound traffic using that port, when you wrote the port forwarding rule.
You need to change the source port to “any” for the firewall rules. Source port will be always a dynamic port generated by the client device for NAT device.