NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
SRX5308 Range mismatch in WAN Destination IP addresses and LAN server IP addresses
Good afternoon everyone, I hope your day is going well. I'm attempting to configure an inbound IPv4 firewall rule that will forward a particular port range to a specific private IP address range...
I think it's important to know your end goal here.
Normally you do a one to one forwarding;
*TCP port 80 coming in on WAN1 forward to internal IP 192.168.1.10You can also do port translation;
*TCP port 8080 coming in on WAN1, translate to port 80 and forward to internal IP 192.168.1.20
The internal range thing requires you to have a matching amount of WAN addresses as the amount of internal addresses you enter in the internal address range. So in this example:
The way it will work is;
- HTTP (port 80) traffic coming in on WAN IP 5.5.5.1 will be forwarded to internal IP 1.1.1.1
- HTTP (port 80) traffic coming in on WAN IP 5.5.5.2 will be forwarded to internal IP 1.1.1.2
- HTTP (port 80) traffic coming in on WAN IP 5.5.5.3 will be forwarded to internal IP 1.1.1.3
etc.
The error message you're getting is if you have entered a shorter range of WAN addresses compared to private LAN ones. But this is not probably the way you want to set it up anyways, to be honest I can't really think of any scenario where I would use this range feature.
I think it's important to know your end goal here.
Normally you do a one to one forwarding;
*TCP port 80 coming in on WAN1 forward to internal IP 192.168.1.10
You can also do port translation;
*TCP port 8080 coming in on WAN1, translate to port 80 and forward to internal IP 192.168.1.20
The internal range thing requires you to have a matching amount of WAN addresses as the amount of internal addresses you enter in the internal address range. So in this example:
The way it will work is;
- HTTP (port 80) traffic coming in on WAN IP 5.5.5.1 will be forwarded to internal IP 1.1.1.1
- HTTP (port 80) traffic coming in on WAN IP 5.5.5.2 will be forwarded to internal IP 1.1.1.2
- HTTP (port 80) traffic coming in on WAN IP 5.5.5.3 will be forwarded to internal IP 1.1.1.3
etc.
The error message you're getting is if you have entered a shorter range of WAN addresses compared to private LAN ones. But this is not probably the way you want to set it up anyways, to be honest I can't really think of any scenario where I would use this range feature.
Good morning Danthem,
I hope your day is going well. Thanks so much for taking the time to explain this to me. Is there a way to forward a specific port to a LAN IP address range? Have a great day!
God bless,
Bill
Hi Billissaved,
There's no way to forward a single port to several internal IP addresses, but there's not really any need for it. What's your end goal? What port do you need forwarded to several internal IPs and why?
Ifyou need to access let's say port 80 on several internal IPs you need to work around it using port translation, so for instance;
- Inbound traffic from WAN to to TCP port 80 -> go to 192.168.1.10:80
- Inbound traffic from WAN to TCP port 8080 -> go to 192.168.1.20:80
etc~
Good morning Danthem,
I hope your day is going well. I apologize for taking so long to reply to your message; I've been out of the office. I've been attempting find a work around for SIP communication issues. I'm aware of NAT translation and the problems it can cause, but I don't understand why NAT would be affecting the SIP packets since they were being sent to our remote location via IPsec VPN with passthrough enabled. We also have other VoIP traffic, which requires UDP ports typically used by SIP traffic, to be received by a NIC with a different IP address. When I saw that there was a range selection available in the port forwarding settings, I thought perhaps that would be a solution. However, you explaination regarding the function of this option made in unsuitable for my specific case.
I was able to successfully configure the router to pass the SIP traffic by enabling the SIP ALG feature, unfortunately that broke the other VoIP functionality. I suppose the router must be modifying the SIP packet headers somehow, even though they should be going through the IPsec VPN tunnel I mentioned earlier. I've tried everything I can think of to get these two protocols to play nice, but alas I've had no success. Thanks again for your assistance. Have a great day!
God bless,
Bill
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
