https://community.cisco.com/t5/network-security/rv082-access-rules/m-p/1886106#M457078 <P>Good Day To All,</P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp; We recently purchased a RV082 Firewall Router and I am having the headache of a lifetime with the access rules and port forwarding. I have read EVERY post possible and still cannot come to a conclusion of what I am doing wrong...</P><P></P><P><STRONG>First Question</STRONG> is the MAIL SERVER.. I could not get our email server to talk when setting this device to DMZ so for the time being I put it on LAN2 and attempted to set up an access rule Port 25 to the IP of the mail server. NO GO.. I had to port forward or it would not work.</P><P></P><P>Now I want to deny access on port 25 over WAN1 201.X.X.108 but allow access over port 25 on WAN2 201.X.X.109 and this is where it's a NO GO. It doesnt matter what order I put the rules in, its still a no go. Furthermore if I take out the port forward 25 and put in the rules to allow ANY source to reach 25 on the mail server it ALSO does not work...</P><P></P><P>This is what I have now and I can still access the email server on EITHER WAN address. I have tried to specifically DENY WAN1 but still no luck.</P><P></P><P><STRONG>FORWARD:</STRONG></P><P>PORT 25 to 192.168.0.221 is ENABLED</P><P></P><P><STRONG>ACCESS RULES: <SPAN style="font-size: 8pt;">(in this order)</SPAN></STRONG></P><P></P><P><STRONG>ACTION:</STRONG> ALLOW</P><P><STRONG>SERVICE:</STRONG> SMTP:25</P><P><STRONG>SOURCE INTERFACE:</STRONG> WAN2</P><P><STRONG>SOURCE:</STRONG> ANY</P><P><STRONG>DESTINATION:</STRONG> 192.168.0.221</P><P><STRONG>TIME:</STRONG> ALWAYS</P><P></P><P><STRONG>ACTION:</STRONG> ALLOW</P><P><STRONG>SERVICE:</STRONG> SMTP:25</P><P><STRONG>SOURCE INTERFACE:</STRONG> LAN</P><P><STRONG>SOURCE:</STRONG> 192.168.0.221</P><P><STRONG>DESTINATION:</STRONG> ANY</P><P><STRONG>TIME:</STRONG> ALWAYS</P><P></P><P><STRONG>ACTION:</STRONG> DENY</P><P><STRONG>SERVICE</STRONG>: SMTP:25</P><P><STRONG>SOURCE INTERFACE:</STRONG> ANY</P><P><STRONG>SOURCE:</STRONG> ANY</P><P><STRONG>DESTINATION:</STRONG> ANY</P><P><STRONG>TIME:</STRONG> ALWAYS</P><P></P><P></P><P><STRONG>Now Second Question</STRONG> is pretty much the same but with SSH on port 22. I did this as a test and enabled SSH to the mail server.</P><P></P><P><STRONG>FORWARD:</STRONG></P><P>NOTHING SET</P><P></P><P></P><P><STRONG>ACTION:</STRONG> ALLOW</P><P><STRONG>SERVICE:</STRONG> SSH:22</P><P><STRONG>SOURCE INTERFACE:</STRONG> ANY</P><P><STRONG>SOURCE:</STRONG> ANY</P><P><STRONG>DESTINATION:</STRONG> 192.168.0.221</P><P><STRONG>TIME:</STRONG> ALWAYS</P><P></P><P></P><P>Why would this not work? The ONLY was I can get an SSH:22 to work is if I port forward it and then the access rule when set to DENY ALL it still allows it on both WAN1 and WAN2...</P><P></P><P>CONFUSED!</P><P></P><P>HELP!</P><P></P><P>PLEASE!</P><P></P><P>The Screen shot was my last attempt at making SSH work...</P> Mon, 11 Mar 2019 22:53:20 GMT richardhassell 2019-03-11T22:53:20Z https://community.cisco.com/t5/network-security/rv082-access-rules/m-p/1886106#M457078 <P>Good Day To All,</P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp; We recently purchased a RV082 Firewall Router and I am having the headache of a lifetime with the access rules and port forwarding. I have read EVERY post possible and still cannot come to a conclusion of what I am doing wrong...</P><P></P><P><STRONG>First Question</STRONG> is the MAIL SERVER.. I could not get our email server to talk when setting this device to DMZ so for the time being I put it on LAN2 and attempted to set up an access rule Port 25 to the IP of the mail server. NO GO.. I had to port forward or it would not work.</P><P></P><P>Now I want to deny access on port 25 over WAN1 201.X.X.108 but allow access over port 25 on WAN2 201.X.X.109 and this is where it's a NO GO. It doesnt matter what order I put the rules in, its still a no go. Furthermore if I take out the port forward 25 and put in the rules to allow ANY source to reach 25 on the mail server it ALSO does not work...</P><P></P><P>This is what I have now and I can still access the email server on EITHER WAN address. I have tried to specifically DENY WAN1 but still no luck.</P><P></P><P><STRONG>FORWARD:</STRONG></P><P>PORT 25 to 192.168.0.221 is ENABLED</P><P></P><P><STRONG>ACCESS RULES: <SPAN style="font-size: 8pt;">(in this order)</SPAN></STRONG></P><P></P><P><STRONG>ACTION:</STRONG> ALLOW</P><P><STRONG>SERVICE:</STRONG> SMTP:25</P><P><STRONG>SOURCE INTERFACE:</STRONG> WAN2</P><P><STRONG>SOURCE:</STRONG> ANY</P><P><STRONG>DESTINATION:</STRONG> 192.168.0.221</P><P><STRONG>TIME:</STRONG> ALWAYS</P><P></P><P><STRONG>ACTION:</STRONG> ALLOW</P><P><STRONG>SERVICE:</STRONG> SMTP:25</P><P><STRONG>SOURCE INTERFACE:</STRONG> LAN</P><P><STRONG>SOURCE:</STRONG> 192.168.0.221</P><P><STRONG>DESTINATION:</STRONG> ANY</P><P><STRONG>TIME:</STRONG> ALWAYS</P><P></P><P><STRONG>ACTION:</STRONG> DENY</P><P><STRONG>SERVICE</STRONG>: SMTP:25</P><P><STRONG>SOURCE INTERFACE:</STRONG> ANY</P><P><STRONG>SOURCE:</STRONG> ANY</P><P><STRONG>DESTINATION:</STRONG> ANY</P><P><STRONG>TIME:</STRONG> ALWAYS</P><P></P><P></P><P><STRONG>Now Second Question</STRONG> is pretty much the same but with SSH on port 22. I did this as a test and enabled SSH to the mail server.</P><P></P><P><STRONG>FORWARD:</STRONG></P><P>NOTHING SET</P><P></P><P></P><P><STRONG>ACTION:</STRONG> ALLOW</P><P><STRONG>SERVICE:</STRONG> SSH:22</P><P><STRONG>SOURCE INTERFACE:</STRONG> ANY</P><P><STRONG>SOURCE:</STRONG> ANY</P><P><STRONG>DESTINATION:</STRONG> 192.168.0.221</P><P><STRONG>TIME:</STRONG> ALWAYS</P><P></P><P></P><P>Why would this not work? The ONLY was I can get an SSH:22 to work is if I port forward it and then the access rule when set to DENY ALL it still allows it on both WAN1 and WAN2...</P><P></P><P>CONFUSED!</P><P></P><P>HELP!</P><P></P><P>PLEASE!</P><P></P><P>The Screen shot was my last attempt at making SSH work...</P> Mon, 11 Mar 2019 22:53:20 GMT https://community.cisco.com/t5/network-security/rv082-access-rules/m-p/1886106#M457078 richardhassell 2019-03-11T22:53:20Z https://community.cisco.com/t5/network-security/rv082-access-rules/m-p/1886107#M457084 <HTML><HEAD></HEAD><BODY><P>Esentially what I am trying to accomplish is to NOT have the port forward set. But in every case so far it seems as if the access rules DO NOT WORK at all. </P><P></P><P>Even if I set SSH:22 to port forward and set a firewall rule to DENY ANY ANY ANY to ANY I can still SSH to the box <SPAN __jive_emoticon_name="sad" __jive_macro_name="emoticon" class="jive_macro jive_emote" height="16" src="https://community.cisco.com/4.5.4/images/emoticons/sad.gif" width="16"></SPAN></P></BODY></HTML> Thu, 12 Apr 2012 21:36:41 GMT https://community.cisco.com/t5/network-security/rv082-access-rules/m-p/1886107#M457084 richardhassell 2012-04-12T21:36:41Z