RV042 DMZ forwarding

Similar Messages

• RV042 port forwarding / routing

  Hello folks,
  I'm having a really hard time tring to set up port forwarding to my LAN. Let me explain a bit of how my enviroment is set up.
  RV042 -> MS-TMG (former ISA Server) -> LAN
  RV042 WAN IP: Public IP (Does not matter)
  RV042 LAN IP: 10.31.11.1
  TMG WAN: 10.31.11.2
  TMG LAN: 10.3.1.2
  I've set up a port forwarding directing port 3002/TCP to 10.31.11.2 (TMGWAN) so that TMG can redirect to my LAN, but when I look at TMG Log, I see that the packages have the destination address of TMG WAN (10.31.11.2).
  I don't know why RV042 is changing the destination address of the packages and for the TMG it seens that the packet is coming for him (wich is not true and it's not allowed).
  I can't port forward to my lan (10.31.1.x directly bacause of the webinterface does not allow this).
  I've also tried DMZ but the behavior is the same.
  I've also tried uPnP but the packages are not arriving at TMG...
  Here is the route table of RV042
  200.XXX
  255.255.255.255
  186..XXX
  40
  ppp0
  200..XXX
  255.255.255.255
  186..XXX
  40
  ppp0
  186..XXX
  255.255.255.255
  40
  ppp0
  186..XXX
  255.255.255.255
  45
  ipsec1
  189.XXX
  255.255.255.255
  40
  ppp0
  189.XXX
  255.255.255.255
  45
  ipsec1
  10.31.11.0
  255.255.255.0
  50
  ixp0
  10.31.3.0
  255.255.255.0
  186.213.76.1
  10
  ipsec1
  10.31.2.0
  255.255.255.0
  186.213.76.1
  10
  ipsec1
  10.31.1.0
  255.255.255.0
  10.31.11.2
  2
  ixp0
  10.31.1.0
  255.255.255.0
  50
  ixp0
  default
  0.0.0.0
  186.XXX
  40
  ppp0
  Does anyone have a clue how can I get this thing working?

  Hi Eric, the default state table may be the problem.
  Try to make an access rule something like-
  Action Deny
  Service All
  Source interface WAN
  Source IP any
  Destination IP any
  Save
  Action Permit
  Service RDP
  Source interface WAN
  Source IP -xx.xx.xx.xx
  Destination IP - xx.xx.xx.xx
  Save
  -Tom
  Please mark answered for helpful posts

• RV042 Port forwarding stops working when Firewall is enabled

  Hey all,
  I have a RV042 router on a single WAN and an internal LAN. I have configured port forwarding as follows:
  HTTP[TCP/80~80]->10.0.0.6
  HTTPS[TCP/443~443]->10.0.0.6
  IMAP[TCP/143~143]->10.0.0.5
  IMAP SSL[TCP/993~993]->10.0.0.5
  SMTP SSL[TCP/587~587]->10.0.0.5
  Everything works just fine when I have the firewall DISABLED. However, when I enable it the behaviour is erratic. 1 out of 10 attempts to connect to ANY port forwarded works. Almost all attempts time out.
  Notice that this happens even if using only the default firewall rules (which should be bypassed by the port forwarding as I read in other posts).
  My second try was to create firewall rules manually, overriding the default ones. I tried adding rules from source WAN1 (where my connection is) to ANY and to SINGLE IP's on every port. Nothing seems to work.
  I don't know what I'm doing wrong, this is really bugging me. I had to turn the firewall off so we can access our servers from outside the office. This shouldn't have to be done.
  Do you know anything I could try?
  Best regards,
  Theo
  EDIT:
  Just found out that my firewall is getting LOTS and LOTS of Blocked - SYN Flood entries. I think this is why we are having trouble with the firewall. Could this be the problem? I have no idea where all these SYN packets are coming from since they appear with spoofed IPs or come from different bots all over.

  Hi Theo, if you want to over ride the default state table, you need to first make firewall rules to block all access then make your permission rules.
  Such an example would be-
  Action Deny
  Service All
  Source interface WAN
  Source IP any
  Destination IP any
  Save
  Action Permit
  Service RDP
  Source interface WAN
  Source IP -xx.xx.xx.xx
  Destination IP - xx.xx.xx.xx
  Save
  As for your concern about the syn flood, it can be a likely cause of your problems. Does the logging facility of the router give any indications?
  -Tom
  Please mark answered for helpful posts

• RV042 Port Forwarding bypassing ACL

  I have a RV042 with Port Forwarding configured for RDP. This Port Forwarding Rule is being applied before my ACL - so subnets that are not authorized through are being allowed in. Firmware version 4.0.0.07. Any help would be greatly appreciated.                  

  Hi Eric, the default state table may be the problem.
  Try to make an access rule something like-
  Action Deny
  Service All
  Source interface WAN
  Source IP any
  Destination IP any
  Save
  Action Permit
  Service RDP
  Source interface WAN
  Source IP -xx.xx.xx.xx
  Destination IP - xx.xx.xx.xx
  Save
  -Tom
  Please mark answered for helpful posts

• Cisco rv042 not forwarding

  Hello my Name is Enoth Rojas from the republic of Panama.
  I have a dual band cisco rv042 router which does not respond to port forwarding for remote desktop. When I check from the internet for open ports it says that port 3389 is close. I have been unable to make it forward the request. Any advice will be appreciate?
  Thanks
  Enoth Rojas

  Hello enothrojas,
  If you check the logging and enable all the logging for accepted connections.  Once this is enabled attempt to RDP to the computer you want access to, make sure your not on the local network when you attempt for better testing.  Then go to your logging and then look at your incoming logs.
  Look for the source IP address, (the WAN IP address of the site you attempted the connection from) and see if the RV042 is seeing the request.
  If it is not then you will need to talk to your ISP.  If it is, what is the destination?
  Then look at your outgoing log table and see if you see an ACK being sent back to your source, if it is not then the PC you are trying to access is no replying.
  Hope this helps.
  Regards,
  Michael D.

• RV042 Port Forwarding

  Router has latest firmware.  WAN1 connected, WAN2 not connected
  RDP 3389 & 3390 are forwarded and functioning correctly.  Port 8080 functions correctly when configured for Remote Management.  I have Port 8081 functioning as Remote Management currently.  I forward Port 8080 and it still remains blocked at the router?  I have tried all HTTP/HTTPS ports and they are blocked at the rounter as well

  Hello,
  Thank you for your reply,
  As a first step i am glad to know that what is done is enough and there is no step(s) missed.
  On my first comment, i mentioned that i am using the Linksys router on dual mode and not DMZ mode; does that have any relation with the current problem?
  Concerning firewall, firstly i disable the firewall on the Linksys router.
  Second, i configured a laptop with the application Xerver to act as a webserver on port 80. i tested accessing this laptop through a lan switch and test was ok.
  i tried the same test through the Linksys router where i connected this webserver laptop to a one of the lan ports of the Linksys router, and with the same config of port forwarding on the Linksys (i just modified ip address of the webserver to be the ip of the laptop) and tried to open http access through internet explorer to the ip of the Linksys router and test was negative. Test failed.
  So the problem is not related to a misconfig on the isa(firewall,..)
  So this indicates that there is a problem specifically in forwarding traffic from wan interface to lan interfaces. but i am not able to identify where this problem is.
  What do you advise?
  note: when i do enable remote mgt for the rv router, i get to the authentication screen of the rv router where i should enter username and password.
  thank you again,

• RV042 port forwarding issue

  I have a RV042 using (for now), just the single WAN interface. I am trying to forward all packets to port 9000 from the WAN to a single IP address on the network.  I've set up both forwarding rules under Setup -> Forwarding and under the Firewall -> Access Rules.
  I cannot connect to my device from the outside world, however.  Is there something I'm missing?

  Scott,
  Can you please let me know if you are able to access the device via the local Lan IP Address with the required port number? Also, can you please let me know what firmware version you are running on the device?
  Thanks,
  Blake Mereby

• RV042 DMZ not working fully (FW: 1.3.12.19-tm)

  Hi,
  discover this weekend an annoying bug in the DMZ for RV042 (either way DMZ with second WAN port or via config menu)
  I tried Exchange 2007 with DMZ (yes I know, should not be DMZ) receive email was fine but the OWA didn't work. Error after confirm the certification exception (looks like the certificate use the Router MAC as CN, what is strange) is:
  501 Not Implemented
  The requested method is not implemented by this server.
  Doing DMZ with the Linksys Linksys WRT54GL (FW: DD-WRT v24-sp2 (10/10/09) std - build 13064)it is working like a charm.
  so my conclusion is that the DMZ of my RV042 is not working properly.
  Can I open a support issues with Linksys/Cisco for this, so there fix it in the next fw?
  Please advise, Thanks
  Tilo

  The firmware you are trying to install is only for the newer version 3 RV042's and will
  not install on your device. You may want to try re-flashing your current firmware to see if that helps.

• RV042 IP Forwarding Issue

  I have an RV042 router that I am using to forward traffic from external IP addresses to internal private devices. I have a server with two NICs that need to be on different subnets. So my question is, how can I forward the traffic from the public IP address to a private IP address that is on a different subnet than the router?
  (Router IP : 10.10.10.1, 2nd NIC: 10.10.1.104)
  I have tried setting up static routing. This allows me to ping the .104, but I still can't forward to it using 1 to 1 NAT. If it matters, the IP on the first NIC is 10.10.10.104.
  If you need me to clarify anything, just let me know. Any help would be greatly appreciated.

  Hi tim.ragin7
  My name is Johnnatan and I am part of the Small business Support community.
  I have a couple of questions for you,
  Do you have a switch between the router and the server?,
  Could you  send a picture with your topology?
  Are you using Vlan´s, are they allowed in the NAT configuration?
  Thank you.
  I hope you find this answer useful, if it was satisfactory for you, please mark the question as Answered.
  Johnnatan Rodriguez Miranda.
  Cisco Network Support Engineer.Good morning  gatorbyte

• RV042 - Port forward/translation from ext to int

  Hy,
  I recently buy a CSRV042-EU. I need to make a translation port to acces remote some of my server on lan.
  I use a primary WAN with static IP 83.166.XXX.XXX .The LAN has aprox. 30 clients.
  I want to acces remote one of the computer from LAN, as example:
  83.166.xxx.xxx:10101 -> 192.168.10.10, using 10101 as external port and 3389 as internal port for remote on 192.168.10.10 machine
  83.166.xxx.xxx:10102 -> 192.168.10.11, using 10102 as external port and 3389 as internal port for remote on 192.168.10.11 machine
  I don't konw how to do this forward because in Port Forward i cannot find the option to enter teh ext port and the int port.
  Could you please help me with an example, how ca i make this forward?
  Thank you !

  I know it's been this long post, but I have the following question ...
  I have several external IPs and would like to designate for each type of service.
  eg:
  200.0.0.1 => http => 10.0.0.2
  200.0.0.2 => https => 10.0.0.1
  How could this setting in RV?
  Today I have two models in the network-to-VPN Gw Gw the RV016 and 042.
  Regards,

• 2 xboxes or ps3's with open nat for the rv042? yes i can!

  i signed up specifically to tell future and current rv042 users that after a year of muckin' around with this fairly advanced networking technology, i've finally discovered how to open the nat types of 2 xboxes, instead of one being open and all others being moderate or strict. i'll break it down simply, 3074 port forwarded for the one, and dmz host for the other one. i couldn't figure out for the life of me, why the dmz host wouldn't open the nat type of the 2nd xbox at first, thats when it dawned on me that xboxes aren't capable of understanding the rv042 dmz host. so i tested the dmz host on my computer and it worked, putting my computer wide open to all ports on the internet. so what i tried was internet connection sharing, plugging my xbox wired into my computer which is set as the dmz host. i was all excited, jumping up and down for joy when i had succeeded in what took me an entire year to figure out. why so happy, do you ask? i don't think all of you know just how painful it is to not be able to open the same port more than once on the same network, very, very, aggravating. if you are having the same problem and don't understand how to do what i've explained, just ask. i cannot stand the thought that there are others out there like me that haven't been able to figure this out, it just causes me more pain. i will help.

  I am having the same issue.  My roommate and I both have our own copies of MW3 and our own xbox 360's connected to the same router/modem. We have Verizon Fios and the modem is an Actiontec MI424WR. We have no problem playing at the same time online as long as we are not in the same match. However, when we try to play in the same match, we can never get into a match. It just keeps cycling through the "searching for matches screen.  We were at one point having issues with the OPEN NAT type but that has been solved, don't have me how, it just started working after I set the router back to defaults and we haven't had issues since.
  I tried the link above, but that doesn't seem to help my issue and I think you are having the same issue has me.  If you figure it out, please let me know.

• Does the RV042 have IP Aliases for WAN interface?

  Hi All
  We have a Small Business RV042 router, and have many Internet servers in our Internal and DMZ networks behind the router.
  In our old GTA firewall, we were able to add IP aliases to our external (WAN) interface.   That is, our WAN interface can have many IP addresses besides the main IP address, e.g., 209.118.52.226, 209.118.52.227, 209.118.52.228, 209.118.52.229, etc. 
  209.118.52.226 is the main IP for the WAN interface.
  209.118.52.227 is for our web server 1, e.g., www.example.com
  209.118.52.228 is for our web server 2, e.g.  support.example.com
  209.118.52.229 is for our sftp server, e.g. sftp.example.com
  And then we create 'tunnels' to forward incoming traffic for 209.118.52.227 to our www.example.com residing in our DMZ or Internal network, etc.
  Now, is this possible with the RV042 router?    The only thing we found in RV042 is Forwarding (port range forward) but that does allow us to have IP aliases for the WAN interface.   It seems that we can only route service defined traffic or port defined traffic meant for only 1 WAN IP to our internal servers behind the router.
  Actually, we had bought the RVS4000 earlier and then upgraded to the RV042 hoping that it will have what we want.
  If the RV042 does not have IP alias for WAN interface, what is the lowest Cisco router model that has it?
  Thank you very much in anticipation.
  cmgui

  Thank you tekliu
  Yes, 1-to-NAT can do most of what we want.   But it is not able to direct only certain port traffic from the external WAN IP to the internal LAN IP?   
  For example, if we create a 1-to-1 NAT 192.168.41.50 =>
  209.118.52.227, it basically opens all the traffic allowed in the Firewall to go from
  209.118.52.227  to  192.168.168.41.50.  
  If we only want to allow say https, ie. tcp port 443, traffic to go from
  209.118.52.227  to  192.168.41.50, it is not possible.  Or is it? 

• Mail issue - PS3 conflict?

  Hi
  Whenever I use my PS3 it results in my macmail failing. I cannot send or receive mail. To resolve the issue I have to remove the ps3 ip from the dmz setting in my router, reboot the powerbook and mail works again. I can then add the ps3 back into dmz. I take it this is to do with the ip being static in the dmz setting?
  Can anyone help me out how to resolve this without the process above each time i game.
  Appreciate the help.

  Hi Keith,
  Yes, the problem is that DMZ intercepts everything and sends the info to the IP in DMZ, (forwards Ports), so any answer/acknowledgment coming from the Internet goes like this...
  Powerbook->Router->Modem->Internet
  And comes back like this...
  Internet->Modem->Router->PS3
  I see no way around it, but there were some PC tools that could Toggle the Router Settings automatically, no idea if such a thing exists for PS3s though.

• Using WRT54GS at workplace; unable to VPN from home into office

  We are using a WRT54GS wireless router at our office and I often need to VPN from the road to the office.
  When I attempt to use XP's VPN feature, I receive a dialog stating connection could not be established.  I've confirmed my office IP address.  I have my primary office computer spoofed IP designated as a DMZ-forwarded address.  I can connect to my home office via VPN using a legacy SpeedStream wireless router. 
  Is this a firmware version issue, or are there router configuration requirements I'm missing?
  Thanks,
  M Kalmus

  hi , there are a couple of things that you can try on the linksys.....
  Forward the VPN ports ...1723,500,50,443-447 .....also decrease the value of the MTU to 1492....
  if this does not work...check if you are able to ping the office IP..,if not do a traceroute to the IP and see where the packet is dropping.

• Two Questions PAP2T

  First, anyone have the need to upgrade to the newest PAP2T firmware(11/07) Any issues upgrading?
  Second, I have my ATA on the DMZ of my WRT350N. I also have QOS enabled. Is it necessarry to also have port forwarding active?
  Thanks in advance!!

  Hookem99 wrote:
  First, anyone have the need to upgrade to the newest PAP2T firmware(11/07) Any issues upgrading?
  Second, I have my ATA on the DMZ of my WRT350N. I also have QOS enabled. Is it necessarry to also have port forwarding active?
  Thanks in advance!!
  Hello,
  regarding the first question, I don't know as I don't own PAP2T. My opinion here is, if you have relativly recent FW, not to upgrade unless you have troubles with your ATA device the new FW is intend to fix
  regarding the second question, as far as I know DMZ forwards all UNUSED ports to the selected "local" IP address, so from my point of view the port forwarding to SPA shall not be setup in this case, it can even make the router device confused and result in non-working setup.