cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5807
Views
0
Helpful
16
Replies

RV 340 PORT FORWARDING DOESN'T SEEM TO BE WORKING?

CanFlyGuy
Level 1
Level 1

I'm trying to set up port forwarding and I understand partially the idea behind setting up a rule under "Service Manager" and then going to Firewall and under "Port Forwarding" to then enabling the rule to a specific IP address. These ports are like 60001 to 60001 and 5989 to 5989, but I'm not sure if you're supposed to pick the same rule for both external and internal or if you're supposed to pick the rule on external and then pick "All Traffic" for the internal, but either doesn't seem to do anything for me unless there's some other entry that I have to make elsewhere like in the Access rules or something?  Programming this router is not like other routers I've worked with, even in the lower RV series. What am I missing? As an example 60001 TCP outside from the WAN is supposed to reach 60001 inside on a specific machine, eg. 192.168.1.80.

16 Replies 16

riteshsh
Cisco Employee
Cisco Employee

Hi,

 

My name is Ritesh Sharma from Cisco TAC.

 

As per your query, you have to forward port 6001 on WAN IP to reach to internal IP let say 192.168.1.10.

First of all, create a service management rule, by using port 6001, allowing desired traffic.

Then configure the port forwarding rule in RV340, allowing all traffic through WAN1/WAN2 to internal IP address (192.168.1.1) by using created service management rule.

The rule will automatically be reflected under firewall. Also you have to add an entry under firewall settings to allow all traffic on WAN1/WAN2 to internal LAN from source any.

 

The port forwarding will only work if the public IP is pinging fro outside. 

 

Please mark this as helpful if it resolved your issue.

 

Thanks and Regards 

Ritesh Sharma

 

Not sure I understand your directive. Do you really advise to allow all traffic from WAN1/WAN2 (Any source address) thru LAN?

From what I know, this will make the firewall useless..no?

lmsele
Level 1
Level 1
I have similar prob. I can’t seem to open more than four ports four port forwarding this is very concerning.

I can only get one port to work.

 

Application      Protocol          Port Start         Port End
  RDP-1            TCP                 3389               3389 (works)
  RDP-2           TCP                  3390               3390 (does not work)
 
 
Target device is set to RDP-2  with Static IP 198.168.1.96
this does not work
 

@IstiSanga44853 

 

Have you checked the device accept all 4 ports? Can you perform a WAN packet capture and send the cap file?

 

https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/enable-wan-packet-capture-rv34x-devices.html 

 

Regards,

Martin

 

 

 

 

Martin, I have done that and also captured more data using "Wireshark" and sent it to a Cisco engineer.  I am waiting for his/their analysis.  I will update you after I hear from them.

Thanks

IstiSanga44853

Hi Isti, 

 

Thanks for the update. You can share the SR on PM to keep tracking from my side. 

 

Regards, 

Martin

Lio
Level 1
Level 1

I get exactly the same issue. I use these small routers just for a simple port forwarding. I did it multiple times with RV320 but i'm unable to make it working on RV340.

 

I create a service management TEST (tcp 8193-8193)

I create a port forwarding rule: ExternalService=TEST InternalService=TEST InternalIPAddress=192.168.1.10 Interface=WAN1

I create an access rule : Allowed All Traffic SourceInterface=WAN1 Source=Any DestinationInterface=VLAN1 Destination=Any (even if I feel it is not necessary as the port forwarding rule add automatically an entry in access rules table for the desired traffic)

 

The configuration is really simple and the same works on RV320.

 

If anyone has an idea or has succeed to make it work.

Thanks

Hello Lio,

 

Can you share (screenshot) your port forwarding rules as well as the External/Internal services and the access-list you've created. Yes the ACL is not necessary as it is automatically created. 

 

Regards,

Martin

Hello Martin,

Here are the sceenshots.

Hi Lio,

 

You do have both external and internal services the same. Please delete the ACL you have created save the config and try again. Do you port forwarding from a specified public IP address? You may need to do a WAN packet capture and then share the Pcap file to verify the traffic is hitting the WAN and also do a packet capture from the LAN to see if the traffic is forwarding or if not - why.

 

Regards,

Martin 

 

Hi Martin

 

Thanks for the advice of router packet capture..

I do WAN and LAN capture and found that the traffic was correctly forwarded through the router but get no return packet. The problem was not on the router itself.

Sorry I started by the wrong side of the problem.

Hi Lio,

 

You're welcome! We always need to analyze the issue from end to end to end and find the root cause of the problem. Thanks, for sharing.

 

Regards,

Martin

nagrajk1969
Spotlight
Spotlight

Hi All

 

There seems to be so much unnecessary confusion about using Port-Forwarding

 

1. First and foremost on RV34X, there is NO NEED TO ADD ADDITIONAL SEPARATE FIREWALL ACCESS RULE TO PERMIT ANY TRAFFIC...the person who had suggested it does not know anything at all about firewall/port-forwarding or i think he does not know networking at all...

 

Again, after adding the port-forwarding rule on RV340..YOU DO NOT NEED TO ADD ANY OTHER EXPLICIT FIREWALL-ACCESS RULE...NONE..PERIOD

- the port-forwarding rule will do the necessary opening of ports (as per the rule added) automatically in the firewall...no need to add anything manually again

 

 

2. Now coming to configuring port-forwarding on RV340....

a) Assuming that you have the deployment of RV340 connected to the Internet on wan1 interface as below:

 

lan-pc1(192.168.1.x)------[RV340-GW1]wan1(100.100.100.12)-------[isp-router]---{Internet}-------(200.200.200.2)[wan-PC2]

 

Pre-requisites:

- The lan-pc1 should be configured with the default-gw ip of 192.168.1.1 (assuming that this is the vlan1 lan-ipaddr on RV340)

- Ensure that the port-forwarded service/port is running on lan-pc1 so as to respond to the connection from wan-pc2

 

 

b) So in this case after adding port-forwading rule...wan-pc2 will always connect to 100.100.100.12:external-service-port-num...and this will be port-forwarded on the RV340 to lan-pc1

- Here iam assuming that each of you have made the lan-pc1 ready to accept the traffic on the said specified port-forwarded internal-service-port that you have added in the port-forward rule

 

Note: Please try to understand how the port-forwarded traffic flows..and check on lan-pc1 whether the traffic/connection initiated/sent by wan-pc2 is arriving on lan-pc1 interface......use wireshark or tcpdump on lan-pc1...

- like for example...one of the user is trying RDP...and he should understand that RDP protocol uses TCP-3389 for control-channel and then it switches to UDP-3389 for data-traffic-channel....so you should be adding a service-record for RDP with TCP&UDP 3389-3389

 

- Also note when you create a service record with start-port 3389 AND end-port 3389...it means one port 3389..AND NOT 2 ports..

- when you give a range of ports such as "start-port 4389; end-port 4390" then it means in this case 2 ports..

 

3. So to configure example-1 of one of the users...for port-forwarding of tcp port 60001 (and/or tcp-5989), apply the below 2 steps (given in the 2 screenshots) here

 

Assuming the deployment is as in above setup given....

Step-1add a service record in System-Management/Sevices

 

name: srvctest1 

protocol: tcp

start-port: 60001

end-port: 60001

 

name: srvctest2 

protocol: tcp

start-port: 5989

end-port: 5989

 

Step-2: Add the Port-forwarding rules as below (as in attached screenshots too)

rule1: 

external-service: srvctest1

internal-service: srvctest1

Internal-Ipaddress: 192.168.1.80 (or any internal-ipaddress in your setup that is routable/reachable from the RV340 on lan-side)

Interface: WAN1

 

 Step-3: Start the traffic/connection for tcp-port-60001 from wan-pc2 (to 100.100.100.12 the wan1-ipaddr)

 

Step-4: Another simple test after doing above steps is to run a iperf-connection as below:

 

a) On Lan-PC1...run iperf-tcp-server (try first with iperf-version2 please) on tcp-60001

 

iperf -s -i 1 -p 60001 -B 192.168.1.80

 

b) And then on Wan-PC2, run the iperf-tcp-client to connect to tcp-60001, as below:

 

iperf -c 100.100.100.12 -p 60001 -i 1 -t 3600

 

I guarantee that it will work...