1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RV082 and Multiple IP / Same Service Binding?

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by shrapnel64, Jul 13, 2007.

  1. shrapnel64

    shrapnel64 Network Guru Member

    Hello All,

    Sorry to keep bugging you, but I've got a quest regarding the RV082. Here's what I'm trying to do in a nutshell.

    I ordered 2 IPs, both of which are used for Servers behind the router.

    I've got 1 IP set for the "main" internet access (68.x.x.54)
    I've got the 2nd IP configured under One-to-One NAT, forwarded to the appropriate (different from IP 1) LAN Server (.59).

    I am trying to configure the Firewall to allow access to port 80 on IP 1 and 2. IP 1 is used for Exchange Hosting, and IP 2 is used for a misc. web site, which requires that HTTP be run from that server because it uses MySQL backend coding (does not work if I host the site from any other host than localhost, regardless of user permissions).


    As it stands, the .59 One-to-One NAT IP setup is configured, and is working properly. I've got the Firewall setup to allow port 80 via WAN1 to ANY host, and then block all other traffic.

    The problem that I am running into, is that when I am trying to access HTTP services via .54, it redirects me to the login prompt on the RV082. The Firewall is setup to allow port 80 via WAN1 to ANY host. -- NOTE: I tried to specify a range, but that didn't work for me either.


    Am I configuring something incorrectly...or is it even possible to run multiple HTTP servers on the same router (although 1 is via WAN1 IP config, and the other is via One-to-One NAT IP config)?



    Thanks.
     
  2. ifican

    ifican Network Guru Member

    A couple of things, which direction have you allowed port 80 traffic, out or in? If you are going to host a web server on wan1 via port 80 you will need to not allow remote access to the RV082 via the wan, it sounds like the router is intercepting the port 80 traffic because remote administration is set up. You will also need to tell the router which internal host it is suppose to forward wan1 port 80 traffic too.
     
  3. shrapnel64

    shrapnel64 Network Guru Member

    OK, I did all of that.

    At first, here's what I did...

    I setup the firewall, disabled the wan ping block, and setup remote administration for port 8080.

    My firewall settings were:

    Allow -> HTTP (80) -> WAN1 -> Any Source IP -> Destination: 192.168.x.21
    Allow -> HTTPS (443) -> WAN1 -> Any Source IP -> Destination: 192.168.x.21
    Allow -> SMTP (25) -> WAN1 -> Any Source IP -> Destination: 192.168.x.21
    Deny -> All (1-65535) -> WAN1 -> Any Source IP -> Destination: 192.168.x.21
    Allow -> HTTP (80) -> WAN1 -> Any Source IP -> Destination: 192.168.x.23
    Deny -> All (1-65535) -> WAN1 -> Any Source IP -> Destination: 192.168.x.23
    Allow -> All (1-65535) -> LAN -> Any Source IP -> Destination: Any*
    Deny -> All (1-65535) -> WAN1 -> Any Source IP -> Destination: Any*
    Deny -> All (1-65535) -> WAN2 -> Any Source IP -> Destination: Any*

    * Default Firewall Rules; Cannot Delete.


    Anyway, I found out that even though the Firewall Rules had been setup, that whenever you use Port Forwarding, it sort of disables the Firewall (so I thought, until I made the changes as referenced above in the Firewall script).

    The solution to bind Multiple IPs to a Single Cable Modem, and allow the HTTP service run on 2 separate servers (2 separate LAN IPS) without using DMZ (hence no firewall protection) was to simply add Port Forwardings for the referenced server of the Main WAN1 IP address (not the One-to-One NAT) to the 192.168.x.21 address (I added forwardings for HTTP, HTTPS, SMTP) and just let the Firewall Rules take care of the One-to-One NAT connection.

    Hopefully, those of you who were trying to do something similar (who may not have known) like this will be able to do this on their setups without requiring a second router in the mix (multiple subnets for 1 or 2 servers).

    I do, at the moment, only have a single WAN connection. If you have 2 WANs, and decide that you want to use WAN2 as a failover, then just add the rules to the Firewall (changing WAN1 to WAN2) and you should be OK.
     

Share This Page