Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2195
Views
0
Helpful
10
Replies

RV320 Port Forwarding

jautry001
Level 1
Level 1

‎10-15-2015 10:16 AM

I am having difficulties with port forwarding on my RV320.  I have a port forward setup for port 8081 to a specific IP address on the VLAN.  I also setup a access rule in the firewall to allow this port number.  I then try to access this configuration remotely, and get a connection refused notice.  In checking the Incoming Log, I see the received message with "ALLOW" marked on it, but it never seems to make to the IP address designated in port forwarding ( I check for it with WireShark ).  I have even disabled the firewall, and no difference.  Since there appears to be no way for the router to log port forwarding events, I am not sure how to track this.  Looking for ideas on how to debug this issue.

 

Thanks

Forwarding Entry:

James Port[TCP/8081~8081]

192.169.1.63Enabled

 

 Firewall Entry:

AllowJames Port [8081]WAN1AnyAnyAlways
Labels:
0 Helpful
10 Replies 10

Michael Swenson
Cisco Employee
Cisco Employee

‎10-16-2015 09:46 AM

Thanks for Contacting Cisco.

First of all, an ACL is not needed.  It should not be causing the issue but the port forward setup will allow the traffic in.

Please confirm that you have a public IP on the WAN port of the RV320.  IF the WAN has a private IP address, the ISP modem/router would block the traffic.

Does the access to port 8081 work on the inside of you LAN?  192.168.1.x to 192.168.1.63?  If this does not work, then your server .63 is not setup to listen on that port.

Finally, you could use a port listener, set it up on another PC on the network and test.  If this works, then the RV320 is forwarding correctly and you server at .63, is the issue.

http://www.rjlsoftware.com/software/utility/portlistener/

 

Regards,

 

0 Helpful

jautry001
Level 1
Level 1
In response to Michael Swenson

‎10-16-2015 09:55 AM

The incoming log of the RV320 is showing the incoming packet:

ALLOW

TCP 66.68.95.103:50919 -> 24.155.161.236:8081 on eth1

So I assume it must be public.

Also, I can access the service from any other computer on the lan and it shows up as listening on 8081 via netstat.  I just cannot seem to reach it from the WAN. 

0 Helpful

Michael Swenson
Cisco Employee
Cisco Employee
In response to jautry001

‎10-16-2015 10:03 AM

You can check the WAN IP on the System Summary tab. Is 24.155.161.236 your public IP?

If it works internally and not externally, typically this is firewall or virus protection issue on the server.

0 Helpful

jautry001
Level 1
Level 1
In response to Michael Swenson

‎10-16-2015 10:12 AM

Yes, that is the IP on the system summary tab.  I have the firewall disabled on the server computer currently, but does not help.

0 Helpful

Michael Swenson
Cisco Employee
Cisco Employee
In response to jautry001

‎10-16-2015 11:20 AM

Port test from lab to 24.155.161.236:8081 shows "closed".  What type of ISP do you have?  The modem may have a firewall, even with a public IP on your WAN.

 

Also, you could setup the port listener on another PC for a random port, setup a port forward for that port to IP and test.  This would help isolate if a server issue or router issue.

0 Helpful

jautry001
Level 1
Level 1
In response to Michael Swenson

‎10-16-2015 12:50 PM

Well that confuses me.  If the modem was blocking it, why is it showing up in the RV320 incoming log?

 

I did try to forward port 80 to an internal web server, but that did not work either.  Will try another anonymous port.  I have a MySQL port opened for an external database which seems to work fine.

0 Helpful

Michael Swenson
Cisco Employee
Cisco Employee
In response to jautry001

‎10-16-2015 01:24 PM

Outbound connections are allowed by default.  Thus, your LAB MySQL should be able to connect to an external server.

To test if practical, you could connect your server direct to the modem, assign the 24.155.162.236 IP to the server and test the connection. IF the modem is truly bridged, then the remote access should work. 

Also, your RV320 should be on the latest firmware 1.2.1.13

 

 

 

0 Helpful

jautry001
Level 1
Level 1
In response to Michael Swenson

‎10-16-2015 01:44 PM

Yes, I am on 1.2.1.13.  Connecting directly to the modem is not going to be easy as several groups share access.  Do I need to set up a DMZ?  Actually, this all used to work, not sure what happened.

0 Helpful

Michael Swenson
Cisco Employee
Cisco Employee
In response to jautry001

‎10-16-2015 01:55 PM

You should not need a DMZ.  A DMZ basically open all port to the server connected to the DMZ.

If you just need one port, then a port forward is correct.

If it had worked and then stopped, the ISP may have updated the modem. 

Have you rebooted the RV320?

 

0 Helpful

jautry001
Level 1
Level 1
In response to Michael Swenson

‎10-16-2015 02:54 PM

I will attempt a reboot tonight when everyone is off.  Still not clear on how it could be a modem issue if I am getting indications in the incoming log of the RV320.  I know the changes that were made where in changing the DHCP ranges and updating firmware.

0 Helpful
Customers Also Viewed These Support Documents