cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1324
Views
0
Helpful
7
Replies

Having trouble enabling port-forwarding when 1-1 nat is enabled for different IP

oschaudt1
Level 1
Level 1

Hello,

 

I'm trying to add a port forward rule to an RV130 but it's not taking effect.

 

Basically:
ip#1 - points to mail server - all ACL is working correctly.

IP#2 - points to network - no ACL nor Port Forwarding takes effect

 

I have this device in other places, and port forwarding works when there's no 1-1 nat.

 

I have ISA which has a similar GUI - but more featureful, and everything works correctly here. 1-1 Nat & port-forwarding. I tried to transpose the ACL & port-forward from this but I'm missing some options and it doesn't work.

I've tried:
Doing the port forward by itself,

Making an ACL by itself

Combition of both, with ACL tied to both forwarded and original service port. 

 

Is this a limitation of the RV small business firewalls?

 

edit; in the rv130 I'm having issues with-- only one 1-1 nat is setup - the other IP is bound to the firewall as it's main IP.

7 Replies 7

cchamorr
Level 5
Level 5

Hello, 

I'm sorry but i'm very confused with the explanation and I don't understand what you are trying to do and what the issue is.

If you can provide us with more information (Specifics), maybe a few screenshots, I'm sure I will be able to give you an answer.

I've attached some photos.

 

1-nat.png -
this is their nat. It binds an external IP address to a local IP address. In this instance, the client has 5 ip addresses. 

 

1.5-wan.png
This is their IP config. the "Internet IP Address" is the address for the office. If you ran "what is my ip" on the server, you get 42. if you ran it on a workstation, you get 41.

 

2-access.png
These are their access rules. All work except the one "RDP" to 100.99 -- ALL the rules seem to affect the 1-1 nat IP only

 

3-PortForwarding.png
Here I tried to forward the port I wanted to the service I wanted and device I wanted. However if I connect to 9090 on any of their IP, it doesn't work.

 

It also doesn't work if I change the RDP service in the ACL to the 9090 service. Or a combination of portforwarding and ACL. 

 

What's strange is I have this setup elsewhere and it DOES work - see the picture called working config.  I know it's a completely different OS - but I don't think the functionality is ellusive. And like I said, I've got port forwarding working with the RV130 elsewhere - just not in conjunction w/ 1-1Nat

 

Edit; I also uploaded a 'working acl' from a site where I have a port forward working. The device created this ACL when I did the port forward - I tried mirroring it's setup on the RV130 but it didn't work. 

Oh, and I know that the box on port-forwarding is unchecked. I tried it both ways but I will confirm now. If it works I"ll update or reply.

 

edit; does NOT work :)

Thank you for all the info, this is definitely better and I understand the issue.

Let me review it and see if it is an expected behavior for this router or not.

I'm still checking but I have a question.

1- Are you sure this works without the One to One NAT? I only ask because I don't see why it wouldn't, the two features are not related.

Can you please disable the One to One NAT and make sure this the port forwarding works without it?

Just change the port forwarding back to 3389 for both ports and make sure it is enabled. Also, you DO NO NEED an access rule for the port forward to work, so you can remove that from the table and leave only the rules for the One to One NAT.

Please let me know.

OK, I was able to test this today.

 

Removing the 1-1 Nat let the port come through, 

adding it back, the port is still coming through

 

Which means my issue is different, but still exists:

we have several of these RV130's in play and they all have a similar issue: after a time they stop responding to port forwarding until they're rebooted.

I had an RV180 with a similar issue but turning off some of the attack prevention features stopped it. Those features aren't an option on this device.

I would be more than happy to open a new ticket for that - but my boss now asks that I address that as we have 4 or 5 sites where when they loose access, we have to ask them to reboot their firewall. 

 

Thank you for the reply.

Im sorry you are still having issues

If possible I will definitely recommend for you to contact the support center so that we can take a better look at it.