Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1288
Views
0
Helpful
4
Replies

Firewall Access Rules do not work on One to One NAT (RV042G Router)

michael2014
Level 1
Level 1

‎03-24-2014 10:19 AM

I have two unique IP addresses, two servers, and one RV042G router. 

What I would like to do is have each IP address go to it's own respective server. To do that, I've set the settings on One-to-One NAT to make this happen. Now IP address 1 points to server A and IP address 2 points to server B.

However, I only want port 80 to be open to each server. I've tried setting the Firewall access rules to accommodate this but it doesn't appear to block anything. All ports on the servers are exposed despite the firewall rules.

Here's what I have in the router configuration:

Under One-to-One NAT:

{internal IP address 1} => {external IP address 1}

{internal IP address 2} => {external IP address 2}

Under Firewall Access Rules:

Action | Service | Source Interface | Source | Destination | Time

Allow | HTTP Secondary 80 | WAN1 | Any | {internal IP address 1} | Always

Deny | All Traffic | WAN1 | Any | Any | Always

 

Is there a proper way to accomplish what I want?

Labels:
0 Helpful
4 Replies 4

Ismael Arroyo
Level 1
Level 1

‎03-24-2014 12:46 PM

 

 

Michael,

 

Has your ISP provided you with those external ip's(Public addresses)? If so, are you using the 2nd external address as suppose to the 1st external? Once this is accomplished then your described Firewall configuration should be able to allow all http traffic to your specified internal server.

0 Helpful

michael2014
Level 1
Level 1
In response to Ismael Arroyo

‎03-24-2014 01:09 PM

Thanks for replying. 

Turns out I had to add new access rules to specifically deny all traffic to the internal addresses, in addition to the rule allowing the specified ports through.

So, with the IP addresses still defined the same way in the One-to-One NAT section, I now have the following rules defined in the firewall section:

Under Firewall Access Rules:

Priority | Action | Service | Source Interface | Source | Destination | Time

[1] | Allow | HTTP Secondary 80 | ANY | Any | {internal IP address 1} | Always

[2] Deny | All Traffic | WAN1 | Any | { internal IP address 1 } | Always <== the new one I ended up adding

(default) | Deny | All Traffic | WAN1 | Any | Any | Always <== built in default rule in router

 

I originally did not add the second rule because I had assumed that the default deny rule would block all traffic to all internal IP addresses anyway. Perhaps someone can correct me if I'm wrong but I am now assuming that the default deny rule applies to the router only and not to any other defined One-to-One NAT entries. In which case, I had to add another rule that duplicates the default deny rule but for each 1:1 NAT entry.

If this was already in the manual, I probably missed it so that would be my own mistake. Still, I wish this was more apparent in the web GUI as it didn't really specify that I had to do this.

In any case, I hope my solution helps anyone else in the future having this similar issue.

0 Helpful

racassel1
Level 1
Level 1
In response to michael2014

‎06-27-2014 06:35 AM

I just posted a question in regards to this for confirmation.  Yes, it would be helpful to have documentation that would clarify this and save many people countless hours fingering it out.  Its complex enough already, and without this hint for someone unfamiliar with RV082, you're on your own unless you want to pay $89 for a support call..

0 Helpful

michael2014
Level 1
Level 1

‎03-25-2014 08:52 AM

I'm not sure how to mark my question as answered as I want to select my own reply as the solution.

0 Helpful
Customers Also Viewed These Support Documents