I'm having trouble getting this to work on two different DIR-615s, one is a RevB with 2.25 firmware (latest) and the other is a RevC with 3.11NA (the latest).
I have several ports I need to have open, and I have confirmed the access list filter works as expected when the connection is initiated from the LAN computer. This does mean the router is looking at only the destination port for these. However, when I make an incoming connection to a LAN computer, the response from the LAN computer uses the random source port the WAN computer used as the destination port and the selected destination port the WAN computer used as it's source port. This is all standard behaviour for TCP/IP. The problem is, it's not possible to allow every possible random source port through in the outgoing direction as that defeats the purpose of the filter.
I also have one computer that has unrestricted outgoing access. This computer too is affected by the outgoing access control issue opn incoming connections.
I seem to have gotten this to work on the RevB router by changing the firewall NAT TCP Endpoint Filtering to Endpoint Independent but this does not fix it on the RevC unit.
Ideally the router shouldn't even apply the outgoing access policy to the packets that are a response to a WAN-initiated connection. Those filters are built-in to the configuration by only certain ports being intentionally opened and mapped to a particular LAN computer's IP address in the Virtual Server and by it's associated inbound filter.
Is there some way to make this work?
Author
Topic: access control filters on both source port and destination port? (Read 3889 times)