Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1411
Views
10
Helpful
10
Replies

RV320 forwarding between 2 private networks

Go to solution
Lio
Level 1
Level 1

‎10-02-2017 01:33 AM - edited ‎03-21-2019 10:56 AM

Hello

 

I'm a bit confused with the forwarding possibility on the RV320 router.

1. can we do port forwarding between port LAN1 and port LAN2 ? or is it only working between WAN and LAN ports ?

2. can we do port forwarding between 2 privates network ?

 

 

More details on my situation:

- I need to do port forwarding from a private network 192.168.4.x to a server with an ip on another private network 192.168.1.10 ?

I know that the question looks strange and you will say that it is easy without forwarding. But I have a specific situation where I need this :

I need to introduce 2 machines in my network, which both have the same private ip that I can't change 192.168.1.10 (don't ask me why...). And I need to address these machines on a specific port 8899, from my private network 192.168.4.x.

So my idea is to insert 2 small routers, one in front of each machine and use port forwarding :

* network 192.168.4.x -> RV320-1 (192.168.4.141-192.168.1.2)-> machine1 192.168.1.10:8899

* network 192.168.4.x -> RV320-2 (192.168.4.142-192.168.1.2)-> machine2 192.168.1.10:8899

In the routers, just forward the port 8899 to the ip 192.168.1.10.

 

But until now i was not able to make this setting working... I hope that I have not choose the wrong way .

 

thanks in advance

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP
In response to Lio

‎10-05-2017 03:15 AM

First I'd like you to check if the server. 

Well that good if it has the open port.

 What about routing on the server. If has an default route to the router? I mean, when the connection comes from another network, as in your situation, does the server knows how to reply back?

 If you can ping the server so the answer is yes. Not sure if you already said this, just to check.

 

View solution in original post

10 Replies 10

Go to solution
Flavio Miranda
VIP
VIP

‎10-02-2017 08:44 AM

Hello,

 There´s no problem with your idea.

 Let´s say you put 192.168.4.100 on RV320_01 and 192.168.4.101 on  RV320_02 (Wan Interface)

Then, you setup port forwarding 8899 to 192.168.1.10 internally. (Lan interface)

From the 192.168.4.X when you open up a browser and hit 192.168.4.100:8899 you are going to  connect to the 192.168.1.10 on RV320_01 and when you hit 192.168.4.101:8899  you are going to connect to192.168.1.10 on RV320_02

In the worst case scenario you may need to play with NAT. But, test this first.

Go to solution
Lio
Level 1
Level 1
In response to Flavio Miranda

‎10-03-2017 12:08 AM

Thanks for your reply Flavio.

Unfortunatly, that's what I try yesterday, but I was not able to make it working ...

 

Maybe my configuration is wrong, here is what I set up in the router:

WAN1 : static ip 192.168.4.100 mask 255.255.255.0 gw 192.168.4.254 (connected to network switch)

VLAN1 (default) : ip 192.168.1.100 mask 255.255.255.0 - dhcp disable (LAN2 connected to the machine1)

Forwarding : [TCP/8899~8899] - 192.168.1.10 - enable

not PAT - no one-to-one NAT

Advance routing : mode "Router" (not gateway) - no static route

Firewall : disable

 

From a computer on the 192.168.4.x network, I can reach the router. But when i try the connection on 192.168.4.100:8899 i got no reply.

I saw the connection in the incoming log table (ALLOW  TCP 192.168.4.141:1478 -> 192.168.4.100:8899 on eth1) but nothing in the outgoing table.

 

I'm feeling that the connection is going from my computer through the router to the machine1 but not on the other side.

Is there a way to have more logs, or maybe to trace the packets in the router ? the CLI looks limited.

 

 

In the "worse scenario" as you said play with NAT. That means :

Remove the forwarding rule and enable one-to-one NAT

Then add: private range 192.168.1.10 - public range 192.168.4.100 - lenght 1 - interface WAN1

Is this enough ?

or should a change something in the routing table or mode ?

0 Helpful

Go to solution
Lio
Level 1
Level 1
In response to Lio

‎10-05-2017 12:23 AM

Would anyone have an idea to help me solve this problem?

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to Lio

‎10-05-2017 02:54 AM

Are you sure the destination server is responding on the referred port?

 This port is not an known port, which service is this?

  As per your log the connection was sent to the server. 

 If you run "netstat -a' on the server it is listen on the required port?

0 Helpful

Go to solution
Lio
Level 1
Level 1
In response to Flavio Miranda

‎10-05-2017 03:09 AM

Yes I have tested the connection to the machine like this :

I have connected a laptop on the router (LAN1) and configured it on the same network 192.168.1.105.

From this laptop, I am able to access the machine directly on 192.168.1.10:8899 (lokks like the machine is working and listening on this port).

 

Then I have connected this laptop on the WAN1 and configured it on 192.168.4.200.

I can access the router web interface 192.168.4.100. I am not able to access the machine on 192.168.4.100:8899.

Same if the laptop is connected on a switch somewhere on the network.

 

The port is the one given by the vendor (it is a CNC machine), but i don't feel it is a problem as it is working on a direct connection.

 

The request seems going through the router, is there any static route to add for the response ?

 

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to Lio

‎10-05-2017 03:15 AM

First I'd like you to check if the server. 

Well that good if it has the open port.

 What about routing on the server. If has an default route to the router? I mean, when the connection comes from another network, as in your situation, does the server knows how to reply back?

 If you can ping the server so the answer is yes. Not sure if you already said this, just to check.

 

Go to solution
Lio
Level 1
Level 1
In response to Flavio Miranda

‎10-05-2017 03:32 AM

Very good note.

As the machine is connected directly to the router (LAN2) and the router should (I suppose) know both network (LAN ports 192.168.1.x & WAN port 192.168.4.x) I have never think that the machine will not be able to reply.

 

So maybe the problem is on the machine default gateway.

I will try to have an access to the machine configuration today and let you know what is her configuration.

 

Thanks !

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to Lio

‎10-05-2017 03:34 AM

Good,

And if possible, install Wireshark on the target machine, so that, it´ll be easier for you figure it out if packet is reaching the machine and with which IP address.

 If this were Linux machine Wireshark is not necessary, you can use tcodump instead.

0 Helpful

Go to solution
Lio
Level 1
Level 1
In response to Flavio Miranda

‎10-09-2017 06:45 AM

Today we were able to access the machine configuration and you were right. Problem was on the machine default ip route.

After settings the router ip address, the forwarding is working !

 

I was so focused on the router configuration that I would never have thought that the machine had no default route in factory config...

 

Many thanks for your help Flavio!

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to Lio

‎10-09-2017 06:47 AM

you´re welcome!

0 Helpful
Customers Also Viewed These Support Documents