Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Firewall Access Rules do not work on One to One NAT (RV042G Router)

I have two unique IP addresses, two servers, and one RV042G router. 

What I would like to do is have each IP address go to it's own respective server. To do that, I've set the settings on One-to-One NAT to make this happen. Now IP address 1 points to server A and IP address 2 points to server B.

However, I only want port 80 to be open to each server. I've tried setting the Firewall access rules to accommodate this but it doesn't appear to block anything. All ports on the servers are exposed despite the firewall rules.

Here's what I have in the router configuration:

Under One-to-One NAT:

{internal IP address 1} => {external IP address 1}

{internal IP address 2} => {external IP address 2}

Under Firewall Access Rules:

Action | Service | Source Interface | Source | Destination | Time

Allow | HTTP Secondary 80 | WAN1 | Any | {internal IP address 1} | Always

Deny | All Traffic | WAN1 | Any | Any | Always

 

Is there a proper way to accomplish what I want?

4 REPLIES
New Member

  Michael, Has your ISP

 

 

Michael,

 

Has your ISP provided you with those external ip's(Public addresses)? If so, are you using the 2nd external address as suppose to the 1st external? Once this is accomplished then your described Firewall configuration should be able to allow all http traffic to your specified internal server.

New Member

Thanks for replying. Turns

Thanks for replying. 

Turns out I had to add new access rules to specifically deny all traffic to the internal addresses, in addition to the rule allowing the specified ports through.

So, with the IP addresses still defined the same way in the One-to-One NAT section, I now have the following rules defined in the firewall section:

Under Firewall Access Rules:

Priority | Action | Service | Source Interface | Source | Destination | Time

[1] | Allow | HTTP Secondary 80 | ANY | Any | {internal IP address 1} | Always

[2] Deny | All Traffic | WAN1 | Any | { internal IP address 1 } | Always <== the new one I ended up adding

(default) | Deny | All Traffic | WAN1 | Any | Any | Always <== built in default rule in router

 

I originally did not add the second rule because I had assumed that the default deny rule would block all traffic to all internal IP addresses anyway. Perhaps someone can correct me if I'm wrong but I am now assuming that the default deny rule applies to the router only and not to any other defined One-to-One NAT entries. In which case, I had to add another rule that duplicates the default deny rule but for each 1:1 NAT entry.

If this was already in the manual, I probably missed it so that would be my own mistake. Still, I wish this was more apparent in the web GUI as it didn't really specify that I had to do this.

In any case, I hope my solution helps anyone else in the future having this similar issue.

New Member

I just posted a question in

I just posted a question in regards to this for confirmation.  Yes, it would be helpful to have documentation that would clarify this and save many people countless hours fingering it out.  Its complex enough already, and without this hint for someone unfamiliar with RV082, you're on your own unless you want to pay $89 for a support call..

New Member

Thanks for replying. Turns

I'm not sure how to mark my question as answered as I want to select my own reply as the solution.

141
Views
0
Helpful
4
Replies