Hi there,

I am currently configuring a c888 series router.

I have a Lan network at 192.168.10.0/24 (Native Vlan 1 by default - ETH0-1-2-3).

An interface TO WAN THROUGH DIALER 1, the default route is via this DIALER 1 interface.

I configured a loopback10 interface:

ip address 10.0.0.1 255.255.255.255 !!! (Not real IP is just for example)

Outgoing nat performed:

ip nat inside source list 10 interface Loopback10 overload

I need to access from the outside to a machine which is on the LAN network, IP of the machine: 192.168.10.3/24.

I did port forwarding:

ip nat inside source static tcp 192.168.10.3 443 10.0.0.1 8083 extendable

I now need to filter incoming traffic so that certain public IPs can access this port forwarding:

I configured a standard Access-list 50

access-list 50 permit 99.20.10.63
access-list 50 permit 85.24.20.54

I added this access-list on the VLAN1 interface:

ip address 192.168.10.1 255.255.255.0
ip access-group 50 out
ip nat inside
ip virtual-reassembly in
no autostate

Port forwarding works and filtering by ip too. The problem is that the machine 192.168.10.3/24 cannot access the internet following this configuration while I can ping: ping 8.8.8.8 source vlan1.

Could you help me ?

Thanks