• Advertisement

RV220W

Linksys, Netgear, sonicwall, ect. Webbase configurations for routers.

RV220W

Postby Guest » Sat Dec 04, 2010 12:53 pm

The manual states:

This gateway supports multi-NAT, and the Internet Destination IP address does not necessarily have to be the WAN address. On a single WAN interface, multiple public IP addresses are supported. If your ISP assigns you more than one public IP address, one of these can be used as your primary IP address on the WAN port, and the others can be assigned to servers on the LAN or DMZ. In this way, the LAN/DMZ server can be accessed from the internet by its aliased public IP address.

My IPS provides me with 5 IP addresses say x.y.z.1-5 I can use. My WAN interface has address x.y.x.1

 

So, I thoughtInternet Destination meant that I can make rules like:

SMTP allow and send to internal address 192.168.1.a and internet destination is x.y.z.2

 

So, I thought I could do multiple-NAT-forwarding as in

x.y.z.2:25 -> 192.168.1.a:25

x.y.z.3:80 -> 192.168.1.b:80

 

But this seems not to work at all.

 

Have I misunderstood things here? Can I only do port forwarding from my WAN IP. And if I want to use multiple servers on the inside I must either expose them fully to the internet or they must all be getting their traffic through my WAN IP?

Guest
 

Advertisement

Re:RV220W

Postby Guest » Sat Dec 04, 2010 1:20 pm

I noticed that One-to-One NAT is able to link the other WAN IPs to internal servers. I also noticed that this seems to bypass the firewall (if I remove the SMTP allow rule from the IPv4 rules, it still is passed through via One-to-One NAT).

 

So, I am wondering what security risks I run if I remove these forwarders from the IPv4 rules in the firewall and add them to One-to-One NAT. Does the firewall work only on the WAN IP address? So, if I use One-to-One NAT, is my protection on those public IPs/internal services reduced to effectively only NAT? What about anti-flood attacks and all the other niceties of a proper firewall?

Guest
 

Re:RV220W

Postby Guest » Sat Dec 04, 2010 1:55 pm

If implemented correctly, traffic going

through 1-to-1 NAT should be firewalled similar to

traffic going through port forwarding from the routers WAN IP. Computers exposed to the internet via Port Forwarding and 1-to-1 NAT should be protected by the stateful packet inspection mechanism of the firewall.

 

To use 1-to-1 NAT, you would need multiple public addresses from your ISP.

Guest
 

Re:RV220W

Postby Guest » Sat Dec 04, 2010 2:54 pm

Thank you. Ive noticed a very nasty other problem, though which nullifies completely DNS Blacklist checking (DNSBL). The RV220W changes the originating IP address of NAT-ted packets via (at least) One-to-One to the IP address of the RV220W,  thus completely nullifying DNSBL checks on spam. Very nasty and something my old Linksys WAG54G2 was doing right. Im linking here to the other discussion set up for this.

 

https://supportforums.cisco.com/thread/2078130?tstart=0

Guest
 



  • Advertisement


Similar topics

RV220W VLAN/Routing question (setting up guest network)
Forum: Small Business Routers
Author: Anonymous
Replies: 0

RV220W vs RV0xx Family (RV042 specially)
Forum: Small Business Routers
Author: Anonymous
Replies: 0

RV220W problem
Forum: Small Business Routers
Author: Anonymous
Replies: 0

RV220W - VLAN help required
Forum: Small Business Routers
Author: Anonymous
Replies: 0

RV220W Arbitrary Port Forwarding
Forum: Small Business Routers
Author: Anonymous
Replies: 0


Return to Small Business Routers

Who is online

Users browsing this forum: No registered users and 1 guest