This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
SRX5308 Range mismatch in WAN Destination IP addresses and LAN server IP addresses
Good afternoon everyone,
I hope your day is going well. I'm attempting to configure an inbound IPv4 firewall rule that will forward a particular port range to a specific private IP address range (e.g., 192.168.2.15 - 192.168.2.10). The issue I'm having, which I'm sure is being caused by my ignorance, is that as soon as I select "Address Range" in the "Send to Lan Server:" drop-down list, the only option available in the "WAN Destination IP Address:" drop-down list is "Address Range". I expected the range to be the WAN address of the router, however when I enter that information, I get the following message:
Range mismatch in WAN Destination IP addresses and LAN server IP addresses
As I mentioned previously, I'm sure that this problem has a simple solution; my thick-headness is preventing me from seeing it. I very much appreciate any assitance you are willing to offer in order to resolve this problem and help me achieve my goal. Thanks in advance for your time. Have a great day!
Re: SRX5308 Range mismatch in WAN Destination IP addresses and LAN server IP addresses
I think it's important to know your end goal here.
Normally you do a one to one forwarding; *TCP port 80 coming in on WAN1 forward to internal IP 192.168.1.10
You can also do port translation;
*TCP port 8080 coming in on WAN1, translate to port 80 and forward to internal IP 192.168.1.20
The internal range thing requires you to have a matching amount of WAN addresses as the amount of internal addresses you enter in the internal address range. So in this example:
The way it will work is;
HTTP (port 80) traffic coming in on WAN IP 5.5.5.1 will be forwarded to internal IP 1.1.1.1
HTTP (port 80) traffic coming in on WAN IP 5.5.5.2 will be forwarded to internal IP 1.1.1.2
HTTP (port 80) traffic coming in on WAN IP 5.5.5.3 will be forwarded to internal IP 1.1.1.3
etc.
The error message you're getting is if you have entered a shorter range of WAN addresses compared to private LAN ones. But this is not probably the way you want to set it up anyways, to be honest I can't really think of any scenario where I would use this range feature.
Re: SRX5308 Range mismatch in WAN Destination IP addresses and LAN server IP addresses
I think it's important to know your end goal here.
Normally you do a one to one forwarding; *TCP port 80 coming in on WAN1 forward to internal IP 192.168.1.10
You can also do port translation;
*TCP port 8080 coming in on WAN1, translate to port 80 and forward to internal IP 192.168.1.20
The internal range thing requires you to have a matching amount of WAN addresses as the amount of internal addresses you enter in the internal address range. So in this example:
The way it will work is;
HTTP (port 80) traffic coming in on WAN IP 5.5.5.1 will be forwarded to internal IP 1.1.1.1
HTTP (port 80) traffic coming in on WAN IP 5.5.5.2 will be forwarded to internal IP 1.1.1.2
HTTP (port 80) traffic coming in on WAN IP 5.5.5.3 will be forwarded to internal IP 1.1.1.3
etc.
The error message you're getting is if you have entered a shorter range of WAN addresses compared to private LAN ones. But this is not probably the way you want to set it up anyways, to be honest I can't really think of any scenario where I would use this range feature.
Re: SRX5308 Range mismatch in WAN Destination IP addresses and LAN server IP addresses
Good morning Danthem,
I hope your day is going well. Thanks so much for taking the time to explain this to me. Is there a way to forward a specific port to a LAN IP address range? Have a great day!
Re: SRX5308 Range mismatch in WAN Destination IP addresses and LAN server IP addresses
Hi Billissaved,
There's no way to forward a single port to several internal IP addresses, but there's not really any need for it. What's your end goal? What port do you need forwarded to several internal IPs and why?
Ifyou need to access let's say port 80 on several internal IPs you need to work around it using port translation, so for instance;
Inbound traffic from WAN to to TCP port 80 -> go to 192.168.1.10:80
Inbound traffic from WAN to TCP port 8080 -> go to 192.168.1.20:80
Re: SRX5308 Range mismatch in WAN Destination IP addresses and LAN server IP addresses
Good morning Danthem,
I hope your day is going well. I apologize for taking so long to reply to your message; I've been out of the office. I've been attempting find a work around for SIP communication issues. I'm aware of NAT translation and the problems it can cause, but I don't understand why NAT would be affecting the SIP packets since they were being sent to our remote location via IPsec VPN with passthrough enabled. We also have other VoIP traffic, which requires UDP ports typically used by SIP traffic, to be received by a NIC with a different IP address. When I saw that there was a range selection available in the port forwarding settings, I thought perhaps that would be a solution. However, you explaination regarding the function of this option made in unsuitable for my specific case.
I was able to successfully configure the router to pass the SIP traffic by enabling the SIP ALG feature, unfortunately that broke the other VoIP functionality. I suppose the router must be modifying the SIP packet headers somehow, even though they should be going through the IPsec VPN tunnel I mentioned earlier. I've tried everything I can think of to get these two protocols to play nice, but alas I've had no success. Thanks again for your assistance. Have a great day!
Re: SRX5308 Range mismatch in WAN Destination IP addresses and LAN server IP addresses
Hi Bill,
I'd recommend reaching out to your VOIP provider to see if they have any ideas and then if needed contact Netgear through the official support channel (depending on your support status; phone, online ticket or chat). They can help you through some extensive troubleshooting to figure out the root cause of the issues and hopefully be able to get everything working as expected for you!
