Hi,

i've added the screenshot.

So port forwarding to VLAN 10 (10.10.10.128/26) does not work

Port forwarding to VLAN 1 (default) 10.10.10.0/26 works

For clarification, i'm talking about accessing intranet host from internet.

Sure i can undertand out side to inside

can you post VLAN information screen shot also

Hi Balaji,

Added screenshot

also before you ask, inter-vlan routing is enabled.

Thank you.

high level your config seems to be ok. last but not the least.

Couple of test to confirm :

1. Internally from VLAN 1 IP to VLAN 10 IP you were port-fording working ? YES / NO

2. The One Port-forward from Internet to LAN(VLAN 10), can you post output of  ipconfig/all (if windows ?) also netstat -na

Hi,

At Question 1: i did not do this. I am forwarding :

 WAN to VLAN10 fails

WAN to VLAN 1 works

At question2:

PS C:\Users> ipconfig

Windows IP Configuration

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
Site-local IPv6 Address . . . . . : fec0::d82c:683a:f4e9:f8d1%1
Link-local IPv6 Address . . . . . : fe80::d82c:683a:f4e9:f8d1%2
IPv4 Address. . . . . . . . . . . : 10.10.10.140
Subnet Mask . . . . . . . . . . . : 255.255.255.192
Default Gateway . . . . . . . . . : fe80::d6ad:71ff:fe5c:3f3f%2
10.10.10.129

Tunnel adapter isatap.{72BB650E-67FA-4B3C-B78B-AB13201CAF36}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

______________________________________________________________________________________________

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
Site-local IPv6 Address . . . . . : fec0::5c2b:6e85:6aea:29f9%1
Link-local IPv6 Address . . . . . : fe80::5c2b:6e85:6aea:29f9%13
IPv4 Address. . . . . . . . . . . : 10.10.10.133
Subnet Mask . . . . . . . . . . . : 255.255.255.192
Default Gateway . . . . . . . . . : fe80::d6ad:71ff:fe5c:3f3f%13
10.10.10.129

----------------------------------------------------------------------------------------------

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
Site-local IPv6 Address . . . . . : fec0::d0af:204a:7330:7992%1
Link-local IPv6 Address . . . . . : fe80::d0af:204a:7330:7992%10
IPv4 Address. . . . . . . . . . . : 10.10.10.2
Subnet Mask . . . . . . . . . . . : 255.255.255.192
Default Gateway . . . . . . . . . : 10.10.10.1

idk why my last reply is not showing up.... posting again

1. Internally from VLAN 1 IP to VLAN 10 IP you were port-fording working ? YES / NO

- i only tested like this:

--- WAN to VLAN 10, this fails

---WAN to VLAN 1, this works

2. The One Port-forward from Internet to LAN(VLAN 10), can you post output of  ipconfig/all (if windows ?) also netstat -na

---i've attatched a txt file

ok i would like to test below one and confirm server side ok as per the config i do not see any issue here.

1. Internally from VLAN 1 IP to VLAN 10 IP you were port-fording working ? YES / NO

Try from 10.10.10.0/26 IP range any IP to try to connect what ever port you like to forward ( as per message you like to do 3389)

10.10.10.133 3389 and confirm  is this works ?

everything works between the internal VLANs

you can see in the netstat from 10.10.10.2:

TCP 10.10.10.2:57583 10.10.10.140:3389

vlan1 host RDP on 3389 to VLAN 10 host.

this works, so i dont need internal forwarding because internal routing between vlans does this for all ports automatically

My problem is reaching a host from the outside (internet/WAN) as source

Since i take as confirmation from VLAN1 to VLAN 10 RDP working.

Try reboot the device after configuring port-forward , save  and reboot and let  us know if that works. 

sadly that does not make any difference, i've rebooted dozens of times, factory reset 3 times ....

it only forwards to hosts on VLAN 1 and no external access to hosts on other vlans.

Just to confirm make sure NAT working, try one to one NAT and test ?

If you have rights on the PC/ Server - install wireshark and check are you able to get any request coming in ?

Can you also post your outbound NAT rule screenshot

EDIT : not sure this could have issue here :

the one working config of as below :

IPv4 Address. . . . . . . . . . . : 10.10.10.2
Subnet Mask . . . . . . . . . . . : 255.255.255.192
Default Gateway . . . . . . . . . : 10.10.10.1

The one not working :  ( Can you disable IPv6 here) and test other i was thinking 

IPv4 Address. . . . . . . . . . . : 10.10.10.133
Subnet Mask . . . . . . . . . . . : 255.255.255.192
Default Gateway . . . . . . . . . : fe80::d6ad:71ff:fe5c:3f3f%13
10.10.10.129

i dont know what outbound NAT config is.

The only NAT options i see in the management interface of the router is the one-to--one NAT, where you need a static public IP.

I have a dynamic public IP

Try the one option i have suggested for I

1 Pv6 disable, - is that works ?

2. from VLAN are you able to access Internet outgoing ?

3. can you post Access Rules screenshot ?