NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
BillisSaved
May 25, 2016Aspirant
SRX5308 Range mismatch in WAN Destination IP addresses and LAN server IP addresses
Good afternoon everyone,
I hope your day is going well. I'm attempting to configure an inbound IPv4 firewall rule that will forward a particular port range to a specific private IP address range (e.g., 192.168.2.15 - 192.168.2.10). The issue I'm having, which I'm sure is being caused by my ignorance, is that as soon as I select "Address Range" in the "Send to Lan Server:" drop-down list, the only option available in the "WAN Destination IP Address:" drop-down list is "Address Range". I expected the range to be the WAN address of the router, however when I enter that information, I get the following message:
Range mismatch in WAN Destination IP addresses and LAN server IP addresses
As I mentioned previously, I'm sure that this problem has a simple solution; my thick-headness is preventing me from seeing it. I very much appreciate any assitance you are willing to offer in order to resolve this problem and help me achieve my goal. Thanks in advance for your time. Have a great day!
God bless,
Bill
I think it's important to know your end goal here.
Normally you do a one to one forwarding;
*TCP port 80 coming in on WAN1 forward to internal IP 192.168.1.10You can also do port translation;
*TCP port 8080 coming in on WAN1, translate to port 80 and forward to internal IP 192.168.1.20
The internal range thing requires you to have a matching amount of WAN addresses as the amount of internal addresses you enter in the internal address range. So in this example:
The way it will work is;
- HTTP (port 80) traffic coming in on WAN IP 5.5.5.1 will be forwarded to internal IP 1.1.1.1
- HTTP (port 80) traffic coming in on WAN IP 5.5.5.2 will be forwarded to internal IP 1.1.1.2
- HTTP (port 80) traffic coming in on WAN IP 5.5.5.3 will be forwarded to internal IP 1.1.1.3
etc.
The error message you're getting is if you have entered a shorter range of WAN addresses compared to private LAN ones. But this is not probably the way you want to set it up anyways, to be honest I can't really think of any scenario where I would use this range feature.
5 Replies
- DanthemNETGEAR Employee
I think it's important to know your end goal here.
Normally you do a one to one forwarding;
*TCP port 80 coming in on WAN1 forward to internal IP 192.168.1.10You can also do port translation;
*TCP port 8080 coming in on WAN1, translate to port 80 and forward to internal IP 192.168.1.20
The internal range thing requires you to have a matching amount of WAN addresses as the amount of internal addresses you enter in the internal address range. So in this example:
The way it will work is;
- HTTP (port 80) traffic coming in on WAN IP 5.5.5.1 will be forwarded to internal IP 1.1.1.1
- HTTP (port 80) traffic coming in on WAN IP 5.5.5.2 will be forwarded to internal IP 1.1.1.2
- HTTP (port 80) traffic coming in on WAN IP 5.5.5.3 will be forwarded to internal IP 1.1.1.3
etc.
The error message you're getting is if you have entered a shorter range of WAN addresses compared to private LAN ones. But this is not probably the way you want to set it up anyways, to be honest I can't really think of any scenario where I would use this range feature.
- BillisSavedAspirant
Good morning Danthem,
I hope your day is going well. Thanks so much for taking the time to explain this to me. Is there a way to forward a specific port to a LAN IP address range? Have a great day!
God bless,
Bill
- DanthemNETGEAR Employee
Hi Billissaved,
There's no way to forward a single port to several internal IP addresses, but there's not really any need for it. What's your end goal? What port do you need forwarded to several internal IPs and why?
Ifyou need to access let's say port 80 on several internal IPs you need to work around it using port translation, so for instance;
- Inbound traffic from WAN to to TCP port 80 -> go to 192.168.1.10:80
- Inbound traffic from WAN to TCP port 8080 -> go to 192.168.1.20:80
etc~
Related Content
NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!