Thanks Eric that fixed that and a few other issues I was having!!

It appears that the hair pinning has only been solved for port 80 connections.

https or telnet to port 25 or 110 is not possible on IPv4, but OK on IPv6. Port 80 is OK on both.

Joergen, have you enabled all the fields in Logging and see what the log results are reporting?  might give some indication, though it will also show more issues with Date/Time issues on logging as well:)

The entire array of logging options have been selected.

In the router I primarily see IKE log messages.

Only KERNEL messages are sent to the syslog server. Nothing else is reported.

The only way I get more information is by using the hourly email option for logging and there are not very many log entries.

There is absolutely no log messages about this problem.

Log entries are also out of order, so I do not trust the logging facility at all.

Tue Aug 16 07:24:51 2011(UTC) [618579721][System][EVTDSPTCH] umiIoctl (18,
Tue Aug 16 07:36:03 2011(UTC) [618579721][Kernel][KERNEL] ip_conntrack_in: Frag of proto 17
Tue Aug 16 00:53:02 2011(UTC) [618579721][System][PLATFORM] platformHandleDBUpdate:dot11STA 

I found out to enable some more logging.

It is documenting my observations.

There are rules to allow and portforward port 80, 110, 443 to 192.168.1.2

telnet  110
Connecting To ...Could not open connection to the host, on port 110

Aug 17 13:58:05 618579721 KERNEL [Kernel] LOG_PACKET[DROP]  IN=LAN SRC=192.168.1.13 DST= PROTO=TCP SPT=2772 DPT=110
Aug 17 13:58:05 618579721 KERNEL [Kernel] LOG_PACKET[DROP]  IN=LAN SRC=192.168.1.13 DST= PROTO=TCP SPT=2772 DPT=110

telnet  80
Response from 192.168.1.2

Aug 17 13:58:37 618579721 KERNEL [Kernel] WAN_LAN[ACCEPT]  IN=LAN  OUT=LAN SRC=192.168.1.13 DST=192.168.1.2 PROTO=TCP SPT=2773 DPT=80
Aug 17 13:58:37 618579721 KERNEL [Kernel] WAN_LAN[ACCEPT]  IN=LAN  OUT=LAN SRC=192.168.1.13 DST=192.168.1.2 PROTO=TCP SPT=2773 DPT=80

telnet  443
Response from RV220W

(log reduced)
Aug 17 13:58:45 618579721 KERNEL [Kernel] LOG_PACKET[ACCEPT]  IN=LAN SRC=192.168.1.13 DST= PROTO=TCP SPT=2774 DPT=443
Aug 17 13:58:45 618579721 KERNEL [Kernel] LOG_PACKET[ACCEPT]  IN=LAN SRC=192.168.1.13 DST= PROTO=TCP SPT=2774 DPT=443
Aug 17 13:58:45 618579721 KERNEL [Kernel] UID=0 LOG_PACKET[ALLOW]  IN=SELF  OUT=LAN SRC= DST=192.168.1.13 PROTO=TCP SPT=443 DPT=2774
Aug 17 13:58:51 618579721 KERNEL [Kernel] LOG_PACKET[ALLOW]  IN=SELF  OUT=LAN SRC= DST=192.168.1.13 PROTO=TCP SPT=443 DPT=2774
Aug 17 13:58:51 618579721 KERNEL [Kernel] LOG_PACKET[ALLOW]  IN=SELF  OUT=LAN SRC= DST=192.168.1.13 PROTO=TCP SPT=443 DPT=2774

i have heard that Logging is faulty to say the least.  all my logs report 1st Jan 2000, yet TIme/date is correct on my RV220W.  i forwarded my config in total to Cisco for them to see.  i also done a factory reset and re applied ALL of my settings again, to find out i had the same issue again - lol

One other observation.

IP packets on port 80 are having the router IP-address as source address.

Not very good if the web server is making decisions depending on the source address!

Joergen

have been told the following should fix your issue.

• After configuring Port Forwarding rules, users need to go to the Firewall>Access Rules page. Perform Select, Edit, and Save for each rule, and the hairpining will be working then.

PS...

“do not use port-forwarding page; instead use the access-rule page to enable a port-forwarding/ hairpining feature”

As I have reported before, doing this will add the following three lines to the rule,

but only if you are lucky. My previous attempts to do this caused only the first rule and the first ten rules do be changed.

FirewallRules[10]["DestinationPublicInterface"] = "WAN1"

FirewallRules[10]["ScheduleName"] = ""

FirewallRules[10]["SNATAddressType"] = "7"

This time all 26 rules were modified.

And indeed, the hairpinning is now working for all ports, BUT the source address is the router LAN address!

The router will transform it to the real source address in response packets.

Doing this should not be needed and the source address must be fixed.

What also must be fixed is this Acccess Rules GUI.

Imagine, that for every rule from 11 and onwards I had to page forward to the page with the next rule, because saving a rule threw me back to page 1 !

Furthermore the ridiculous limitation of not being able to move rules between pages should be removed.

>And indeed, the hairpinning is now working for all ports, BUT the source address is the router LAN address!

Joergen, I'd like to know what triggers the router to change the source IP of the forwarded packets to its LAN IP.

Does your RV220W have the PPTP Server enabled?

BTW, thank you for pointing out the various usability problems in the current GUI.

tekliu wrote:
Joergen, I'd like to know what triggers the router to change the source IP of the forwarded packets to its LAN IP.
Does your RV220W have the PPTP Server enabled?
BTW, thank you for pointing out the various usability problems in the current GUI. 

Any TCP connect using the public IP address causes the router LAN IP-address to be used as source address.

(We ARE using the source address to modify the web server behaviour for some LAN addresses.)

GUI problems ?

Well, I have 20+ issues with the 1.0.2.4 firmware which CISCO support does not seem to be interested in forwarding to development !