CISCO RV320 port forwading woes...

mangyDOG

Learning Storage Performance
Joined
Feb 15, 2003
Messages
161
Location
Ballarat, Vic, Aust.
Hi all,
I was hoping to get some help configuring a Cisco RV320 router. The RV320 is at a remote location, I want to configure a port forward for remote desktop from my public static IP address through the RV320 to a server on the RV320's internal lan.

I have setup port forwarding on the RV320 for port 3389 to 192.168.0.1 (the internal server) and this works but it opens the port to everyone on the internet.

I created an access rule in the firewall section of the RV320 which is:

Action = Allow
Service = 3389
Source interface = WAN1 (also tried the ANY option)
Source = 123.123.123.123 (my "public" static IP address)
Destination = 192.168.0.1 (the internal server)
Time = always.

I hoped this would restrict port 3389 traffic to just my IP address but it had no effect.

I then left the firewall rule inplace and removed the port forward rule. This then blocked all port 3389 traffic to the internal server.

My question is this: Is there anyway on a RV320 router to allow access from a single external IP address through the router to an internal address and block all other external connections?

Thanks for any help!
Cheers,
mangyDOG
 

mangyDOG

Learning Storage Performance
Joined
Feb 15, 2003
Messages
161
Location
Ballarat, Vic, Aust.
:eek: it works! The cisco firewall rules are nuts! Thanks Howell, I got the same answer from Samir at the Small Net Builder forum.

I never considered doing this because the access rules page has a default rule to Deny all traffic from WAN1 to any destination. It appears that even though the default rules are listed they have no effect on the port forwarding rules, previously I have used Netgear routers where you had to enable port forwarding and then enable a single allow rule in the firewall. With the cisco you have to manually create both an allow rule and a deny rule:

Priority 1, Allow, 3389, WAN1, source=123.123.123.123, destination=192.168.0.1, always
Priority 2, Deny, 3389, WAN2, source=any, destination=192.168.0.1, always.

Many Thanks,
Cheers,
mangyDOG.
 
Top