Thomas - All Access Rules have the "other WAN IP" marked and entered.

BTW - you received an email from me concerning this issue.  I sent you a pkt.cap file.   I really need to get it fixed ASAP because mail servers who perform reverse lookups are causing some of my people not to receive their mail.  I don't need to tell you how upset they can get.

It's FIXED!  I simply setup a rule for outbound from private address to public and the mail headers are now correct. 

I just wish I could use 1:1 NAT and block/allow specific ports.  That would make this a great product but of course everyone has their desired features!

Hi, I'm seeing this exact same problem having just installed a RV180W. My old Netgear easily allowed multiple external IPs, but I just cant get it configured on thie Cisco Box.

Inbound is fine, using the access rules and specifying the Other WAN IP address Im getting the desired inbound routing.

Outbound is a different situation. I can only present the WAN address which with my ISP is dynamic! (even though I have 5 fixed IPs). This is obviously causing mail server headaches and we are getting bounces on reputation as we are failing a reverse lookup.

It seemed simple and that I just needed to specify the Public IP in the SNAT option on the SMTP outbound rule, but this just breaks traffic flow completely. (what is SNAT even?)

I'm completely stuck. What did you do to fix it?, Im not sure Im clear on what you say fixed it for you.

Appreciate any help you can give

Thanks.

David - I have since jumped ship to a RV042G and the RV180 has had a firmware update, but that said, I was only able to make the outbound assignment work by using 1:1 NAT.  That in fact did work quite well.

I am confused about your statement "I can only present the WAN address which with my ISP is dynamic!".  If the WAN address is configered dynamic and it changes, you are dead in the water.  I have a business broadband DSL and it is presented using PPPoE but the assigned WAN never changes.  If this is the case with you, I would be more concerned about that since nothing else will work correctly.

HTH

Thanks for replying. I know it sounds crazy, but its the way that BT infintiy works (or so Im told by their support)

The fact that the router's IP is dynamic is irrelevant really as the fixed IPs they have assigned me, do arrive on the router. I have various A records specified and the incoming traffic for the underlying IPs is correctly port forwarding to the various private servers. This was achieved using the Access Rules 'Other WAN IP Address' option.

Its outgoing where my problem occurs. My mail server is presenting the dynamic address which is spam central and Im seeing bounces all day long. For genearl traffic Im not worried about this, but for SMTP its imperative I present the correct  public IP in order to survive a reverse lookup. I've done it with other routers no problem.

I dont really understand the One to One Nat and what the implications of it are. I cant seem to get it to work either, but that may be because I have these access rules running too. If I set One to One, will that mess up up my incoming rules?

The 1:1 NAT rule maps a Public IP to a Private IP - one-to one.  In order to set it up you tick the box and enter a public to private match for each server.  The least confusing configuration is something like this:

Public Block - 123.456.789.1

Private Servers - 192.168.1.1

Length 5

Do NOT use the WAN address in the mapping.

That means that 123.456.789.1 maps to 192.168.1.1 and 123.456.789.2 maps to 192.168.1.2, etc,.  What this does is make the servers appear as if they have public addresses when they don't.  In that case you do not need the port forwarding however you can use access rules to restrict ports. So you can allow only the traffic you need to the servers and the outgoing datagrams will reflect the correct IP address.

I had this same issue with the RV180 and the only way to solve it was 1:1 NAT.

Ok, thanks again for taking time to respond.

I managed to get 1:1 working of sorts, but again only for incoming. I turned off all rules, so no port forwarding and with a 1:1 I can get in (on all ports it would seem) on a public IP. But that same assigned server has no outbound access even with an ALL - ALL outbound rule specified.

So annoyed with myself for swtiching from a product range which I knew and understood. Trying to save money, but instead giving myself a 3 day nightmare and nothing but hassle from the staff!

I may have to give up.

David - 1:1 works for incoming AND outbound.  You are making this too difficult.  Granted the RV180 is a pain, however if you truly have a static block and they are mapped 1:1, AND your DNS is setup correctly for the domains, you technically don't have to do port forwarding or any access rules for that matter.  By default all the ports are open and each machine appears to the outside world as thought it has a public address.  Since you don't want all ports open, you would need to add access rules to block the ports you don't want open to the outside - but you don't need port forwarding to open a port since they are open by default.

If i remember correctly (unless it was changed with the last firmware) the RV180 access rules work in reverse order. However, I would recommend you make sure.  In that case your would create access rules

Block Any All

Allow http private ip

Allow smtp private ip

This should work. It worked for me on a previous firmware.

This all makes sense and is logical, but up to now it hasn't worked.

However, just seeing that you have said that the rules work in reverse could explain a lot. I assumed that they worked top down (as has every firewall I've ever worked with) and I may have shot myself in the foot with that.

I will have another crack. I might do a factory reset and completely start again.

Thanks again.

Good Luck - Just remember that outbound rules are not needed since each server is mapped to an external address and will use that address in outgoing datagrams - such as SMTP.

Sorry I can't test any of this for you since I sent back my RV180.  My issue was that I HAD to assign a public IP to certain servers - not use NAT.  I exchanged for the RV04G and setup the 2nd WAN port as a DMZ for all my servers.  This way they all have public IP's but I can still protect them with access rules.  Works well for my situation.