cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
937
Views
0
Helpful
9
Replies

RV180 - Firewall problem

gavinlawrie
Level 1
Level 1

I am trying to configure a new RV180 VPN.  This is replacing a previous router that failed.  Because it was working with the old router, we know that all the DNS / configuration etc. is all correct.

We have a very simple system - a broadband (FTTC) internet connection terminating at a modem box.  A block of public fixed IPs.  A server.  A wireless LAN driven by its own router.  The aim is to use the RV180 to PPoE to our ISP through the broadband connection, and then provide a connection for the server and the wireless LAN.  The server has a fixed IP from the block, and provides mail and wiki type servers to the LAN and to clients on the public internet.

I have got it to connect OK via PPoE to the FTTC connection.  The router is in "Routed" mode (i.e. no NAT).  I have a configured it to distribute the block of fixed public IPs via DHCP.  I have assigned fixed IP to our server via its MAC address, and the router allocates the correct fixed IP to the server when it connects.  Clients connected to the wireless network can access the internet through the FTTC connection.  The server can make outbound connections to the Internet.  Clients on the wireless network can "see" the server.  So all good, except...

... the server cannot be reached from the public internet.

I am guessing this is a firewall issue.  I understand that the default inbound rule is to block traffic.  However I have tried creating a set of rules for the traffic (i.e. opening specific ports), and tried creating a blanket rule (enable inbound for Any source IP, Any Service, Any destination IP).  But neither solution fixes the problem.

I assume I've done something wrong, but so far I have not been able to find out what the problem is.

Grateful for any suggestions / guidance etc.

9 Replies 9

mpyhala
Level 7
Level 7

Gavin,

This is a typical scenario where One-to-One NAT would be used with the router in Gateway (NAT) mode. I have never seen anyone use Router Mode like this on any SMB router, although I'm sure it can be done. Is there a reason to avoid using One-to-One NAT?

What brand/model router did you use before?

- Marty

The problem with any NAT solution is that our wireless lan also uses NAT, and then fails on a double-nat error.  So we are trying to do without NAT on RV180.

Previous routers were a Billion7800 - which handles this configuration with no problems at all, but can't reliably provide firewall for connection, and Draytek 2830 which can handle configuration sort-of, but has persistent bug that prevents inter-lan communication (so locally connected devices cannot see the server device, but people on public internet can).

Gavin,

You're likely correct that it is a firewall issue since all outbound traffic is working. Can you post a screenshot of the Access Rule(s) you created? (Mask sensitive information)

- Marty

Hi Marty,

Here is the rule I have in place.  Just to confirm, with the router set up I can get excellent connection outbound to internet, and between server and internal wireless lan.  Just nothing from outside (i.e. via WAN) can connect to server.

Screen Shot 2014-02-28 at 22.52.42.PNG

Gavin,

Have you done a packet capture to see where the inbound traffic is getting blocked?

Administration-> Diagnostics-> Capture Packets (WAN and LAN)

- Marty

gavinlawrie
Level 1
Level 1

Thanks for the suggestion.  I'll give it a go. 

Not sure what I need to do.  But hopefully I'll find instructions in the Admin manual or some such.  Anyhow will let you know what I find out etc.

Gavin,

Go to Administration-> Diagnostics-> Capture Packets and click on Packet Trace. A pop-up window will open. Select WAN and press Start. Attempt to connect to one of the servers from the internet and then press Stop. This should take less than 30 seconds. Press Download and save the capture file to your computer. You can open it in Wireshark and see the packet flow. You can also PM me and share the capture file if you wish.

- Marty

Thanks Marty.  I've sent you a link to a capture file by PM.

Gavin,

Please check your PM.

- Marty

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: