cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
972
Views
0
Helpful
3
Replies

RV220W - Firewall driving me mad

dannyleeuk
Beginner
Beginner

Hi All,

One of the key features of this router was the firewall yet for whatever reason it just isn't playing ball. Here's my setup.

My broadband is connected by a TP-Link ADSL router. This has been configured for the DMZ host to be the RV220W.

The RV220W has been configured for WAN etc and internet is flowing through the network just fine. Here's my issue

I have two VLANS (3 inc default).

VLAN 666 = For server/vsphere network. (Configured on a 10.20.30.x range)

VLAN 333 = Spare (Configured on a 192.168.3.x range)

VLAN Default = Everyone else (Configured on a 192.168.2.x range)

I don't want any servers/clients on VLAN 666 to access the internet at all, therefore, the simplest rule would be:

Always Block AnyEnabled Outbound (LAN (Local Network) > WAN (Internet)) 10.20.30.2 - 10.20.30.254 Any

This doesn't seem to work, even after a reboot. I've also tried individual source IP's and still, it won't work which I thought could be a work around.

Is there any explanation for why this isn't working and why the rule just isn't applying. Also, is there a simpler way of blocking VLAN 666 from accessing the WAN interface?!

Any help would be greatly appreciated!

3 Replies 3

dannyleeuk
Beginner
Beginner

Anyone? :-(

panos.asproulis
Beginner
Beginner

How is your RV220W connected to the ADSL device? Is the ADSL device running in bridge mode and the RV220W does a PPPoE connection to it? Or is the ADSL device running as a router itself?

In that case, If you would like to restrict the Internet access to all the devices attached to the Vlan666. I would recommend you to set an extended access list instead.

access-list # deny TCP 10.20.30.X (wilcard) any eq 80

access-list # permit ip any any

If this answer was satisfactory for you, please mark the question as Answered.

Thank you

In that case, If you would like to restrict the Internet access to all the devices attached to the Vlan666. I would recommend you to set an extended access list instead.
access-list # deny TCP 10.20.30.X (wilcard) any eq 80
access-list # permit ip any any

If this answer was satisfactory for you, please mark the question as Answered.
Thank you

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: