Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 13686 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NAT rule not allowing traffic if I am at home

Justin Rutledge

I have a DNAT rule set up to port forward port 8445 to my simplehelp server.  It has been working just fine whether I am at home not, but all of a sudden today it only works if I am not at home.  Screenshots are attached of the rule.  If I am at home, and I try going to that server using my dyndns address for my WAN IP address and the port, the traffic never goes anywhere.  In fact I get an invalid traffic error in the log.  I attached a screenshot of that as well.  Any ideas out there??  If I am not at home, and I use my dyndns address and port, it works just fine still...

 

 



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to lferrara

    lferrara, I do not understand how to make a LAN to WAN network firewall rule that will forward port 8445 traffic to my internal server.  Same question I asked last time you posted this answer.  If this is indeed what I need to do, I need help understanding how.  Can you please help guide me?

  • 0 in reply to Justin Rutledge

    1. Create a new firewall rule (network rule and not BAR)

    2. Source is LAN

    3. Destination is WAN and specify the WAN IP you would like to reach

    4. Service 8445

    4. MASQ OFF.

  • 0 in reply to lferrara

    See, that doesn't make sense.  I think we have confused each other.  My server that I want to reach is inside my network, not outside my network somewhere else.  In other words, the server has a LAN IP address.  The port forward rule I have in place works just fine if I am not at home and want to reach my server.  I simply type http://rutman286home.dyndns-ip.com:8445 into my browser, which resolved to my WAN IP address, and my port forwarding rule takes me right to my server and all is well.  The problem is when I am sitting at home on my network and I want to go to http://rutman286home.dyndns-ip.com:8445 (which points to my WAN IP address at port 8445), that times out rather than making it to my server via my port forwarding rule.  I thought solving that problem would be as easy as making the source zone *any zone*, but that doesn't seem to be working.

  • 0 in reply to Justin Rutledge

    Hi Justin,

    If XG is the DNS server for the internal devices then add a DNS host entry for server address which will resolve the internal requests to the server. Please refer to, Sophos XG Firewall: How to add a static DNS host entry.

    If XG is acting as DNS server for the internal devices then, you are having issues with NAT reflection and to resolve that you might need to configure the following settings:

    Configure Business Application Rule > Application Template [DNAT/ FULL NAT]

    Allowed Client Network: Configure an IP Host with a Network definition of your internal network (for example, 192.168.1.0/24)

    Source Zone: LAN

    Destination & Services | Destination Host Network: Choose your hosted WAN interface.

    Forward the required ports (you can't do a TCP & UDP forward in one rule, you will need 2 rules, one for TCP ports and other for UDP ports).

    Forward To:

    Protected Server: Choose the Server host definition

    Protected Zone: LAN

    Rewrite Source Address: On

    Log Firewall Traffic: On

    Thanks

  • 0 in reply to sachingurung

    Okay i ended up figuring this one out.  It threw me for a look for a while, and I greatly appreciate all of your help!  I ended up having to make separate UDP and TCP DNAT rules.  In SimpleHelp the technician client only connects to the server using TCP.  However, for speed reasons I have all of my clients connecting to the server over UDP... that being a recent change from TCP is what actually caused the problem.  

     

    All is well now.  Thanks again.