11-21-2014 05:21 AM
I've just installed a Cisco RV220W - which works fine for outbound traffic, however for inbound it seems unable to work with multiple WAN IPs.
We have a block of 6 WAN IPs assigned to us by our ISP, and I want to make use of all of them to expose certain ports on our servers to the outside world.
I've tried to do this with Access Rules (using HTTP as an example) with the following settings:
Connection Type: Inbound (WAN (Internet) > LAN (Local Network))
Action: Always Allow
Service: HTTP
Source IP: Single Address
Start: <one of the WAN IPs>
Send to Local Server (DNAT IP): <IP of the internal server>
Use Other WAN (Internet) IP Address: disabled
Rule Status: Enabled
Yet the server/port remains inaccessible.
I've tried:
The only way I've got it working is by changing the access rule so that it applies to any source address rather than one specific one... however that's not a solution for us as we need to use specific IP addresses for specific internal servers/ports.
The router's admin interface certainly suggests this should be possible, however making use of it seems to break all incoming access!
Any suggestions welcome.
Solved! Go to Solution.
11-23-2014 06:20 PM
You should be using "ANY" as the source IP, as you are publishing your internal server to the internet and internet means the request comes from any source IP (you don't know what it is, so it will be any.
Basically, you want any source IP to hit one of your WAN IPs on port 80, and then your firewall will redirect that request to the internal server's private IP address on same port 80. And when the response comes back from the internal server, the firewall will already have this translate entry in it so the reverse NAT will happen (you don't need configure this, it is default firewall feature).
I hope I have answered your question well.
Please mark as correct if you like the response.
Thanks
11-23-2014 06:20 PM
You should be using "ANY" as the source IP, as you are publishing your internal server to the internet and internet means the request comes from any source IP (you don't know what it is, so it will be any.
Basically, you want any source IP to hit one of your WAN IPs on port 80, and then your firewall will redirect that request to the internal server's private IP address on same port 80. And when the response comes back from the internal server, the firewall will already have this translate entry in it so the reverse NAT will happen (you don't need configure this, it is default firewall feature).
I hope I have answered your question well.
Please mark as correct if you like the response.
Thanks
11-24-2014 12:41 AM
Thank you Lovleen, that does make sense, however that now leaves me with the problem of how to create an access rule/port redirection that only applies to traffic sent to a specific WAN IP address.
Do you have any idea how this can be implemented in the RV220W?
Thanks.
11-24-2014 01:43 AM
To answer my own question... this can be done by ticking the box at the bottom of the access rule definition
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide