Re: Port forwarding to Wan sub-interface

Seong Jae Jung · ‎05-20-2021

Hi.

I am using RV345.

I set up Wan1.1(ISP) sub-interface and port forwarding as 1 port to Wan1.1.

It works well in a client in a VLAN as a command like ssh -p 12022 222.111.222.111(Wan1.1's IP).

But, it doesn't work in out side clients.

There is no firewall between ISP and the Router.

Is there any setting I have to add?

marce1000 · ‎05-20-2021

- Perhaps this guide may help :

https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/smb5818-configure-port-forwarding-port-triggering-nat-on-rv34x-serie.html

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Seong Jae Jung · ‎05-20-2021

Attached my setting as an image.

This is same as the guide.

Is there any setting I have to add?

balaji.bandi · ‎05-20-2021

what are you trying External IP address to Internal IP address port-forward or to Router only ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Seong Jae Jung · ‎05-20-2021

I am trying External IP address(Wan.1.1 sub-interface) to Internal IP address port-forward.

balaji.bandi · ‎05-20-2021

Hope you followed below document : ( what is the content of HASH ?)

https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/smb5818-configure-port-forwarding-port-triggering-nat-on-rv34x-serie.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Seong Jae Jung · ‎05-20-2021

I was trying external port 12022(HASHED-SSH) to internal port 22(SSH).

The problem is that it works in inside of Router with External IP and fails in outside Router.

I can tell you port forwarding setting is correct but there is something with blocking traffic from outside Router.

So I am asking any setting other than port forwarding with sub-interface WAN(1.1)

balaji.bandi · ‎05-20-2021

enable Logging check is any packets reaching from our side (internet) at least to router? may be thinking ISP blocking odd ports, try different port like 81(jnstead12022 - high end port) to 22

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

nagrajk1969 · ‎05-30-2021

Hi Seong

Say your deployment is like below:

PC(10.50.11.20)------lan[RV345]wan1.1----[isp-router]-----[internet]-----[wan-Host with ipaddr say 83.83.10.2]

1. First try to ping from 10.50.11.20 to 83.83.10.2 and also some other internet hosts which reply to ping-requests

- Maybe you will not receive ping replies from 83.83.10.2 (your example wan-host) becos its configured not to reply to any ping-requests. So thats ok..

- this step is to check whether 10.50.11.20 is configured to reach any and all Internet hosts...else check and configure its default-gateway ipaddress to the lan-ipaddress of the RV345 in the same subnet as PC/10.50.x.x)

2. Now before you start the ssh connection from wan-host, start either wireshark or tcpdump on 10.50.11.20 to capture all packets coming into the interface on which the ipaddr 10.50.11.20 is configured

3. now Start the ssh connection from wan-host, and check whether the "port-forwarded" packets are reaching 10.50.11.20....

- when you see the captured packets, on 10.50.11.20, you should see the src-address of 83.83.10.2 and destination ip will be 10.50.11.20....

- the first packets will be the tcp-connection establishment packets tcp-syn from 83.83.x.x

- check whether 10.50.11.20 is sending a reply packet to 83.83.x.x...

4. Is there any deny access rule added into firewall by you (other than the default access-rules)...??

5. One unrelated question...is the vlan-id used on wan1-interface "1"????...or its just that you have changed from original value before posting here???

- when you configure as wan1.1...it means the vlan-id on wan1 interface is 1...and we have vlan1 as default vlan on lan-interface too.....so......

In summary,

- you need to trace out and capture the incoming traffic and check whether 10.50.11.20 is recieving the ssh packets from wan-host...and if yes, why is it not replying to the ssh connection?????

- else if the ssh packets are not going to 10.50.11.20...then check by sending diagnostic pings to 10.50.11.20 from RV345...to see the reachability

- Also you seem to have lan-hosts in the network 10.50.1.x too...so do you have 10.50.11.20 in separate vlan on the RV345???? or are you using a subnet 10.50.0.0/16????