Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1398
Views
0
Helpful
5
Replies

how to restrict source IP on my port forwarding 8008 to port 80 on a cisco RV340

hakan_forslund
Level 1
Level 1

‎05-14-2020 03:50 AM

Hi

We have setup a port forwarding from external WAN1 Port 8008 to internal VLAN webserver port 80.

This created an Access rule with source IP = any.

We want to restrict source IP any to just allow single IP, but this automatically created access rule cant be edited, and if I create a new Access rule with restricted source IP I cant change source port 8008 to destination port 80.

Is there a way to solve this?

 

BR Hakan

1 person had this problem
Labels:
0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎05-14-2020 04:40 AM

Look at the below thread should able to help you.

 

https://community.cisco.com/t5/small-business-routers/basic-help-port-forwarding-on-rv340/td-p/3413559

 

if not please post the screen shot to look the config and verify.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

hakan_forslund
Level 1
Level 1
In response to balaji.bandi

‎05-14-2020 05:13 AM

Hi 

To clarify what is my problem.

So only IP xxx.xxx.xxx.xxx should be able to access internal IP 192.168.40.10 on port 80 via external interface port 8008.

Creating port 8008 works fine then setting up portforward from 8008 to internal port 80 also no problem.

After doing this there is automatically created an access rule allowing all IP addresses to access port 8008.

And this access rule cant be edited.

 

If I create a new access rule saying only IP xxx.xxx.xxx.xxx can access port 8008 and destination is 192.168.40.10 then I cant specify the internal port to 80.

 

So can I accomplish what I want by a combination of access rules. Just don't want to use same port on outside as inside in this case.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to hakan_forslund

‎05-14-2020 05:22 AM

IP xxx.xxx.xxx.xxx  - is this Public Known IP ? so you have create a rule only allow incoming port XXX to inside destination.

 

NAT take place before ACL hit in the FW.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

hakan_forslund
Level 1
Level 1
In response to balaji.bandi

‎05-14-2020 05:43 AM

Yes

xxx.xxx.xxx.xxx is the public address for people handling fansystem through webservice on their specified VLAN.

So I have to map port 8008 outside to port 80 on their internal webserver for them to get remote access.

And i dont want their webserver to be open to the whole world.

At the same time there is other public addresses that need remote access to other ports/services. 

 

0 Helpful

AlbertanDave
Level 1
Level 1

‎11-12-2020 08:56 PM

Was there a solution to this?  Translating the public up to internal while also translating the access port?

Creating the port forwarding rule is easy but you cannot edit it to allow only the one public ip to access.

0 Helpful
Customers Also Viewed These Support Documents