Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1713
Views
5
Helpful
4
Replies

RV110W - inbound access rules IP filtering doesn't work

Go to solution
peon-worker
Level 1
Level 1

‎09-26-2017 01:21 PM - edited ‎03-21-2019 10:55 AM

Hi All,

 

I'm trying to use an RV110W with ip filtering on inbound rules. from testing it, i find this doesn't work.

it works if i single port forward, however there is not filtering capability. just forward the port and anyone can access the device. if i use access rules, it will forward the port but IGNORE source IP filtering. i've tried various firmware 1.2.0.9, 1.2.1.4, 1.2.1.7 and all have this problem. for testing purposes, i only forward HTTP. i have nothing in the single port forward.

access rule configuration:

action - always allow

service - HTTP

status - enabled

connection type - inbound Wan- Lan

source IP range - pubic ip range

destintation ip - single private ip

log - always

 

it seems the source ip whether single or range is ignored. i've tried connection type - inbound Wan- DMZ with the same result. i'm using IPv4 for LAN and WAN. Wireless is turned off. Outbound is allowed.

i've factory reset for each firmware image I tried. Has anyone been able to get inbound rules to work properly?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
peon-worker
Level 1
Level 1
In response to peon-worker

‎11-21-2017 08:31 AM

This is what finally worked for me. 1. setup services with the associated port(s) 2. do NOT use single port forwarding - it ignores IP filtering 3. use range port - this works with IP filtering 4. after setting up service(s) with the appropriate IP filtering, follow them with a DENY of that service(s)

View solution in original post

4 Replies 4

Go to solution
peon-worker
Level 1
Level 1

‎09-26-2017 07:12 PM

Never mind ... think i may have solved it. anyone encountering this, make sure you add an explicit deny all rule at the end of access rules. the above access rules tells the router to allow these ips to these ports. unless the packet matches one of the above rules, the deny should stop it.

 

 

 

0 Helpful

Go to solution
peon-worker
Level 1
Level 1
In response to peon-worker

‎09-27-2017 06:02 PM

nope ... sorry this doesn't quite work. a deny access rule will work with single or range of ip addresses, but if you use ANY it stops the rule that had access.  even if the working rule is before the deny ANY rule, it will still stop the working rule. anyone know how you're supposed to block ALL other IP addresses without killing a working rule?

0 Helpful

Go to solution
peon-worker
Level 1
Level 1
In response to peon-worker

‎11-21-2017 08:31 AM

This is what finally worked for me. 1. setup services with the associated port(s) 2. do NOT use single port forwarding - it ignores IP filtering 3. use range port - this works with IP filtering 4. after setting up service(s) with the appropriate IP filtering, follow them with a DENY of that service(s)

Go to solution
ICT Infrastructure Engineer
Level 1
Level 1
In response to peon-worker

‎08-17-2019 02:46 PM

Great post, thanks. Confirmed this worked for me with RV110W Wireless-N VPN Firewall and Firmware Version 1.2.2.4.

0 Helpful
Customers Also Viewed These Support Documents