Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3657
Views
0
Helpful
2
Replies

Rv082 firewall rule not working

aa
Level 1
Level 1

‎10-15-2011 07:43 PM

Hello, i have a Cisco Rv082 with Firmware v4.0.4.02-tm (Jul 4 2011 13:30:56)

I have configure WAN1 with a public IP and netmask 255.255.255.252. (Only one public IP in use)

Internally the LAN is a 192.168.169.0/255.255.255.0

I need to add some rules like

Service: HTTP

Interface: WAN1

From: ANY

To: 192.168.169.2

But after rule configured the connection still not working, it only works when I add a port forwarding.

For HTTP maybe port forwarding is OK, but other services I need to grant access to a specific public IP address, not to everyone.

So I need the Firewall rule, but is not working, it always block the request.

In the Firewall rule list I have 3 default rules:

Allow All Traffic LAN Any Any Always     

Deny All Traffic WAN1 Any Any Always     

Deny All Traffic WAN2 Any Any Always

But those rules cant be deleted or edited

Any help will be appreciated

Thanks!

Labels:
0 Helpful
2 Replies 2

Te-Kai Liu
Level 7
Level 7

‎10-16-2011 09:55 AM

Here you can find an example about how to add access rules on top of a port forwarding rule.

https://supportforums.cisco.com/message/3453760#3453760

0 Helpful

albertoavanzi
Level 1
Level 1
In response to Te-Kai Liu

‎03-18-2014 02:16 AM

Hello Te-Kai Liu,

I tried to set up rules as you explained in a RV042 using the latest available firmware and configured as gateway.

Unfortunately things do not seem to work as expected. I want to be able to accept and forward ssh connections originated from ip1 only. An ssh connection from a different ip address must be rejected. So I setup:

- port 22 forwarding to my internat ssh server, it works

- a first rule (priority 1) allowing ssh requests from ip1 on port wan1`to be accepted. More precisely:

Priority1
EnableYes
ActionAllow
ServiceSSH [22]
Source InterfaceWAN1
Sourceip1~ip1
Destinationwan1_ip~wan1_ip
TimeAlways







 

 

 

- a second rule (priority 2) denying any ssh on port wan1:

Priority2
EnableYes
ActionDeny
ServiceSSH [22]
Source InterfaceWAN1
Sourceany
Destinationwan1_ip~wan1_ip
TimeAlways

 

 

 

 

 

 

 

With this configuration, every external ip (and not only ip1) get ssh redirected, so it's not filtered out.

If I modify the DENY rule changing Destination from "wan1_ip~wan1_ip" to "any" (I don't even know if such a rule is meaningful), then EVERY ip (including ip1) get discarded when trying to ssh-connect.

So I'm unable to setup proper ip-based firewalling. Can you help please?

Thanks a lot,

Alberto

0 Helpful
Customers Also Viewed These Support Documents