Scenario:
I want to only allow two ip addresses (whitelist) to have access into my LAN for my 3cx voip pbx
It needs access to 5060 and 9000-90XX
1. I have two DNATs like this:
source: public ip of voip server:5060
translation: my pbx internal LAN address:5060
AND
source:
source: public ip of voip server:9000-9010
translation: my pbx internal LAN address:9000-9010
2. I added a firewall rule to the WAN_IN ruleset
source: public ip of voip server
destination: my pbx internal LAN address
allowing TCP and UDP packets
My question is should the DNATs have the public ip as the SOURCE or the DESTINATION ?
Is the SOURCE address the public IP the traffic is coming FROM (the voip provider I want to white list)?
Do I need a DESTINATION or if it is blank it applies to the whole interface? (I am assuming the DESTINATION is really mean to be my public facing WAN address?)
I am seeing traffic packets on the firewall rule in stats
BUT I am not seeing counts in the DNAT count
Is there anyway to test this working?