Allowing only certain packets to access port?

[Nemesis77]

We have a WAP-server that needs access to outside world (so people could access it). It uses certain port (that is reserved for WAP) so we need to open that port to outside Internet. Is it possible to configure the firewall in such way that only WAP-traffic (and nothing else) gets through the port?

Also, the traffic would only come from one source (our mobile-operators WAP-gateway), so we could block all other sources. But what about spoofing? We would still like to be able to limit the traffic to WAP only.

I'm not really a firewall-expert (as you can propably tell)

 

[Oaf357]

As far as I know there really is no way to specify EXACTLY what kind of traffic comes through a firewall.

You can limit it to an IP address or protocol (TCP, UDP, ICMP, etc.) which is probably your best bet. The likely hood of someone even seeing the hole (should you set it up to only one IP address being able to come through) is low.

Not exactly the answer you wanted I'm sure but I hope it helps.

 

[Nemesis77]

Thanks for the info . I assumed it's something like that, but I just had to make sure.

 

[ivwshane]

I'm no firewall expert either but I see no reason why you couldn't block all traffic excpet for the traffic that comes through on the specified port (what port does wap use anyway?).
I see no reason why it would be different then blocking all access to a network excpet say port 21 for a public FTP. All you should have to do to accomplish this is port forward to the correct ip of the wap server. Almost any router can do that, even soho routers like linksys.




Am I not understanding the question?

 

[ktwebb]

AP's are hubs and don't discriminate. Just passes traffic. The port is determined by the application sending the data.

 

[Santa]

A Firewall that uses Stateful Packet Inspection does exactly this.. It unwraps the packet to see if it makes sense in the context of the conversation and will drop it if it does not. So if it is not a WAP type message then it should note that it does not make sense and drop the packet even though its from the right source and comes in on the right port.