Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5809
Views
0
Helpful
16
Replies

RV 340 PORT FORWARDING DOESN'T SEEM TO BE WORKING?

CanFlyGuy
Level 1
Level 1

‎08-22-2018 09:38 PM

I'm trying to set up port forwarding and I understand partially the idea behind setting up a rule under "Service Manager" and then going to Firewall and under "Port Forwarding" to then enabling the rule to a specific IP address. These ports are like 60001 to 60001 and 5989 to 5989, but I'm not sure if you're supposed to pick the same rule for both external and internal or if you're supposed to pick the rule on external and then pick "All Traffic" for the internal, but either doesn't seem to do anything for me unless there's some other entry that I have to make elsewhere like in the Access rules or something?  Programming this router is not like other routers I've worked with, even in the lower RV series. What am I missing? As an example 60001 TCP outside from the WAN is supposed to reach 60001 inside on a specific machine, eg. 192.168.1.80.

6 people had this problem
Labels:
0 Helpful
16 Replies 16

riteshsh
Cisco Employee
Cisco Employee

‎08-23-2018 10:03 PM

Hi,

 

My name is Ritesh Sharma from Cisco TAC.

 

As per your query, you have to forward port 6001 on WAN IP to reach to internal IP let say 192.168.1.10.

First of all, create a service management rule, by using port 6001, allowing desired traffic.

Then configure the port forwarding rule in RV340, allowing all traffic through WAN1/WAN2 to internal IP address (192.168.1.1) by using created service management rule.

The rule will automatically be reflected under firewall. Also you have to add an entry under firewall settings to allow all traffic on WAN1/WAN2 to internal LAN from source any.

 

The port forwarding will only work if the public IP is pinging fro outside. 

 

Please mark this as helpful if it resolved your issue.

 

Thanks and Regards 

Ritesh Sharma

 

0 Helpful

chamel123
Level 1
Level 1
In response to riteshsh

‎11-21-2019 06:36 PM

Not sure I understand your directive. Do you really advise to allow all traffic from WAN1/WAN2 (Any source address) thru LAN?

From what I know, this will make the firewall useless..no?

0 Helpful

lmsele
Level 1
Level 1

‎12-15-2018 06:08 AM

I have similar prob. I can’t seem to open more than four ports four port forwarding this is very concerning.
0 Helpful

IstiSanga44853
Level 1
Level 1
In response to lmsele

‎02-28-2021 08:52 PM

I can only get one port to work.

 

Application      Protocol          Port Start         Port End
  RDP-1            TCP                 3389               3389 (works)
  RDP-2           TCP                  3390               3390 (does not work)
 
 
Target device is set to RDP-2  with Static IP 198.168.1.96
this does not work
 
0 Helpful

Martin Aleksandrov
Cisco Employee
Cisco Employee
In response to IstiSanga44853

‎03-05-2021 01:38 AM

@IstiSanga44853 

 

Have you checked the device accept all 4 ports? Can you perform a WAN packet capture and send the cap file?

 

https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/enable-wan-packet-capture-rv34x-devices.html 

 

Regards,

Martin

 

 

 

 

0 Helpful

IstiSanga44853
Level 1
Level 1
In response to Martin Aleksandrov

‎03-05-2021 04:54 AM

Martin, I have done that and also captured more data using "Wireshark" and sent it to a Cisco engineer.  I am waiting for his/their analysis.  I will update you after I hear from them.

Thanks

IstiSanga44853

0 Helpful

Martin Aleksandrov
Cisco Employee
Cisco Employee
In response to IstiSanga44853

‎03-05-2021 05:10 AM

Hi Isti, 

 

Thanks for the update. You can share the SR on PM to keep tracking from my side. 

 

Regards, 

Martin

0 Helpful

Lio
Level 1
Level 1

‎03-05-2021 01:21 AM

I get exactly the same issue. I use these small routers just for a simple port forwarding. I did it multiple times with RV320 but i'm unable to make it working on RV340.

 

I create a service management TEST (tcp 8193-8193)

I create a port forwarding rule: ExternalService=TEST InternalService=TEST InternalIPAddress=192.168.1.10 Interface=WAN1

I create an access rule : Allowed All Traffic SourceInterface=WAN1 Source=Any DestinationInterface=VLAN1 Destination=Any (even if I feel it is not necessary as the port forwarding rule add automatically an entry in access rules table for the desired traffic)

 

The configuration is really simple and the same works on RV320.

 

If anyone has an idea or has succeed to make it work.

Thanks

0 Helpful

Martin Aleksandrov
Cisco Employee
Cisco Employee
In response to Lio

‎03-05-2021 01:33 AM

Hello Lio,

 

Can you share (screenshot) your port forwarding rules as well as the External/Internal services and the access-list you've created. Yes the ACL is not necessary as it is automatically created. 

 

Regards,

Martin

0 Helpful

Lio
Level 1
Level 1
In response to Martin Aleksandrov

‎03-05-2021 02:01 AM

Hello Martin,

Here are the sceenshots.

Preview file
41 KB
Preview file
49 KB
Preview file
44 KB
0 Helpful

Martin Aleksandrov
Cisco Employee
Cisco Employee
In response to Lio

‎03-05-2021 03:57 AM

Hi Lio,

 

You do have both external and internal services the same. Please delete the ACL you have created save the config and try again. Do you port forwarding from a specified public IP address? You may need to do a WAN packet capture and then share the Pcap file to verify the traffic is hitting the WAN and also do a packet capture from the LAN to see if the traffic is forwarding or if not - why.

 

Regards,

Martin 

 

0 Helpful

Lio
Level 1
Level 1
In response to Martin Aleksandrov

‎03-07-2021 11:44 PM

Hi Martin

 

Thanks for the advice of router packet capture..

I do WAN and LAN capture and found that the traffic was correctly forwarded through the router but get no return packet. The problem was not on the router itself.

Sorry I started by the wrong side of the problem.

0 Helpful

Martin Aleksandrov
Cisco Employee
Cisco Employee
In response to Lio

‎03-08-2021 01:47 AM

Hi Lio,

 

You're welcome! We always need to analyze the issue from end to end to end and find the root cause of the problem. Thanks, for sharing.

 

Regards,

Martin

0 Helpful

nagrajk1969
Spotlight
Spotlight

‎05-11-2021 03:30 AM

Hi All

 

There seems to be so much unnecessary confusion about using Port-Forwarding

 

1. First and foremost on RV34X, there is NO NEED TO ADD ADDITIONAL SEPARATE FIREWALL ACCESS RULE TO PERMIT ANY TRAFFIC...the person who had suggested it does not know anything at all about firewall/port-forwarding or i think he does not know networking at all...

 

Again, after adding the port-forwarding rule on RV340..YOU DO NOT NEED TO ADD ANY OTHER EXPLICIT FIREWALL-ACCESS RULE...NONE..PERIOD

- the port-forwarding rule will do the necessary opening of ports (as per the rule added) automatically in the firewall...no need to add anything manually again

 

 

2. Now coming to configuring port-forwarding on RV340....

a) Assuming that you have the deployment of RV340 connected to the Internet on wan1 interface as below:

 

lan-pc1(192.168.1.x)------[RV340-GW1]wan1(100.100.100.12)-------[isp-router]---{Internet}-------(200.200.200.2)[wan-PC2]

 

Pre-requisites:

- The lan-pc1 should be configured with the default-gw ip of 192.168.1.1 (assuming that this is the vlan1 lan-ipaddr on RV340)

- Ensure that the port-forwarded service/port is running on lan-pc1 so as to respond to the connection from wan-pc2

 

 

b) So in this case after adding port-forwading rule...wan-pc2 will always connect to 100.100.100.12:external-service-port-num...and this will be port-forwarded on the RV340 to lan-pc1

- Here iam assuming that each of you have made the lan-pc1 ready to accept the traffic on the said specified port-forwarded internal-service-port that you have added in the port-forward rule

 

Note: Please try to understand how the port-forwarded traffic flows..and check on lan-pc1 whether the traffic/connection initiated/sent by wan-pc2 is arriving on lan-pc1 interface......use wireshark or tcpdump on lan-pc1...

- like for example...one of the user is trying RDP...and he should understand that RDP protocol uses TCP-3389 for control-channel and then it switches to UDP-3389 for data-traffic-channel....so you should be adding a service-record for RDP with TCP&UDP 3389-3389

 

- Also note when you create a service record with start-port 3389 AND end-port 3389...it means one port 3389..AND NOT 2 ports..

- when you give a range of ports such as "start-port 4389; end-port 4390" then it means in this case 2 ports..

 

3. So to configure example-1 of one of the users...for port-forwarding of tcp port 60001 (and/or tcp-5989), apply the below 2 steps (given in the 2 screenshots) here

 

Assuming the deployment is as in above setup given....

Step-1add a service record in System-Management/Sevices

 

name: srvctest1 

protocol: tcp

start-port: 60001

end-port: 60001

 

name: srvctest2 

protocol: tcp

start-port: 5989

end-port: 5989

 

Step-2: Add the Port-forwarding rules as below (as in attached screenshots too)

rule1: 

external-service: srvctest1

internal-service: srvctest1

Internal-Ipaddress: 192.168.1.80 (or any internal-ipaddress in your setup that is routable/reachable from the RV340 on lan-side)

Interface: WAN1

 

 Step-3: Start the traffic/connection for tcp-port-60001 from wan-pc2 (to 100.100.100.12 the wan1-ipaddr)

 

Step-4: Another simple test after doing above steps is to run a iperf-connection as below:

 

a) On Lan-PC1...run iperf-tcp-server (try first with iperf-version2 please) on tcp-60001

 

iperf -s -i 1 -p 60001 -B 192.168.1.80

 

b) And then on Wan-PC2, run the iperf-tcp-client to connect to tcp-60001, as below:

 

iperf -c 100.100.100.12 -p 60001 -i 1 -t 3600

 

I guarantee that it will work...

 

 

 

 

 

 

 

 

 

Preview file
68 KB
Preview file
114 KB
0 Helpful
Customers Also Viewed These Support Documents