RV016 can't do One-to-one NAT

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by chaztuna, Aug 23, 2005.

  1. chaztuna

    chaztuna Network Guru Member

    I'm having a real difficult time configuring one-to-one NAT on my RV016. It's running firmware 2.0.6.

    Currently, I have WAN1 (IP WAN.98) and DMZ (IP WAN.99) set up correctly. The DMZ Host is pointed at LAN.2. This set up is necessary so that I can easily undo my any changes I make as I try to move up to One-to-one NAT.

    When I disable the DMZ port (ixp8) and disable the DMZ host, my one-to-one NAT rule should come into play:

    LAN.2~29 => WAN.99~126

    I've set up access rules to:

    allow SMTP[25] from WAN1 ANY to LAN1.2

    The access log says that this connection is accepted. If I delete the rule, the connection is rejected. But the connection never actually is made! I'm using telnet to port 25 to test my connections. I've set up a web server, too, and the necessary access rules. Perhaps because my web server's timeout is greater than the default for telnet, I do get a connection, but it's awfully and unreasonably slow. A page that should appear in 1 or 2 seconds takes at least 2 minutes to even begin to render.

    I've already tried talking to the Linksys tech support. Absolutely useless.

    Is one-to-one NAT broken in RV016? Is there some trick? Do I have to use the DMZ port for the one-to-one NAT? Does static DHCP affect one-to-one NAT? Can I do one-to-one NAT with the RV016 in gateway mode instead of router mode?

    I have noticed two strange issues in the logs:

    1. This appears in the log whenever I change the firewall access rules or general settings:

    Failed nat control SIOCADNAT - File exists
    Failed to add rule File exists

    I've tried resetting the firewall to defaults, but this still appears in the log.

    2. If I leave the DMZ port enabled but disable the DMZ host, WAN traffic that should be subject to the One-to-one NAT rules arrives through the DMZ port (ixp8) and is accepted even though the firewall access rule says it should be allowed only from source WAN1 (ixp1). If I disable the DMZ port, the traffic comes through WAN1 and is accepted. The result is the same each way, though: no actual viable network connection. Strangely, if I change the firewall access rule to allow from interface DMZ (but not WAN1) and I leave the DMZ port enabled, all traffic subject to the one-to-one NAT rule arrives on the DMZ port but is rejected.
  2. 4Access

    4Access Network Guru Member

    OK first let me state that I just skimmed your post because I don't have a RV016 but the following jumped out at me:

    All the Linksys routers I've worked with require that you be in gateway mode for any type of NAT to take place... So I'd venture that you need to be in gateway mode for one-to-one NAT to work.
  3. chaztuna

    chaztuna Network Guru Member

    The RV016 is in gateway mode. I was just suspicious that one-to-one NAT might only work in router mode.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice