cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3291
Views
0
Helpful
12
Replies

RV220W port forwarding not working

edmondting
Level 1
Level 1

Hi I need your help here.

I am trying to configure my RV220W (firmware version 1.0.4.17) Port Forwarding so that I can remote access my Synology DiskStation NAS DS412+

On the Cisoc RV220W, i have set the following:

- UPNP Enabled

- Firewall Custom Services and Port Forwarding settings as per

http://portforward.com/english/routers/port_forwarding/Cisco/RV180/Synology_DS412+.htm


On DS412+ DSM, I have do the follwoing settings:

- Set the DiskStation using a static IP address

the Firewall on the DiskStation is not blocking any ports

Autoblock function on the DiskStation is not blocking any IP

- go to Router Configuration and set up router

> Test UPnP router and in test port forwarding rules fail

- Create port forwarding rules with Built-in application

> All services connection fail

Pls kindly advice what I need to do next to enable remote access.

Thank you

Edmond

12 Replies 12

mpyhala
Level 7
Level 7

Edmond,

Make sure that the RV220W LAN IP address is the default gateway for the Synology or port forwarding will not work.

How are you testing to see if the ports are open? If you haven't already, try:

http://www.yougetsignal.com/tools/open-ports/

Is port forwarding working for any other devices? If so, that would suggest an issue with the Synology. As a simple test you can install and run RJL Port Listener on your PC, start listening on a port of your choice and forward that port to the PC. Then test again to see if your Port Forwarding configuration is correct.

http://www.rjlsoftware.com/software/utility/portlistener/

Please keep us updated.

- Marty

Hi Marty,

The default gateway for my DSM DS412+ is already the LAN IP address of the RV220W.

Yes I am using http://www.yougetsignal.com/tools/open-ports/ to test the ports. The ports are shown closed.

I am using Mac OSX. The RJL Port Listener is for Windows base.

Currently, I have only have the port forwarding for DS412+. I have check with Synology Tech support on the settings.

Still not able to port forward.

Look forward to your advice.

Regards,

Edmond

Edmond,

Since you are unable to use RJL, there is another way to confirm that the ISP is allowing traffic on specified ports:

Disable all forwarding rules first.

Browse to Administration-> Remote Management and enable it on port 443, then do an open port scan for 443. It should be open. Change the Remote Management port to 80, 5000 and 5001 and scan each time. The port should show open each time. If it does not, then the ISP is blocking access and you need to work with them to resolve the issue.

If you find that the ports are allowed by the ISP and you still cannot get forwarding to work, I recommend that you contact support for assistance:

www.cisco.com/go/sbsc

- Marty

Hi Marty,

I tried as per your instructions. Port 443 is not able to open. For the other ports, they are closed too.

Am I doinfg it correct?

Regards,

Edmond

Edmond,

Under Attack Prevention, disable Stealth Mode when testing. Re-enable it once everything is working.

What type of internet connection do you have?

Is there a modem/router in front of the RV220W or does the RV220W have the WAN IP address 103.xx.xx.xx on the WAN port? (It is a good idea to blot out at least part of your public IP before posting a screenshot)

If the RV220W has a true WAN IP address and you are unable to get Remote Management to work on any port, then the ISP is blocking the traffic and you will need to contact them. If you have a modem/router between the RV220W and internet, you will need to bridge it so that the RV220W has the WAN IP on it's WAN port. (Contact your ISP for assistance)

Please keep us updated.

- Marty

Hi Marty,

It is still not working after disabling Sealth Mode.

I am using Fibre Optical Internet. There is a GPON ONT Modem in front of RV220W. The RV220W WAN IP is

172.xx.xx.xx.

I just contact my ISP. They mentioned that my internet service is on private dynamic IP address.

Regards,

Edmond

It's not working because it's not the RV220 that's blocking the traffic, it's your modem. Probably the 172.xx.x.xx is a private range the RV220 gets from your modem.

The real IP-adres you have to the outside world is that from your "Port Forwarding Tester" screenshot.

The current setup is not going to work... and reading the answer from your ISP is suspect that they are blocking these ports by default...

Maybe it's possible to set that GPON ONT thing into some kind of bridging mode?

Edmond,

If the ISP cannot bridge the modem/router, ask them to help you put the RV220W in a DMZ or at least forward all ports to the RV220W so you can then control port forwarding.

- Marty

Hi Marty,

My ISP reply:

"No, we do not block any ports. Just that a public static IP address will be required for DDNS, CCTV, NAS, or other servers to work over the Internet."

So I guess the only way to get it work is to get a static IP for my ISP right.

Regards,

Edmond

My ISP reply:

"No, we do not block any ports. Just that a public static IP address will be required for DDNS, CCTV, NAS, or other servers to work over the Internet."

So they do block ports, but just when you don't have a public static IP address. DDNS is specifically designed for use when you don't have a static IP address...

The person who told you this either doesn't know what he/she is talking about or is lying...

Or that 'public' being mentioned means that all of their 'normal' customers don't have a public IP address... That would also mean that a lot of other things won't work etc...

Dear All,

Thx for the help. And pointing me to the direction. I think I will need to get a public static IP from my ISP to get it working.

See the reply below from my ISP.

"Thank you for your reply on 6 January 2014.

The ONT is already set to bridged mode. With that said, you may wish to know that the Static IP would still be required in order for your NAS / Port Forwarding to work."

- Edmond

You need a public IP address and not the private address you're getting now. Static or dynamic has nothing to do with it.

I've never seen an ISP providing their customers an IP address within a private range (172.16.0.0 - 172.31.255.255), but I could imagine that they're doing this when they have only a very limited amount of public IP-addresses...

It put's a restriction on what you can do with your connection though and it implicitly means they're blocking all incoming connections...

Practically you're on an intranet that's connected to the internet... and within that intranet you want to create your own "intranet"