cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4832
Views
0
Helpful
13
Replies

RV220W - NAT loopback

max-malmgren
Level 1
Level 1

As the title suggests, I want to know whether NAT loopback is possible with the RV220W router/firewall, or when can we expect a firmware update that addresses this?

For terminologys sake, what I mean is that I've got a rule that maps HTTP/S to 192.168.1.2. However, when accessing my external ip from an internal ip, I don't get routed to 192.168.1.2. This is what I want, though.

Best regards, Max

13 Replies 13

Alejandro Gallego
Cisco Employee
Cisco Employee

This is becoming a popular issue. What you are describing is called or refered to as "hairpining". For some reason the RV220 and the SA500s have this issue. (SA500s may have been corrected but not sure).

What I would recommend as a workaround is to create a DNS entry in your DNS server if you have one. If not... well... There are workarounds but none that I know are too pretty.

More information about your network would help though.

Hi, My name is Eric Moyers. I am a Network Support Engineer in the Cisco Small Business Support Center.  Please call into the Small Business Support Center at 1-866-606-1866 an open a suport case. There is a beta firmware that will fix this issue. When you talk with the agent let them know that you need to escalate this case to get that firmware.

Eric Moyers
Cisco Network Support Engineer
1-866-606-1866

I received the 1.0.2.1 beta firmware.

It does not solve this hairpinning problem.

It does not fix the non-TCP/UDP IP packets routing problem.

What is worse, is that CISCO support cannot confirm, that these two important problems are worked upon to be fixed.

This hairpinning problem is really annoying me. As a consequence nobody here can access their email accounts from their smart phones, when connected through the RV220W wireless. From ordinary workstations it is possible to enter internal addresses into the hosts file, but how would you do this on a smart phone (not to mention removing them again, when outside the premises !)

And no: two identical accounts with internal/external IP address is not possible on my smart phone and would be cumbersome anyway

phil_m_casey
Level 1
Level 1

There is a new firmware beta (or is it an alpha) that fixes this issue. If you open a ticket with Cisco small busness you may get lucky and they will let you test it. However thats up to them and you.

interman71
Level 1
Level 1

I just brought this router and very disappointed that it is no NAT loopback for this advance router.  I already upgrade the firmware to 1.0.3.5 but still no fixes for this problem.  Anyone can tell me which version of firmware will expect to fix this problem. 

It actually is working in the 1.0.3.5 firmware, but with the special feature, that the sender IP address is always the internal IP address of the router itself.  Gone is the possibility of checking for a specific client address e.g. when testing.

This should definitely be fixed.

Sorry Joergen, you said it fixed but my router is definitely not working.  but look like the port forwarding not work properly.  For example, I setup a webserver in DMZ host and port forwarding HTTP port (80) to my web server, when I am using computer in LAN to access my public address, it always direct to the router management web page with HTTPS connection.  It is rare that even I specify http:// at the browser, it still automatically switch to HTTPS.  Is it something I miss to setup for port forwarding?

It is what I setup for port forwarding and 192.168.1.3 is my server.


Action
ServiceStatusSource IPDestination IPForward from PortForward to Port
Always AllowHTTPEnabledAny192.168.1.3

Always AllowFTPEnabledAny192.168.1.3

Always AllowSMTPEnabledAny192.168.1.3

Always AllowIMAP2EnabledAny192.168.1.3

Always AllowIMAP3EnabledAny192.168.1.3

It is my Access Rules

Default Outbound Policy
Policy:

Allow

Block

Access Rule Table

ActionServiceStatus
Connection Type
Source IPDestination IP
Always AllowHTTPEnabledInbound (WAN (Internet) > LAN (Local Network))Any
Always AllowFTPEnabledInbound (WAN (Internet) > LAN (Local Network))Any
Always AllowSMTPEnabledInbound (WAN (Internet) > LAN (Local Network))Any
Always AllowIMAP2EnabledInbound (WAN (Internet) > LAN (Local Network))Any
Always AllowIMAP3EnabledInbound (WAN (Internet) > LAN (Local Network))Any

Is it anything I missed to setup?

Are you sure, you are using firmware 1.0.3.5 ?  (Check the Status -> System Summary page)  The screen dump is showing an incorrect header (Forward from Port) which I seem to recall was present in an earlier firmware version.

I have always wondered about the RV220W Firewall -> DMZ Host page. As opposed to any other router in the market it does not mean, that traffic is routed to that IP-address if no other rule is present. It appears to me only to be a name for the IP-address of your DMZ server.

You must explicitly route all traffic to any LAN server.

Make sure, you are using Firewall -> Access Rules to define forwarding. I seem to recall a problem by using the Port Forwarding page.

Finally, I make it works.  I need to set a Access Rule to allow all outbound access.  I don't quit understand, may be by default, the router don't allow the outbound transmit so the my internal web server can not response the request.   Hope CISCO provide some documentation to mention all this kind of trick to setup the router in future.

Can you please elaborate how you got it working? I really really need the LAN to access our server...

Set a access rule to allow any outbound access from any to any permit.

Hope it's work for you.

Good luck!

Thanks. I will try that.

It does sound like it could cause an endless loop of requests, though.