Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
339
Views
0
Helpful
2
Replies

RV325 - firewall confusion

rdk_cisco1
Level 1
Level 1

‎12-03-2024 10:42 AM

We have a Cisco rv325 dual band router (only WAN1 is connected to anything) which is used for access to our internet connection.

Actually, the Internet connection (WAN1) is via a fiber modem provided by my phone/ISP and via a DMZ which bypasses the built-in firewall on the ISP modem.  The Cisco LAN is defined as 10.0.99.0.  I've used it "successfully" for years but recently found that it seems to have been breached. 

Details:  Since the RV325 does not have a built-in WiFi, we are using a Netgear RAX120 for our wireless devices – laptops, printer. Raspberry Pi’s, webcams, etc.  It is using 192.168.99.0 for its LAN network.  The Netgear “WAN” access from the Cisco rv325 is via 10.0.99.99.

Several years ago, we needed remote SSH access to one of the Pi devices.  I set up a Service “RPi” to route incoming DMZ traffic for port 875 to the Netgear “WAN” port (192.168.99.99) via this Firewall access rule:

Allow

RPi[875]

WAN1

Any

10.0.99.99 ~ 10.0.99.99

Always

The Netgear then used a “Port Forwarding / Port Triggering” rule to send the traffic to the Pi.

Other rules were:

Allow

IPP protoco [631]

LAN

Any

10.0.99.99 ~ 10.0.99.99

Always

Allow

HP_Printing [8100]

LAN

Any

10.0.99.99 ~ 10.0.99.99

Always

Deny

HTTP [80]

WAN1

Any

10.0.99.99 ~ 10.0.99.99

Always

Allow

IPSec [500]

WAN1

Any

Any

Always

Allow

WebCam2UDP [8101]

WAN1

Any

10.0.99.99 ~ 10.0.99.99

Always

 

This worked and we used it for several months.  But then decided that remote access was no longer needed so deleted that rule.

However, we have just discovered that unwanted traffic was still being routed to the Netgear and that Pi was triggering Fail2Ban emails due to failed SSH logon attempts.  Our confusion is that with the RPi service having been removed from the Cisco Firewall access list, why was the rv325 still allowing that traffic and routing it to the Netgear?

We stopped the traffic by adding this rule

Deny

RPi[875]

WAN1

Any

10.0.99.99 ~ 10.0.99.99

Always

My confusion is that my understanding of a Firewall was that if the traffic was not specifically allowed by a rule then it was disallowed and thus not forwarded/transferred  period.

Even worse, we have determined that other traffic, no allowed, getting through the RV325.  What have we done wrong?....RDK

Labels:
0 Helpful
2 Replies 2

Flavio Miranda
VIP
VIP

‎12-03-2024 10:54 AM - edited ‎12-03-2024 10:56 AM

@rdk_cisco1 

 Hard to say as we dont have information on how exactly is configured the Router.  But,keep in mind that,  RV325  is a router not a firewall.

  Standard firewall will not allow any traffic unless permitted, but a router does not work in the same way. Router is meant to route traffic and can, eventually,  block some traffic if Access List is correctly placed.

 

 

0 Helpful

rdk_cisco1
Level 1
Level 1
In response to Flavio Miranda

‎12-03-2024 10:32 PM

Thanks for the prompt reply.  Our unit is at firmware v1.5.1.11 (2020-05-28, 21:27:51) but we can not find any newer version.  Have we missed something?

What additional information do you need to help us address this situation?  When we bought this unit several years ago (probably +10) we got it because it was 1) CISCO, 2) targeted small businesses and 3) advertised as a router FIREWALL.

Can we address this situation or are we better off to get a new unit?  If that option, what would you suggest?

Thanks...RDK

0 Helpful
Customers Also Viewed These Support Documents