Hi  Johnnatan. What I want to configure is IP Forwarding and not only Port Forwarding

When performing Port Forwarding configurations, the originating source IP is not forward to the destination server. In the destination we have as source the IP of the router (the RV120W internal address).

best regards,

--

Bruno Antunes

Hi Bruno, have you ever tried with a port triggering? Maybe this feature could help you.

http://www6.nohold.net/CiscoSB/Loginr.aspx?login=1&pid=2&app=search&vw=1&articleid=1161

You can also us the GuideME,  is a tool from Cisco made for small business products, and your device is in this category, you can use this address for accessing the tool:  http://sbkb.cisco.com/CiscoSB/Loginr.aspx?alt1=&pid=4&eroute=Super , is very easy to use, just complete the 3  spaces on this way:

Select a category: (Select the device type on request), e.g. Routers

Enter model: (Type the model on request), e.g. RV120

Question: (Type what  you want to know  about the device), e.g. Firewall

And it'll be showing all the information you need about what you wrote.

I hope you find this answer useful,

*Please mark the question as Answered or rate it so other users can benefit from it"

Greetings,

Johnnatan Rodriguez Miranda.

Cisco Network Support Engineer.

My guess, is that IP Forwarding is not supported or possible with RV120W.

Using Port Triggering, Forwarding, or configure a DMZ does not help here: The originating source IP is not forward to the destination server.

As for this Cisco GuideME, it does not seem to help much (for this question)

thanks, best regards

--

Bruno Antunes

This question remains un-answered: Jonathan did not address the OP's question on why the remote IP address of the SSH connection is the LAN IP address of the router. I can add a little more information to this question. I too have hit this condition for SSH connections. However, it changed from the original condition to only showing the LAN IP address of the router for origin of the SSH connections.

The RV 120W was installed 12/12/2012 and I set up port forwarding for SSH at that time. That worked as required and the remote IP address for the SSH connection shows the true remote IP in the UNIX system syslog file. However, when I set up the VPN function with PPTP to allow the owner to pop his e-mail from the UNIX server to his IPad, SSH forwarding still worked but the remote IP address is now shown as the LAN IP of the router. See below:

May  6 09:02:32 unix sshd[21753]: Accepted publickey for admssh from ???.104.??.66 port 3037 ssh2                   

May  6 09:02:32 unix sshd[21753]: subsystem request for sftp                   

May  6 12:06:42 unix sshd[27975]: Accepted publickey for admssh from ???.104.??.66 port 3061 ssh2                   

May  6 12:06:42 unix sshd[27975]: subsystem request for sftp                   

Note the "from" ???.104.??.66 in the above records. That is the public IP address for the remote office ( ??? is obfuscation of the actual logged IP ).

Since the changes on 5/7 to enable PPTP VPN for IPad we get:

May  8 09:06:38 unix sshd[10087]: Accepted publickey for admssh from 192.168.10.251 port 3400 ssh2                 

May  8 09:06:38 unix sshd[10087]: subsystem request for sftp                   

May  8 12:06:34 unix sshd[14436]: Accepted publickey for admssh from 192.168.10.251 port 3436 ssh2

May  8 12:06:34 unix sshd[14436]: subsystem request for sftp                  

Note the "from 192.168.10.251" in the above records. That is the local LAN IP of the Cisco RV 120W router/firewall/VPN.

As part of the PPTP VPN set-up on the "VPN Users" tab I enabled the PPTP server and  specified the start and end IP address as 192.168.10.201 and  192.168.10.205

The problem with all remote SSH addresses showing up as the LAN IP address of the RV 120 is that it breaks my security script to identify source IP addresses originating an SSH scan for unsecured SSH hosts. I scan the syslog every minute and if I see 10 or more failed login attempts from a remote IP address the script updates /etc/ipf.conf to add a rule to block further SSH attempts from the attacking source IP address.

The following shows the total accumulated IP addresses (3210) that have scanned my system and  have been blocked since June 22, 2007:

block in log quick from 94.102.3.151 to any port = 22

block in log quick from 113.52.152.17 to any port = 22

block in log quick from 121.52.220.29 to any port = 22

block in log quick from 142.91.210.197 to any port = 22

block in log quick from 220.164.144.135 to any port = 22

block in log quick from 190.82.84.203 to any port = 22

block in log quick from 199.33.127.130 to any port = 22

block in log quick from 186.151.229.242 to any port = 22

block in log quick from 37.247.102.226 to any port = 22

block in log quick from 61.164.147.2 to any port = 22

block in log quick from 5.152.207.97 to any port = 22

block in log quick from 202.119.236.86 to any port = 22

block in log quick from 103.3.79.83 to any port = 22

block in log quick from 94.242.252.47 to any port = 22

block in log quick from 119.254.7.71 to any port = 22

block in log quick from 61.129.55.240 to any port = 22

block in log quick from 209.92.176.41 to any port = 22

block in log quick from 201.63.147.98 to any port = 22

block in log quick from 124.160.194.27 to any port = 22

block in log quick from 59.151.5.236 to any port = 22

block in log quick from 183.60.20.36 to any port = 22

block in log quick from 211.144.85.58 to any port = 22

block in log quick from 5.178.87.121 to any port = 22

block in log quick from 61.12.3.163 to any port = 22

"/tmp/bob" [Modified] line 3187 of 3210 --99%--

And what I used to see in UNIX syslog before enabling PPTP server:

May  6 07:51:49 unix sshd[20483]: Failed password for root from 211.144.85.58 port 52375 ssh2                             

May  6 07:51:50 unix sshd[20485]: Failed password for root from 211.144.85.58 port 53569 ssh2                             

May  6 07:51:51 unix sshd[20487]: Failed password for root from 211.144.85.58 port 53878 ssh2                             

May  6 07:51:52 unix sshd[20489]: Failed password for root from 211.144.85.58 port 55098 ssh2                             

May  6 07:51:53 unix sshd[20491]: Failed password for root from 211.144.85.58 port 55507 ssh2                             

May  6 07:51:54 unix sshd[20493]: Failed password for root from 211.144.85.58 port 56575 ssh2

May  6 07:51:55 unix sshd[20495]: Failed password for root from 211.144.85.58 port 56920 ssh2

May  6 07:51:56 unix sshd[20497]: Failed password for root from 211.144.85.58 port 58069 ssh2

May  6 07:51:57 unix sshd[20499]: Failed password for root from 211.144.85.58 port 58437 ssh2

May  6 07:51:57 unix sshd[20501]: Failed password for root from 211.144.85.58 port 59647 ssh2

May  6 07:51:59 unix sshd[20503]: Failed password for root from 211.144.85.58 port 59949 ssh2

May  6 07:52:01 unix SSHCHECK: Added ipf block on port 22 from 211.144.85.58 for SSH abuse 

This is a specific problem and needs a specific resolution. Please don't refer me to some random documentation  unless the documentation addresses this specific problem.

Hi all

Could you specify the firmware version of your device?

“Please rate useful posts so other users can benefit from it”

Greetings, 
Johnnatan Rodriguez Miranda.
Cisco Network Support Engineer.

Cisco Small Business

RV 120W Wireless-N VPN Firewall

Firmware Version: 1.0.2.6

Hi Steve,

I recommend you to download the latest software of your device, the latest release is 1.0.4.10 and you can download it here, after that I encourage you to perform a factory reset to your device (remember always create a back up of your data). I hope this answer helps you.

You can also see the release notes of every firmware here

“Please rate useful posts so other users can benefit from it”

Greetings, 
Johnnatan Rodriguez Miranda.
Cisco Network Support Engineer.

I downloaded the recommended firmware and the release notes for v1.0.3.10 and 1.0.4.10 and neither one addresses the issue I describe. Before I go to the trouble of upgrading the firmware to 1.0.4.10  I have two questions:

1) Are you using me as a test subject?

2) Do you know if either 1.0.3.10 or 1.0.4.10 addresses the issue that I am having?

Well three questions:

3) Have Cisco network engineers tested this issue and assigned a reference number to the described issue?

Hi Steve,

If the latest firmware doesn´t fix your problem, can you please reach out to our Small Business Support Center and open a Service Request to address this issue? One of our Engineers may be able to work with you and diagnose the root cause. You can find the appropriate contact information for SBSC in the below link.

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

I apologize for the inconvenience you are having with the device, please contact our support center and we´ll help you with your issue.

“Please rate useful posts so other users can benefit from it”

Greetings, 
Johnnatan Rodriguez Miranda.
Cisco Network Support Engineer.

I can confirm that this does not work on firmware  1.0.3.10. I will also try the update version but don't think it will solve anything. I have initially some discussion with this on post RV 120W Port Fowarding and remote address that was also not addressed.

Regarding notes from "Steve Fabac" I have also PPTP VPN set-up. I will disable this to observe behaviour

best regards

--

Bruno Antunes

Back from vacation I have revisited the problem. I performed the upgrade to the 1.0.4.10 version firmware as suggested and that went very smoothly. The unit rebooted and all configuration settings (except PPTP account information) were carried over from the previous firmware.

As specified in the release notes I had to setup the user PPTP account information and then I tested the VPN to make sure that it is working. I checked SSH IP forwarding by connecting to the remote office UNIX system and then back to the home office and the remote IP was logged to syslog.

The 1.0.4.10 firmware has restored the correct remote address reporting and my security script is now working as required:

May 21 06:19:29 unix sshd[29872]: Failed password for root from 192.168.10.251 port 45458 ssh2

May 21 06:19:32 unix sshd[29874]: Failed password for root from 192.168.10.251 port 45621 ssh2

May 21 08:00:08 unix sshd[1245]: Accepted password for pam from 192.168.10.251 port 64041 ssh2

May 21 08:00:08 unix sshd[1245]: subsystem request for sftp

May 21 09:06:43 unix sshd[2295]: Accepted publickey for admssh from 192.168.10.251 port 1588 ssh2

May 21 09:06:43 unix sshd[2295]: subsystem request for sftp

May 21 10:28:53 unix sshd[3795]: Failed password for steve from ???.104.??.66 port 1604 ssh2

May 21 10:28:56 unix sshd[3795]: Accepted password for steve from ???.104.??.66 port 1604 ssh2

May 21 12:06:31 unix sshd[6451]: Accepted publickey for admssh from ???.104.??.66 port 1611 ssh2

May 21 12:06:32 unix sshd[6451]: subsystem request for sftp

May 21 13:26:21 unix sshd[7530]: Failed password for root from 213.149.117.244 port 60057 ssh2

May 21 13:26:24 unix sshd[7532]: Failed password for root from 213.149.117.244 port 32873 ssh2

May 21 13:26:27 unix sshd[7534]: Failed password for root from 213.149.117.244 port 33978 ssh2

May 21 13:26:32 unix sshd[7536]: Failed password for root from 213.149.117.244 port 35102 ssh2

May 21 13:26:35 unix sshd[7539]: Failed password for root from 213.149.117.244 port 36247 ssh2

May 21 13:26:39 unix sshd[7541]: Failed password for root from 213.149.117.244 port 37122 ssh2

May 21 13:26:43 unix sshd[7543]: Failed password for root from 213.149.117.244 port 38007 ssh2

May 21 13:26:47 unix sshd[7545]: Failed password for root from 213.149.117.244 port 39034 ssh2

May 21 13:26:51 unix sshd[7547]: Failed password for root from 213.149.117.244 port 39992 ssh2

May 21 13:26:54 unix sshd[7549]: Failed password for root from 213.149.117.244 port 40683 ssh2

May 21 13:26:58 unix sshd[7551]: Failed password for root from 213.149.117.244 port 41494 ssh2

May 21 13:27:01 unix SSHCHECK: Added ipf block on port 22 from 213.149.117.244 for SSH abuse

May 21 13:36:58 unix sshd[7553]: fatal: Timeout before authentication for 213.149.117.244.

May 21 16:06:45 unix sshd[9810]: Accepted publickey for admssh from ???.104.??.66 port 1674 ssh2

Cisco should update the release notes for 1.0.4.10 to add the information that it fixes the remote address problem.