Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1642
Views
0
Helpful
5
Replies

RV042G Configuration - Multiple Static IPs and Port Forwarding

Go to solution
robert prentice
Level 1
Level 1

‎03-05-2015 10:17 AM

I am having a brain fart so please excuse what might be a really simple question.

 

I have 5 Static IP addresses provided to me by my ISP. I currently use only 1 ending in .187 on the WAN1 port (The gateway ends in .185). The other 4 are .186,.188, .189 and .190.

So when computers within our office go online the IP that shows for them is the .187 from WAN1 which is fine. What I need to do is add the other 4 IPs to the router and have them point to specific static internal IPs on our VLAN while maintaining the firewall and opening only specific ports on those 4.

My issue is I don't normally mess with port forwarding and adding multiple public static IPs to a router so I am not sure how to get it working. I tried one-to-one NAT to add those 4 IPs but while that works it bypasses the firewall rules and leaves all the ports open.

Can someone help me through this? Here is a break down of what I am asking

1) Add 4 public static IP addresses to the Router and point them to static internal private IPs

2) Block all ports on those IPs inbound except for select ports I open

 

Right now the router is in gateway mode connected to our ISPs gateway (EarthLink).

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
cchamorr
Level 5
Level 5

‎03-05-2015 11:29 AM

Hello, 

Thank you for posting, I think that we can accomplish what you are trying to do by following these steps:

1- Create the One to One NAT rules for all the addresses. This will open all the ports to the private IP addresses on the LAN.

2- Using the access rules create allow rules for all the ports that you want to leave open, and then create a deny all rule going to the private IP address of the device on the LAN. What this will do is to allow just the intended traffic and stop anything else going to the private IP address of the device.

Here is a link to a document indicating how to create the rules:

http://sbkb.cisco.com/CiscoSB/ukp.aspx?vw=1&docid=214b9e138807474cba39cda82212f509_Adding_Deleting_an_IPv4_access_Rule.xml&pid=2&respid=0&snid=5&dispid=0&cpage=search

When creating the rules make sure that your source interface is the WAN port and the destination is the private IP of the server on the LAN.

Go ahead and try this and let us know if it worked for you.

View solution in original post

0 Helpful

Go to solution
mpyhala
Level 7
Level 7
In response to robert prentice

‎03-05-2015 12:07 PM

Robert,

 

Create a Deny Rule first to deny all traffic from WAN to the LAN IP. Then create an allow rule to allow the traffic that you want. If you create the allow rule first, the deny rule will catch all traffic and block even the traffic that you wish to allow.

 

- Marty

View solution in original post

0 Helpful
5 Replies 5

Go to solution
cchamorr
Level 5
Level 5

‎03-05-2015 11:29 AM

Hello, 

Thank you for posting, I think that we can accomplish what you are trying to do by following these steps:

1- Create the One to One NAT rules for all the addresses. This will open all the ports to the private IP addresses on the LAN.

2- Using the access rules create allow rules for all the ports that you want to leave open, and then create a deny all rule going to the private IP address of the device on the LAN. What this will do is to allow just the intended traffic and stop anything else going to the private IP address of the device.

Here is a link to a document indicating how to create the rules:

http://sbkb.cisco.com/CiscoSB/ukp.aspx?vw=1&docid=214b9e138807474cba39cda82212f509_Adding_Deleting_an_IPv4_access_Rule.xml&pid=2&respid=0&snid=5&dispid=0&cpage=search

When creating the rules make sure that your source interface is the WAN port and the destination is the private IP of the server on the LAN.

Go ahead and try this and let us know if it worked for you.

0 Helpful

Go to solution
robert prentice
Level 1
Level 1
In response to cchamorr

‎03-05-2015 11:54 AM

Thanks for your quick reply. I added the one to one nat of the public to private IPs and that worked fine.

I went and setup a rule for a certain port source interface WAN1, Source Any and Dest to my internal VLAN IP.

When I port scan that IP everything shows as closed including the port I said to open.

Do I need to add this service via the Forwarding option under setup and point it to my local LAN IP also?

0 Helpful

Go to solution
mpyhala
Level 7
Level 7
In response to robert prentice

‎03-05-2015 12:07 PM

Robert,

 

Create a Deny Rule first to deny all traffic from WAN to the LAN IP. Then create an allow rule to allow the traffic that you want. If you create the allow rule first, the deny rule will catch all traffic and block even the traffic that you wish to allow.

 

- Marty

0 Helpful

Go to solution
robert prentice
Level 1
Level 1
In response to robert prentice

‎03-05-2015 12:35 PM

I got it to work. I had to change the priority on the deny and allow statements but it looks like everything is working now. Thanks for the help.

0 Helpful

Go to solution
cchamorr
Level 5
Level 5
In response to robert prentice

‎03-05-2015 12:38 PM

I'm glad that this is working for you now. 

Please don't forget to mark an answer as correct if it was helpful to you so that other members can benefit from it.

Keep posting!!!!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents