Firewall Access Rules do not work on One to One NAT (RV042G Router)

I have two unique IP addresses, two servers, and one RV042G router. 
What I would like to do is have each IP address go to it's own respective server. To do that, I've set the settings on One-to-One NAT to make this happen. Now IP address 1 points to server A and IP address 2 points to server B.
However, I only want port 80 to be open to each server. I've tried setting the Firewall access rules to accommodate this but it doesn't appear to block anything. All ports on the servers are exposed despite the firewall rules.
Here's what I have in the router configuration:
Under One-to-One NAT:
{internal IP address 1} => {external IP address 1}
{internal IP address 2} => {external IP address 2}
Under Firewall Access Rules:
Action | Service | Source Interface | Source | Destination | Time
Allow | HTTP Secondary 80 | WAN1 | Any | {internal IP address 1} | Always
Deny | All Traffic | WAN1 | Any | Any | Always
Is there a proper way to accomplish what I want?

Thanks for replying. 
Turns out I had to add new access rules to specifically deny all traffic to the internal addresses, in addition to the rule allowing the specified ports through.
So, with the IP addresses still defined the same way in the One-to-One NAT section, I now have the following rules defined in the firewall section:
Under Firewall Access Rules:
Priority | Action | Service | Source Interface | Source | Destination | Time
[1] | Allow | HTTP Secondary 80 | ANY | Any | {internal IP address 1} | Always
[2] Deny | All Traffic | WAN1 | Any | { internal IP address 1 } | Always <== the new one I ended up adding
(default) | Deny | All Traffic | WAN1 | Any | Any | Always <== built in default rule in router
I originally did not add the second rule because I had assumed that the default deny rule would block all traffic to all internal IP addresses anyway. Perhaps someone can correct me if I'm wrong but I am now assuming that the default deny rule applies to the router only and not to any other defined One-to-One NAT entries. In which case, I had to add another rule that duplicates the default deny rule but for each 1:1 NAT entry.
If this was already in the manual, I probably missed it so that would be my own mistake. Still, I wish this was more apparent in the web GUI as it didn't really specify that I had to do this.
In any case, I hope my solution helps anyone else in the future having this similar issue.

Similar Messages

  • Inactive firewall access rule can still work?

    Hi all,
    I have a asa firewall which has a inactive access rule whose enabled checkbox is not checked. However it seem that this access rule can still work.
    Hence i would like to know what is the difference in having the access rule's enabled checkbox check or uncheck. Pls advise, thks in advance.

    I'm assuming by rule you mean an inactive access-list entry?  If so, did you try clearing the translations (clear xlate) after disabling it?
    Try running packet-tracer to determine if that is the rule that the traffic is hitting.

  • RV016 Protocol Binding & Access Rules do not work on PPTP

    Hi
    I am Enabled PPTP Server and connection success, but can’t block the internet service by Protocol Binding and Access Rules for PPTP client.
    The PPTP Server:
    192.168.1.150~160
    Protocol Binding:
    HTTP [TCP/80~80] -> 192.168.1.150~160(0.0.0.0~0.0.0.0)
    Access Rules:
    1; Enable; Deny; HTTP [80]; LAN; 192.168.1.150~160; Any; Always
    Firmware Version: 3.0.0.19-tm
    I tried to test the setting by local PC connect the router directly. The rule is running.
    But by PPTP, it can go to internet. And confirmed the VPN IP is 192.168.1.150

    st1\:*{behavior:url(#ieooui) }
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:表格內文;
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-parent:"";
    mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
    mso-para-margin:0cm;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:10.0pt;
    font-family:"Times New Roman";
    mso-fareast-font-family:"Times New Roman";
    mso-ansi-language:#0400;
    mso-fareast-language:#0400;
    mso-bidi-language:#0400;}
    HI  Mr Krastew.
    Thank you for your reply.
    But i am not looking stop internet web service on my client side only.
    May be I explain more here.
    The client PC is running on intranet, that mean client network stopped all service [1~65535: TCP/UDP] pass through WAN. At this moment, the client network allows the PPTP Port 1723 pass through it only. And the Client PC is running on manual configure No DNS.
    And the client requests that client PC NO intranet service when PPTP VPN connected. So I can't Disable Using Remote Network Default Gateway on TCP/IP Configure.
    And Server (RV016), half of pc allow connect to internet.
    The Local PC in server LAN can control by ACL.
    The client connected by PPTP and the IP still within the ACL. But it can access internet all service. (e.g. FTP, HTTP).
    So I want to know it is my configure problem? Or the router own problem? Or my design problem?
    Now, I key in wrong DNS on client PC to Cheat the user for temporary.
    Best regards,
    Joe Wong

  • RV180W - Access Rules Don't Work

    Hi,
    We have a RV180W and the Access Rules will not work.  I'm trying to block HTTP and HTTPS services for a specific workstation on our LAN, but the access rules don't seem to be working.  I've also tried blocking different services as well as ANY service, but it's not working.  I've tried rebooting the router after adjusting settings; I've tried adjusting services from the Port Forwarding menu first; and a couple weeks ago, I upgraded the firmware to version 1.0.2.6 and repeated all the previous steps.  Nothing seems to be working.  So far the only solution I could come up with is to block the workstation's MAC address altogether, but I don't want that because I still need it to hit the internet for other services.
    Thank you,
    Ryan

    These are the Access Rules I've tried (firmware v1.0.2.6):
    Outbound:
    Inbound along with the auto added Port Forwarding setting:

  • Incoming Email not working for one web app, but IS working for others in same farm.

    I have enabled incoming email in a large multi-web application farm running SharePoint 2013 SP1 and the Feb 2015/March 2015 CUs that were pushed down in Windows Updates.  It works just fine for two web applications, but it will not work for one particular
    web application. I see the email land in the /drop folder. If I remove the email address from the library in http://nonworkingapp web
    application and use it on a library in a http://working web application, then the email is processed successfully. Conversely,
    if I take an address from a library in http://working and move it to a library inhttp://nonworkingapp it
    does not work. I've tried multiple site collections on http://nonworkingapp. This rules out any SMTP issues, etc. and means
    the issue is bound to this web application. Permissions are the same between the "non-working" and "working" locations: domain users are members on the site, and the library inherits permissions from the site.  The App Pool and Timer
    Service accounts have rights to the folder and to the library.
    The error in the ULS log is the typical error processing message, but it gives no additional information even though I have enabled Verbose logging.
    The Incoming E-Mail service has completed a batch. The elapsed time was 00:00: 00.0156294. The service processed 2 message(s) in total. Errors occurred processing 2 message(s): Message ID: Message
    ID:
    Typically, you see "alias not found" or some permissions or quota issue here, but this issue is NOT the same as those. In this case NO additional information is provided in ULS.
    Edit: running stsadm.exe -o refreshdms -url http://one/failing/site fixed some similar issues where "Unknown alias" was
    reported even though the list did have an alias (see here:http://blogs.technet.com/b/vinitt/archive/2009/07/15/e-mail-enabled-list-alias-information-is-not-synchronized-between-configuration-database-and-content-database.aspx).
    This did not fix the issue for the case mentioned above.
    What could possibly be the issue preventing incoming email from working on this one web application?

    Thanks for your reply.  Incoming E-Mail was running on all 3 WFE, however I do not think this was the cause.  As noted, _other_ emails send to http://workingapp are working just fine.  I can send two emails - one to a library on http://workingapp
    and another on http://notworkingapp.  The email to http://notworkingapp will sit in the drop folder, while the one to http://workingapp will be processed correctly.  In addition, the ULS log on WFE1 indicates an attempt to process the file fails.
     So clearly, the timer job on WFE1 is running and attempting to process the file.  For kicks, I disabled the service on WFE2 and WFE3, but with no change in the behavior.
    WRT to #1, I have done this already (as noted in the original post).  I can remove an alias from http://workingapp and place it on http://nonworkingapp and it is not processed.  If I return it to http://workingapp it is processed.  In other
    words, I go into Library Settings -> Incoming Email for a working library, and copy the alias, then disable incoming email for that library.  I then go to Library Settings -> Incoming Email for a non-working library, enable incoming email, and paste
    the alias.  Once done, emails sent to the alias are not processed.  I then do the reverse, and it works again.
    On #2, I have already tried multiple libraries on http://nonworkingapp (also as noted in the original post).
    In my environment, incoming email does not work for any library on http://nonworkingapp, but does work for any library on http://workingapp.  Troubleshooting listed above has ruled out any problem with basic mail server configuration or library settings
    - the problem is bound to http://nonworkingapp
    I'm not sure what you mean by "steps to reproduce the issue".  If I knew that, I would probably be able to solve the issue.  The best I could come up with to describe the situation would be:
    Set up SP 2010 in a three-node configuration with multiple web apps
    Enable incoming email and confirm it works
    Migrate to a SP2013 SP1 farm in a three node configuration.
    Enable a new email alias for a library
    Observe that it doesn't work for one web application.
    Obviously, it's pretty unlikely that attempting that in a lab would actually have the same result.

  • Substitution rule is not working correctly

    Hi PS Gurus,
    We have a problem in one of the newly created projects that the substitution rule is not working correctly; the data is not copied to the WBS element Cust. Enhancement tab.
    Project 1 is working fine and the data is copied & Project 2 and Project 3 are not getting all the data copied to the WBS element,
    In that project profile (substitution rule is given), substitution rule is also maintained 
    So please help why in one project substitution rule in working & other isnu2019t.
    Many Thanks in Advance.
    MM

    Hello Menaka,
    Select the WBS element in the project builder.
    Cleck on Edit --> Validation Substitution --> Substitution
    You will get the list of Substituitions, Double click on the required Substition rule.This action will generate a log, whether substitution has been succesfully caried out or with some error.
    Kindly provide us that error log to guide you further.
    Regards
    Ravi

  • Rules are not working correctly in OCS 10.1.2

    Hi,
    A few days ago we have encountered a problem in which the BCC rules or any other rules are not processed out of the user's mailbox.
    For example, a user goes to Oracle Mail (the web access, but not WAC), goes to Filters and creates a new rule for dealing with incoming mail (delivered or read, doesn't matter). The rule is processed ONLY if the the user asked to move/copy the mail to a subfolder IN HIS MAILBOX.
    If the user asks to forward ("Send a blind copy to") the delivered mails to a different mailbox (e.g. in OCS or to externally to gmail), the mail is NOT processed by the filter.
    Other than that mails are treated normally, incoming and outgoing. Manually forwarding to other OCS users also works, as well as forwarding to external mail systems such as gmail. Only the 'automatic' forward rule does not work.
    We have checked that the rules/filters are created with " oesrl -p" - and they are created.
    How can we troubleshoot this issue? Has anyone encountered it?
    System details:
    OCS 10.1.2
    Platform: Red Hat AS 4
    DB version: 10.1.0.4.2
    Thanks,
    -- Itay.

    Update:
    Problem resolved. restarted the SMTP-out service.

  • My MacBook Pro will connect to WiFi but will not work in one location but will at others. I have the same issue with my IPhone 4S at the same location.

    My MacBook Pro will connect to Wifi at one location (this is a secure location) but will not allow access to the internet.  I will put in the password but will not display page.  Other wifi capable devises do not have this issue but my Mac and my Iphone 4S will not work.  I have tried restarting the router.  All other wifi locations I have been to have not had this issue.  Any suggestions? I am realtively new to Apple products (less than a year) so any advise is greatly appreciated.

    The other devices that are working got on with the same password.  It says it is connected.  Just nothing works on the internet.

  • Windows 8 Last Access Time Stamps not working

     Hi I have been trying to fix a issue with last access time stamps not working when I open a file
    so will have time on created modified and accessed from when created but some are wrong like one file
    saying
    created ‎Sunday, ‎September ‎14, ‎2014, ‏‎5:19:32 AM
    modified  ‎Sunday, ‎September ‎14, ‎2014, ‏‎5:19:32 AM
    accessed Sunday, ‎September ‎14, ‎2014, ‏‎5:19:32 AM
    I'm not sure what can cause this please help thank you

    Hi whowhatwere,
    Are you only confused about the last access time not change when you open a file?
    If you want to know more details about modified and created time, we can refer to the following KB.
    http://support.microsoft.com/kb/299648/en-us
    About the accessed time, please refer to the following blog.
    How do I access a file without updating its last-access time?
    http://blogs.msdn.com/b/oldnewthing/archive/2011/10/10/10222560.aspx
    The blog mentioned that: In fact, the intuitive definition of access is more specific: It's "the last time I opened, modified, printed, or otherwise performed some sort of purposeful action on the file."
    Best regards,
    Fangzhou CHEN
    Fangzhou CHEN
    TechNet Community Support

  • Flash player does not work under one user account.

    Flash player does not work under one of my user accounts.
    My system: I work with a mac mini with Mac OS X 10.6.8.
    What I have done:
    I installed the flash player maybe one year ago under my "first" user account. At that time this user account had had administrator authorization. In the meantime I had to change this "first" user account in an account without administrator authorization and created an administrator user with which I installed different programms. Lately, the message came up that it would be necessary to update the flash player. I did it; under the "first" user account, but of course with the administrator's password for installing. The installation had been "successful" - so I was told. But it did not run. I tried it again and again. Each time with "deinstallation" first. No way; it did not work.
    After asking Adobe for the reason of the problem, they suggested to install the programm directly under the administrator user. I did that (of course after deinstalling under the "first" user account) with the result, that flash player runs under my administrator and my "second" user account, but not under the first user account. There I am always told to update my flash player.
    With this result, I talked to Adobe. So they told me to contact the producer of the operating software, since this would be a mistake of the operating software.
    And here I am - full of hope to get help from you.
    Thanks for reading. And thanks in advance for helping me.
    Nanny FS

    Any update to provide at all here guys?  Again, in my situation, it's very much rights-related as a standard user doesn't even report that the flash player exists when testing it on the Adobe Flash Version Detection website (despite it showing up in Control Panel and under Add/Remove Programs).  I've already tried giving the C:\Windows\System32\Macromed and files/subfolders appropriate permissions for the standard user and still nothing.  If I either give the user in question full local admin rights or logon as the domain admin, then the Adobe Flash Version Detection website says Flash is installed and Flash works fine.
    Thoughts???

  • I am having problem with me Iphone4, looks like the mic of my phone is not working. no one can hear me if I make a call to them

    Can any one please help me I am having problem with me Iphone4, looks like the mic of my phone is not working. no one can hear me if I make a call to them. I have tried all restoring options but no use. please help me

    The mic on my iPhone4 has just quit also. Similar symptoms to yours in that people I'm talking to hear only static or my voice very faintly. The voice/memo recorder also only really records static.
    It happened suddenly and seemed to get better after a day or two but then went completely after another day.
    I'm returning it to Vodafone New Zealand shortly but will have to wait 5-10 days for a replacement. There are NO Apple accredited means to speed this procedure up in NZ.
    We don't even have a single physical Apple Store where you could walk in and talk to a Genius.

  • Imessage is not working for one person

    My imessage is not working for one person.
    Its been like this for about 2 days
    I have an iphone 5
    imessage is on
    both phones reset network settings,deleted and remade contact, etc.

    Does the other person have iMessage on, too? Is the specific phone number/address you are trying to reach them at show up for them in Settings > Messages > Send & Receive?

  • HT1409 I have done this but it does not work with one of my albums and I dont know why??

    I have done this but it does not work with one of my albums and I dont know why??

    That would be it. Sometimes you can tweak the album & artist names enough for iTunes to download matching art from the store, or you could add a bonus track featuring 1 second of silence and attach artwork to that, or you could convert the files to Apple Lossless.
    tt2

  • Synaptics touchpad on HP Mini 110 Windows 7 32 Bit - not working for one user - working for another

    Hi,
    I recently have an issue with Synaptics touchpad on HP Mini 110 Windows 7 32 Bit - NOT working for one user - working for another.
    Windows 7 updates recently installed ???
    By checking the device properties on the user that works - "Synaptics PS/2 Port Touchpad 13/10/2011 Version 15.3.29.0"
    When the other user logs on, the touchpad works for a few seconds, then a displays a black square with a red diagonal line through it, then the touchpad won't respond. Trying to use the keypad to navigate to system diagnosics or anything to find further info is useless....

    Hey eagle_no11,
    Thank you for joining the HP Support Community!
    I will do my best in assisting to hopefully get the TouchPad to work on the second user profile.
    What I would like to start off with, is to restore the original Synaptics drivers onto the profile that is not working correctly. I have included the document Using Recovery Manager to Restore Software and Drivers (Windows 7).
    Once you have installed the original drivers, you will need to complete all updates from both HP, as well as Windows. For these updates, if you open the HP Support Assistant, and select Maintain, you should see an option for updating.
    Please let me know how these steps do work out for you.
    Have a great day!
    I worked on behalf of HP

  • The UniquekeyValidator Rule is not working in the EO edit dialog.

    The UniquekeyValidator Rule is not working in the EO edit dialog. We have Jdeveloper9i V. 9.0.3.2. The unique flags are checked in the primary key attribute and the custom message is never showed.
    Is there a Known bug about that? if yes.. does exist any patch to fix that?
    Thank u

    Thank u for your answer.
    Yes, of course .. i�ve already apply the unique key validator for the entity.. so that custom error message is the error im trying to get in the application.
    Other issue is when im trying to edit that error message: when im going to edit the message the previous error im entered is not there. Is it normal?

Maybe you are looking for

  • How to get payment document number from paid column in monthly invoice

    Dear experts I use SBO japan version and i need to know how to get payment document number from paid column in monthly invoice ? in table MIN1, only contain invoice and credit note document number, there is no payment document number thank you for yo

  • Keyframes Not Smooth

    Hello, I'm newly working with Premiere, I haven't used it in a few years because I've been working with Final Cut. But I'm having a problem with keyframes.  I don't know if it is just not smooth or if its a glitch but my motion through keyframes boun

  • System spell checker

    When I change the input source from one keyboard to another (e.g. U.S. to German) I would like for the dictionary used by the system spell checker to automatically change to the corresponding language, but I can't seem to find a way to do this. If an

  • OIM-OIA policies integration issues

    Hi experts!! I am working with OIA 11.1.1.5 and OIM 11.1.1.5. i have the integration working well, when i create a policies in OIA, automatically create in OIM. But i have 2 issues when i import policies by text files from OIA to OIM: 1.- my acces po

  • Is CS5 due for an upgrade?

    I ask this question, because I was a little late purchasing CS4, and by the time I had it properly up and running on my XP sp3 machine, they brought out CS5. Add to that the fact that I bought a new Win 7 machine, and then found CS4 had a few compati