cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
7616
Views
10
Helpful
16
Replies

RV325 - Port forwarded but still closed

randrade86
Level 1
Level 1

We have a RV325 (192.168.63.1) router behind our TP-Link router (192.168.0.1), in a pretty simple setup. 

 

RV325 is also the DHCP server. Everything works great except that no device in 192.168.63.0/24 is accessible from outside (Internet). We forwarded all ports that we needed from TP-LINK to RV325, but looks like RV325 is not forwarding any ports to other IPs (192.168.63.2 for example)

 

For this example, we did a PAT the TCP port 3000 to 192.168.63.2 81 and ran a nmap scan from an external machine:

 

 

Nmap scan report for XXXXXXX (XXXXXXXXX)
Host is up (0.22s latency).
PORT STATE SERVICE
3000/tcp closed ppp

 

TP-Link is certainly not the problem since if we enable PPTP in RV325, it will show the 1723/tcp open

 

2018-04-17 20_32_59 PuTTY.png

 

Here is our PAT settings:

2018-04-17 20_37_17-Cisco RV325 Configuration Utility.png

 

We tried to set firewall permissive access rules or even disable the firewall but to no avail.

Running RV325 on latest firmware, can ping 192.168.63.2 just fine. We just did a factory reset.

Can anyone shed a light?

Firmware Version: v1.4.2.17 (2017-10-30, 15:50:18)
16 Replies 16

ptimmons
Level 1
Level 1

I own a RV220W which doesn't have the Port Address Translation. I use the Forwarding menu to redirects ports to inside IPs.

 

forwarding.png

 

 

In RV325, Port Forwarding must be used if you forward the same external and internal port numbers. In order to forward external 3000 to internal 81, you need to use PAT. 

 

Unfortunately, I tried both Port Forwarding and Port Address Translation, none of them work. I really think my unit is faulty but I can't RMA it yet because we have a site-to-site VPN online. I'll try to downgrade my Firmware. If it doesn't works I'll simply buy other VPN router. And will not be a Cisco because Cisco Small Business support is non-existent.

 

Thanks for the reply anyway.

This is how I would do it.

 

In Port Address Translation -> Service Management I would enter

 

Service name: TCP3000

Protocol: TCP

External Port: 3000

Internal Port: 81

 

Then I would go to Forwarding and enter

 

Service: TCP3000

IP Address: 192.168.63.2

Status: enabled

 

Can you try that?

 

PAT AFAIK is used to reserve a port range for a specific internal IP when it goes out the WAN interface. It doesn't open any port.

Hello,

 

That didn't work since PAT's Service Management is separated from Port Forwarding Service Management.

 

Here is the Service Management for PAT:

 

2018-04-20 10_35_27-Service Management.png2018-04-20 10_35_58-Cisco RV325 Configuration Utility.png

 

 

And here is the Service Management for Port Forwarding. In this window, you can't forward port 3000 to 81 only 3000 to 3000:

2018-04-20 10_36_20-Cisco RV325 Configuration Utility.png

 

I event tried to delete PAT rule and forward ALL inbound traffic (ports 1~65535) to 192.168.63.2. In this case, we would use external port 81, but still shows as "closed".

 

 

 

Do you have an entry in Firewall -> Access Rules like

 

Enable: yes

Action: Allow

Service: TCP3000

Source Interface: WAN1

Source: Any

Destination: 192.168.63.2

 

?

 

I believe that there is only one Service Table but two views into this table. One for the Forwarding menu and one for the PAT menu. So my understanding right now is that you use Firewall -> Access Rules to open ports and Forwarding or PAT to tell the router what to do with the packets.

 

Does it make sense ?

Yes, I tried to set the firewall to the most permissive mode ever (allowing any traffic) or disable the firewall. 

2018-04-20 11_29_24-Cisco RV325 Configuration Utility.png

In my KIWI SNMP log I see the RV325 ALLOWing traffic but the port remais closed. So looks like something "inside" RV325 is still blocking or not forwarding the traffic correctly.


@randrade86 wrote:
In my KIWI SNMP log I see the RV325 ALLOWing traffic but the port remais closed. So looks like something "inside" RV325 is still blocking or not forwarding the traffic correctly.

Or it could be the firewall on your server. You could capture packets on it via Wireshark and see.

 

I just ordered a RV325 online. Should be here in max 2 weeks. I'll have a better understanding then.

We disabled 192.168.63.2 firewall entirely.

 

When we had only the TP-LINK router, it worked flawlessly. Due to business reasons, we needed to add a VPN Router with Site-to-Site capability hence we bought a RV325. VPN Site-to-Site is working great so far but the port forwarding problem is really hurting us because we need our customer to access us from outside.

 

I hope you have a better experience than I did. Here is our hardware / firmware versions.

 

2018-04-20 13_03_09-Cisco RV325 Configuration Utility.png

Hi.

I got my rv325 yesterday. I replicated my rv220w config on it and everything works perfectly.

Here is what I did to replicate my firewall rules.

I will use two cases.

1) I want to open port https on 17443 and redirect it to 192.168.2.17 https 17443 (straight Forwarding)
2) I want to open port ssh on 1722 and redirect it to 192.168.2.17 ssh 22. (Port Address Translation)


For case #1, I created a new service HTTPSf17443 and added a firewall rule then added a forwarding rule.

Firewall -> Access Rules -> Service Management… -> Add
    HTTPSf17443 / TCP / 17443-17443

Firewall -> Access Rules -> Add
    Allow HTTPSf17443 from WAN1 source ANY destination 192.168.2.17

Setup -> Forwarding -> Add
    HTTPSf17443 / 192.168.2.17 / Enabled


For case #2, I created a new service SSHf1722 and added a firewall rule then added a new Port Address Translation service SSHp1722 and added a Port Address Translation entry

Firewall -> Access Rules -> Service Management… -> Add
    SSHf1722 / TCP / 1722-1722

Firewall -> Access Rules -> Add
    allow SSHf1722 from WAN1 source ANY destination 192.168.2.17

Setup -> Port Address Translation -> Service Management… -> Add
    SSHp1722 / TCP / 1722 / 22

Setup -> Port Address Translation -> Add
    SSHp1722 / 192.168.2.17 / Enabled

That's it.

 

I use _protocole_ f _wan_port_ for forwarding services and firewall rules and _protocole_ p _wan_port_ for Port Address Translation services.


Hope it helps.

 

Thanks for your reply.

 

That's exactly what I have tried since the beginning. I even tried to factory reset my router and the problem persists.

 

Unfortunately, looks like my unit is faulty.

Sorry to hear. Did you try to contact Cisco Small Business Service?

Devices have lifetime warranty if the hardware is faulty.

 

https://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html

 

Cheers

Jo

 

 

I have the identical problem, attempting to forward to 192.168.3.19. have set up port address translaton 81->81 with the destination IP and also setup fort forwarding. Furthemore, tried each one separately as well as in combination. No luck.

Hi.

 

Does it work if you connect your server directly to your service provider? My service provider blocks tcp/80 and tcp/25 maybe yours is blocking tcp/81.

 

Since you are opening tcp/81 on the router and your server, you should use port forwarding + firewall acl.

 

1-service.png2-forwarding.png3-firewall-access-rule.png

 

This works for me as you can see from the firewall log:

 

<1>1 2019-06-14T02:44:18.828946-04:00 ALLOW TCP - - - TCP 24.114.108.206:31802 -> 173.177.3.66:81 on eth1
<1>1 2019-06-14T02:44:18.831877-04:00 ALLOW TCP - - - TCP 24.114.108.206:31802 -> 192.168.2.17:81 on eth1

 

Had the same problem on my Rv325, had a cisco engineer confirm my setup was correct & RMA'd the product; upgraded to a rv345 still the same problem; found this on the rv345 thread: https://community.cisco.com/t5/small-business-routers/rv345-port-forwarding-not-working-when-inter-vlan-routing/td-p/3094792

 

Don't forget to check the settings of your fibre/dsl modem as well.. that's what it turned out to be fore me.