Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 4037 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port forwarding with Fritzbox as modem

Simon Kallenbach

Hello all, i am trying to forward a port (80) from internet to my IP cam. 

Here is my network scenario

I did forward port 80 in Fritzbox, that seems to work. I forward 4444 to Sophos for testing and it worked. I could open Sophos Webgui on public ip.

Here is my Firewall Rule:

actual tried with network Any instead of WAN but didn't work either.

Here my dnat rule

 

So what I have tried.

I tired to call my Ip address with port 80 and firewall log says:

19:23:49 Default DROP TCP  
91.67.X.X : 53292
192.168.150.2 : 80
 
[SYN] len=60 ttl=62 tos=0x00 srcmac=cc:ce:1e:b8:0b:6b dstmac=00:1f:29:03:5a:6c

 

Then I connected a device to Fritzbox and tried to open 192.168.155.2:80 and firewall says:

192.168.150.102 : 51124
192.168.150.2 : 80
 
[SYN] len=60 ttl=64 tos=0x00 srcmac=fc:65:de:ad:aa:5e dstmac=00:1f:29:03:5a:6c

 

I tried so many settings like setting up snat or network masqerade. I did try even firewall rule any network using any port to any networks but that didn't work as well.

It drives me nuts.  Let me know if I missed information to share.

I do appreciate every help

thank you in advance

Simon



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Besides the question  LuCar asked, you will need a port range for your DNAT. Why do you have the WAN and device in both sides of a rule? You will need two rules.

    You have the fritz box setup as a router not a modem and your life would be made a little easier if you changed the fritz box into a modem in bridge mode.

    Ian

  • 0 in reply to rfcat_vk

    I am sorry, actual Fritzbox is setup as router but functionality of a modem with port forwarding because I use all services which define a router on Sophos UTM. So I just call the Fritzbox 6390 as a modem but its still a router.

     

    I've made 2 rules and I think I am getting closer:

    On calling of public IP I get this in Firewall Log

    21:51:08 Default DROP TCP  
    192.168.150.1 : 34726
    192.168.150.2 : 80
    		 
    [SYN] len=60 ttl=64 tos=0x00 srcmac=cc:ce:1e:b8:0b:6b dstmac=00:1f:29:03:5a:6c

     

    Where do you want me to put a Port Range in DNAT rule ?

  • 0 in reply to Simon Kallenbach

    Hi,

    as LuCar advised you are in the wrong forum, this is thew XG forum.

    By the look of your log entry the fritz box has NAT running and is sending you a port range, not http, so you would need to change the incoming to a port range.

    Ian

  • 0 in reply to rfcat_vk

    The issue here is, the Fritzbox is performing Fullnat not DNAT. 

    Also the DNAT Rule is wrong.

    DNAT needs to be setup like this:

    Top: How does the traffic look incoming?

    Source: Internet v4

    Service HTTP

    Destination WAN Interface of UTM. 

    Bottom: How should the traffic look after NAT? 

    DNAT: Destination Change to Webserver. 

Reply
  • 0 in reply to rfcat_vk

    The issue here is, the Fritzbox is performing Fullnat not DNAT. 

    Also the DNAT Rule is wrong.

    DNAT needs to be setup like this:

    Top: How does the traffic look incoming?

    Source: Internet v4

    Service HTTP

    Destination WAN Interface of UTM. 

    Bottom: How should the traffic look after NAT? 

    DNAT: Destination Change to Webserver. 

Children