RV320 and One-to-One NAT

Tom Herrera · ‎04-12-2015

Have a general question on this particular feature of the RV320. Theoretically one can set up One-To-One NAT rules and have a static IP provided by your ISP (AT&T in this case, on their IP/Flex/BVoIP product), route to a particular private IP address on the internal network.

I just don't seem to be able to get this to work, and I'm sure it's something really simple. Well, okay, at least I'm hoping so. I've verified with AT&T my address block and that I am not attempting to use any of the addresses they are using for their equipment. This is a managed service, and basically my RV320 plugs into their Cisco router, which is for all practical purposes a black box to me.

Anyone have any suggested troubleshooting I can do? I've set up an Access Rule to basically allow the world in on that connection at this point, since it's still in test mode and there are no real machines on it yet. Just a simple, basic CentOS 6 server running SSH as a server. That's what I'm trying to hit, but no matter what I set on the RV320, no dice. I can SSH to that box when I am on the internal network just fine, and from that box I can connect out to the wide world, but when I try to get in to it from the outside there is no joy.

Any ideas? Would be greatly appreciated!

og1 · ‎03-18-2018

Hello all.

Instead of starting my one thread on the RV320 gateway/router and the issues I'm seeing with one-to-one NAT, I thought I'd add onto this old post that describes nearly exactly the same issue I'm seeing in trying to one-to-one NAT a server I have on my internal private network to one of my public static IP addresses (so I can access the server from the public IP address NAT'd to the servers's private IP).

I notice no one answered the previous question, and the RV320 seems to have some known issues with one-to-one NAT from the firmware release notes. So something seems to be going on with the one-to-one NAT functionality on this RV320 router/firewall.

I know the server is 100% fine... if I turn off one-to-one NAT on the RV320 to the server (just uncheck the enable field) the server can access the Internet just fine via the static public IP assigned from my ISP which I'm using for my main WAN IP. But that doesn't help me achieve the needed end configuration, as I need to access the server directly from the public Internet.

But if I one-to-one NAT the server to a different public IP address in my /29 public IP block from my ISP, then the server completely stops passing traffic to the Internet and can't receive anything from the Internet. Strange, as the server says it has Internet connectivity when NAT'ed, but it's essentially becomes a stand along box. But everthing else on the network works just fine in terms of sending and receiving traffic from the Internet (all except the server that's one-to-one NAT'd is fine).

I have the RV320 firmware at the latest version. All me computers and servers and the network service from the ISP are fine. But one-to-one nat that one server and it's useless. Even when I turn off the firewall on the server, it's exactly the same behaviour, so it's not the firewall on the server. Disable the one-to-one NAT on the RV320 and the server is fine again send traffic to and from the Internet(but that is not what I need, I need the server to have a public IP address via one-to-one NAT that in theory, should work on this RV320 with my /29 block of public IP addresses).

Does anyone have a proven solution with step by step instructions on how to get a server to one-to-one nat to a static IP address properly on the RV320?

I thought one-to-one NATing a server would be a 2 minute task with the RV320, but it's turned into a days long affair. Very frustrating.

Thanks for your help and time. Greatly appreciated.