Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2177
Views
0
Helpful
7
Replies

RV042G Which rules have priority firewall or forward rules?

Go to solution
Ryan Hendriks
Level 1
Level 1

‎10-15-2012 02:22 AM

I have made a firewall rule that accepts FTP from WAN2 outside to the inside private LAN with IP address specified.

But this didn't work.

When I added in the forward rules that FTP had to be forwarded to this IP address it worked.

I have done some testing but it seems that the firewall rules do not have any priority on the forward rule.

If I disable the forward rule i cannot connect with ftp even with a firewall rule made.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Te-Kai Liu
Level 7
Level 7
In response to Ryan Hendriks

‎10-15-2012 07:11 AM

For RV0xx, an access rule entered last will show on top and gets higher priority.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Te-Kai Liu
Level 7
Level 7

‎10-15-2012 06:02 AM

Firewall access rules are designed to work on top of port forwarding rules. Firewall rules alone cannot open up a ftp service to the internet. 

0 Helpful

Go to solution
Ryan Hendriks
Level 1
Level 1
In response to Te-Kai Liu

‎10-15-2012 06:19 AM

OK, but when I assign a specific external IP address to allow FTP from WAN2 to internal IP address, I still can make a FTP connection from whatever external IP address :

0 Helpful

Go to solution
Te-Kai Liu
Level 7
Level 7
In response to Ryan Hendriks

‎10-15-2012 06:37 AM

You need to add a Deny All rule, followed by an Allow rule. Here is an example that shows how to restrict SSH to a specific external IP address.

https://supportforums.cisco.com/message/3100507#3100507

Preview file
221 KB
0 Helpful

Go to solution
Ryan Hendriks
Level 1
Level 1
In response to Te-Kai Liu

‎10-15-2012 07:04 AM

So actually you should program it like Iptables? first allow rules and at the end a deny rule? If I would first make a deny rule and then an allow rule will this work or not like in Iptables?

0 Helpful

Go to solution
Te-Kai Liu
Level 7
Level 7
In response to Ryan Hendriks

‎10-15-2012 07:11 AM

For RV0xx, an access rule entered last will show on top and gets higher priority.

0 Helpful

Go to solution
Ryan Hendriks
Level 1
Level 1
In response to Te-Kai Liu

‎10-15-2012 07:16 AM

OK, clear but take at the picture below, I try to make contact with FTP from an external address and it has an allow in the firewall rules but still can't make contact, if you see the log file you can maybe tell me what is wrong?

0 Helpful

Go to solution
Ryan Hendriks
Level 1
Level 1

‎10-15-2012 08:11 AM

After some testing this did the trick :

You have to match the source and destination in the deny rule with the source and destination in the allow rules.

Now it works and when I disable one of the allow rules I cannot connect with the FTP server.

So I think this is OK now.

0 Helpful
Customers Also Viewed These Support Documents