Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 17 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 36208 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Routing from WAN to LAN - Some help needed

Jimmy Le man

Hello everybody,

I need some help here. I recently migrated from pfSense to Sophos XG home and I really like it, but I have some trouble getting my routing configured.

Basically I want to configure remote access to my media servers. What I did is: 

  1. Port forwarding from my provider's modem/router to Sophos (which worked before so that ok)

  2. Created a policy to allow the traffic

  3. Routed the traffic to the IP (in many different possibilities by now)

But its not working. In the logs I see denied traffic but its from a different source IP. 
I'm sure is a misconfiguration but I don't see where.



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Ronak Sheth

    As a gateway. Don't be fooled by the 192.168.0.107 WAN IP. Its normal because of the providers modem/router device.

    I'm trying the access it from the WAN on the LAN.

    The goal is to access my media servers (again) to stream my personal music on my phone and access my Nextcloud database.

Children
  • 0 in reply to Jimmy Le man

    Try this:

    Verify if the traffic is actually hitting the firewall by SSHing to the backend and selecting Option 5 > 3 to go to Advanced Shell.

    Run tcpdump -i Port2 port <Subsonic Port>

    While this is running, try accessing the service externally and see if there are packets flowing. If you could show a screenshot, that would be great.

  • +1 in reply to Jimmy Le man

    Hello ,

     

    That is fine to have a private IP on the WAN interface. Your business rule is incorrect.

     

    1. Go to Host and Service > Service and add a service with source port "1:65535" and destination port "1994" "35665" " 35666" and "35661"
    2. Go to Firewall and create a business rule as following
      • Source Zone: WAN / LAN
      • Allowed Client Network: Any
      • Destination Port: #Port2-192.168.0.107 from the dropdown
      • Service: Select the above service
      • Protected Server: Server to which you want to forward your traffic
      • protected Zone: LAN
      • Change Destination Port: disable
      • Rewrite source address (Masquerading): disable, if not working enable it.

     

    Good Luck!!!

    Regards, Ronak.

     

     

     

  • 0 in reply to Ronak Sheth

    Hello Ronak,

    I tried that and changed a few other things as well, but its not working, so I'm giving up.

    I really appreciate your time and help, and the help of this awesome community! But I just don't have the time anymore to figure everything out. I wanted something easy to configure so i can continue with my other tasks (my LPIC exams) but apparently my Firewall knowledge is to limited.
    In my professional life I mainly use Fortinet and Barracuda, so its probably best for me to stick with these brands for now until I gather more time and knowledge to dive into a new platform.

    Thanks again,
    Jimmy