I recently bought a new Linksys RV082 router because my old Netgear firewall broke down, but with the Linksys admin interface I struggled to find how I could open up port forwarding for a specific IP address. Port forwarding opens the port for everyone on the Internet, and firewall access rules do not specify which LAN address the traffic should be routed to. The trick is to combine these two.

In this example we will open up the SSH port (tcp/22) for remote access for a specific Internet IP. First, you have to create the service, give it a name and enter tcp/22 as the port number used. Remember, creating a port forwarding entry will open the port to everyone, so let’s create a firewall accessrule next to block this first. Create an accessrule to deny everything on this port for any on the WAN interface. Next, we need to open this traffic for our single IP. Create an accessrule to allow this single IP on this port on the WAN interface, make sure that the allow-rule has higher priority than the deny-rule. Final step is to create a port forwarding entry, and specify that this port should be forwarded to a LAN IP. We created the port fowarding last so that the port is not wide open until we created the accessrules. Now everything should be like we wanted, port 22 is only open for a single Internet IP and is forwarded to a LAN IP.

To sum up, this is what we need to make sure only 256.10.11.12 can use port 22 on LAN server 192.168.1.10 from the Internet.

Accessrule Priority 1, Allow SSH [22], WAN1, Source: 256.10.11.12, Destination: Any
Accessrule Priority 2, Deny SSH [22], WAN1, Source: Any, Destination: Any
Port forwarding, TCP/22~22 -> 192.168.1.10