03-23-2012 02:10 PM
I have found numerous posts discussing this but have yet to find a solution. I have an RV082 with firmware 2.0.0. 2.0.0.19-tm and I need a way to limit the incoming smtp traffic to just the spam filtering company.
I have a port forwarding rule to forward WAN1 port 25 traffic to 192.168.1.10
I tried to add an access rule to deny all port 25 and then added one to allow WAN1 port 25 source <spam company> destination 192.168.1.10
The RV082 log screen shows the traffic allowed but it does not work. If I uncheck the 'enable' box on the DENY port 25 rule email is still blocked. Only when I uncheck the 'enable' box on the ALLOW rule does email start flowing again.
03-25-2012 11:21 AM
Hello Gary,
From the sounds of it, I think your access rules may be out of order. On the firewall, I would try to configure the following in this order:
1. A rule allowing port 25 from
2. A rule denying source
Additionally, I would recommend upgrading the firmware to the latest version of 2.0.2.01.
Give this a try, If you have any further issues, let me know.
03-25-2012 06:43 PM
I tried the update to 2.0.2.0.1 but that did not help. Nothing in the read.me file indicated it would but I tried it anyway. I do have the rules in the correct order. I have done this many times with the higher end Cisco routers and it works fine. The RV082's apparently have a problem. I reset the access rules back to the defaults and only added one "Allow" rule for port 25 from my office IP address. That is it. Since it is an "Allow" rule I would have expected it to not have any affect on anything since it is not denying anything. Wrong. I can not telnet to port 25 anymore. I then changed the rule to "Allow" everything from my IP address, not just port 25. That locked me out of the router totally. I had to log in via a different IP address and delete that rule. It seems any access rule at all makes this thing choke.
And yes, I have several clients with these RV082 routers so I tried the same experiement on each one and they all act the same way. The access rules feature just plain does not work on these.
03-26-2012 05:10 AM
Hello Gary,
Thank you for your response. Could you refer to the following post: https://supportforums.cisco.com/message/3453760#3453760
Is this how you have your port forwarding and access rule setup?
03-26-2012 05:37 AM
Yes, I found that post in my searches. As I mentioned tho, I don't even have to add the deny rule, just the allow rule and that kills the connection.
03-26-2012 05:50 AM
Hello Gary,
Are you able to call the Cisco Support Center to open a Service Request? Is it possible to email me a screen shot of the RV082's access rule and port forwarding rule.
03-26-2012 06:18 AM
Hello Gary,
The rules appear to be correct. and you are saying that when you enable the SMTP rules, you are locked out of the router, correct? I will try to test this myself today and get back with you when I am able to get some results.
03-26-2012 06:27 AM
Correct. It is not there now but as a test I added a rule to my office IP and then tried to telnet to port 25. Even without the 'Deny' rule, I could no longer connect to the mail server.
When I telnet to port 25, I get:
Trying 111.222.333.444. ...
Connected to mail.domain.com.
Escape character is '^]'.
Connection closed by foreign host.
The "closed" line appears after oh 10 seconds or so.
If I uncheck that rule, I connect immediately
04-11-2012 09:55 AM
Has there been any update on this issue? Please advise.
04-11-2012 10:37 AM
Gary,
Is there any way you can provide a screen shoot of the routers ACL rule, or call in to the 1866-606-1866 support number so we can take a look through a webex?
Cisco Small Business Support Center
Randy Manthey
CCNA, CCNA - Security
04-11-2012 10:55 AM
Hello Gary,
What you are experiencing is not the expected behavior of the router. . Try the following:
obtain a fresh copy of the firmware for the router by downloading it from the Cisco.com site.
In the Access Rules do the following:
Action: allow
Service: Port 25
Log: log packets match this rule
Source interface: ANY Source IP:
Destination IP:
*** This should allow your traffic into the router from the single IP address that you want to allow or the range
Then, create another rule.
Action: Deny
Service: Port 25
Log: log packets match this rule
Source: Any
Destination:
*** This should block other IP addresses from entering the router using port 25 to get to your private IP address.
I just configured this in the lab again, but instead of port 25, I used RDP 3389 so I was able to RDP only from the specified IP addesses. Could you try using a different service such as RDP, just to eliminate a service related issue, and try to configure the rule exactly as mentioned above. Once you have done this, please email me a screenshot to compare it to what I have in the lab.
Hope this helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide