cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
691
Views
0
Helpful
3
Replies

RV220W - port redirection/access rules with multiple WAN IPs

DavidMulvey
Level 1
Level 1

I've just installed a Cisco RV220W - which works fine for outbound traffic, however for inbound it seems unable to work with multiple WAN IPs.

We have a block of 6 WAN IPs assigned to us by our ISP, and I want to make use of all of them to expose certain ports on our servers to the outside world.

I've tried to do this with Access Rules (using HTTP as an example) with the following settings:

Connection Type: Inbound (WAN (Internet) > LAN (Local Network))

Action: Always Allow

Service: HTTP

Source IP: Single Address

Start: <one of the WAN IPs>

Send to Local Server (DNAT IP): <IP of the internal server>

Use Other WAN (Internet) IP Address: disabled

Rule Status: Enabled

Yet the server/port remains inaccessible.

I've tried:

  • rebooting the server with a power off/on again
  • implementing the same settings in port forwarding
  • triple-checking all IP addresses being used

The only way I've got it working is by changing the access rule so that it applies to any source address rather than one specific one...  however that's not a solution for us as we need to use specific IP addresses for specific internal servers/ports.

The router's admin interface certainly suggests this should be possible, however making use of it seems to break all incoming access!

Any suggestions welcome.

1 Accepted Solution

Accepted Solutions

Lovleen Arora
Level 1
Level 1

You should be using "ANY" as the source IP, as you are publishing your internal server to the internet and internet means the request comes from any source IP (you don't know what it is, so it will be any.

Basically, you want any source IP to hit one of your WAN IPs on port 80, and then your firewall will redirect that request to the internal server's private IP address on same port 80. And when the response comes back from the internal server, the firewall will already have this translate entry in it so the reverse NAT will happen (you don't need configure this, it is default firewall feature).

I hope I have answered your question well.

Please mark as correct if you like the response.

Thanks

View solution in original post

3 Replies 3

Lovleen Arora
Level 1
Level 1

You should be using "ANY" as the source IP, as you are publishing your internal server to the internet and internet means the request comes from any source IP (you don't know what it is, so it will be any.

Basically, you want any source IP to hit one of your WAN IPs on port 80, and then your firewall will redirect that request to the internal server's private IP address on same port 80. And when the response comes back from the internal server, the firewall will already have this translate entry in it so the reverse NAT will happen (you don't need configure this, it is default firewall feature).

I hope I have answered your question well.

Please mark as correct if you like the response.

Thanks

Thank you Lovleen, that does make sense, however that now leaves me with the problem of how to create an access rule/port redirection that only applies to traffic sent to a specific WAN IP address.

Do you have any idea how this can be implemented in the RV220W?

Thanks.

To answer my own question...  this can be done by ticking the box at the bottom of the access rule definition