Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4157
Views
0
Helpful
16
Replies

RV042 Router Firewall blocks ports though Access Rule

ponninga001
Level 1
Level 1

‎12-11-2011 12:21 PM - edited ‎03-07-2019 03:50 AM

Hi  I have a Cisco RV042 Wired Router.

I've got a static IP and a MS Small Business Server in my Router Network.

I have forwarded the essential ports to use the IIS and the Exchange Server of my SBS2011 (https, http, smtp, rpc).

I have also created some access rules for these ports, but I dont have any access on my server services, if the firewall is activated.

Here are my Firewall Access Rules from the RV042 Web Interface:



PriorityPolicy NameEnableActionServiceSource InterfaceSourceDestinationTimeDay
Delete

HTTPS 2ndAllowHTTPS 2nd [987]*Any10.0.0.2 ~ 10.0.0.2Always

SMTP 2ndAllowSMTP 2nd [587]*Any10.0.0.2 ~ 10.0.0.2Always

FTPAllowFTP [21]*Any10.0.0.2 ~ 10.0.0.2Always

HTTPAllowHTTP [80]*Any10.0.0.2 ~ 10.0.0.2Always

RPCAllowRPC [135]*Any10.0.0.2 ~ 10.0.0.2Always

SMTPAllowSMTP [25]*Any10.0.0.2 ~ 10.0.0.2Always

HTTPSAllowHTTPS [443]*Any10.0.0.2 ~ 10.0.0.2Always

AllowAll Traffic [1]LANAnyAnyAlways  

DenyAll Traffic [1]WAN1AnyAnyAlways  

DenyAll Traffic [1]WAN2AnyAnyAlways  

Maybe someone can help me

1 person had this problem
Labels:
0 Helpful
16 Replies 16

cadet alain
VIP Alumni
VIP Alumni

‎12-11-2011 02:10 PM

Hi,

I've never worked with this router model but maybe you should try to put as destination IP the public IP which is used in the port forwarding entries.

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

Beetlejuice01
Level 1
Level 1
In response to cadet alain

‎12-12-2011 12:22 AM

are you trying to enter in your lan from a wan? are you trying to pass over a nat interface?

0 Helpful

ponninga001
Level 1
Level 1
In response to Beetlejuice01

‎12-12-2011 12:23 PM

i've tried both things but with no success.

Do I have to connect the DMZ Port for using the DMZ Mode?

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to ponninga001

‎12-12-2011 12:45 PM

Hi,

did you try changing the  destination to the public IP of the router ,

I suppose this is for external access to these services?

from where are you trying vto access these services?

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

ponninga001
Level 1
Level 1
In response to cadet alain

‎12-12-2011 12:53 PM

yeah i tried this, but without success.

I tested a TCP connection on port 25 (SMTP) but the server didnt receive anything.

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to ponninga001

‎12-12-2011 01:05 PM

Hi,

from where did you connect? is this working with NAT on but Firewall disabled?

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

ponninga001
Level 1
Level 1
In response to cadet alain

‎12-12-2011 01:48 PM

if the firewall is disabled everything works fine. After enabling the fw the forwarded services are blocked.

How do i have to configure the NAT to receive all traffic at the server?

best regards

thomas

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to ponninga001

‎12-12-2011 01:58 PM

Hi,

if you can connect from outside when  the firewall is off then it means NAt is ok.

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

Beetlejuice01
Level 1
Level 1
In response to cadet alain

‎12-12-2011 02:25 PM

Thomas how are you connecting to that server... some service like dyndns...? In the rule you have specified 10.0.0.2 but i suppose you have done a port forwarding from a public ip, so you connect from the outside network to a public ip because there is no vpn to connect inside network. Please give us more detail.. a basic picture, a configuration a topology or it's hard to help you. You say without firewall activated the connection was established, with nat but you don't browse the private ip i immagine... have you tryied to change the private ip with translated ip?

0 Helpful

ponninga001
Level 1
Level 1
In response to Beetlejuice01

‎12-13-2011 08:44 AM

i've got a static internet ip address.

i connect to my server, or actually i'm trying to connect to my server with the public internet ip address.

The local ip of my router is 10.0.0.1 and of the server 10.0.0.2

i've forwarded the service ports to 10.0.0.2 ip address and added the firewall access rules- destination ips (from the services in the table) to my public ip address.

would the cisco rvs4000 meet my needs better?

i read the datasheet of it yesterday and there have been an application node for connecting to public servers in the router network.

best regards

thomas

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to ponninga001

‎12-13-2011 12:04 PM

Hi,

If you try accessing your public IP from inside it may well not work if this router doesn't support hairpinning.

To test this you must connect from outside.

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

ponninga001
Level 1
Level 1
In response to cadet alain

‎12-13-2011 12:20 PM

yeah i try to connect from my homenetwork to my business network (static ip). I'm not connected via VPN and i try to connect with the public IP address (188.21.6........)

regards

0 Helpful

Beetlejuice01
Level 1
Level 1
In response to ponninga001

‎12-13-2011 12:29 PM

:-) connect from an outside network as Alan suggest and probably your configuration works well.

0 Helpful

ponninga001
Level 1
Level 1
In response to Beetlejuice01

‎12-13-2011 12:41 PM

i always connect from outside

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card