Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 2711 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port Forward to an internal server

chris da5

Hello,

There is 2 internet connection from 2 isp.

One at 192.168.0.x (Failover)

2nd at 192.168.1.x (this one in use)

 

All the network is at 192.168.100.xx

I need to open the port 8100 to an internal server at 192.168.100.210 and i cant get it work.

Here is the screenshots from the business rule : 

 

 

Thanks a lot for your help.



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi chris da5,

    Thank you for providing screenshot of the DNAT rule. What is the source port configured in service "port-8100"? is it port range from 1:65535 or specific port? 

    If you have specific port configured in source, please change it to 1:65535 and try to access your internal server. 

    Also is there any NAT configured on this DNAT rule? 

    Thanks,

     

  • 0 in reply to FormerMember

    Thanks for your help.

     

    here is the port8100

    What do you mean by configured nat?

  • FormerMember
    0 FormerMember in reply to chris da5

    Hi chris da5,

    Under Advanced > Routing > is Rewrite source address(masquerading) checked off? If it is remover it. 

    You can also check if the traffic on port 8100 even reaching the XG firewall or stopped before it hits the firewall by running packet capture on source public IP address. 

    Please follow this KB Article : Sophos XG Firewall: How to filter packets using packet capture and check if you see traffic on XG firewall on port 8100? 

    If you do not see traffic on XG, it could be your ISP blocking communication on that port. 

     

    Thanks,

  • 0

    Hello,

     

    Your firewall IP is 192.168.1.2. I assume that there is another router between your XG and Internet doing NAT.

    Did you redirect the 8100 port of your router to the 192.168.1.2 IP? Or you can try to place the 192.168.1.2 in the DMZ, in order to redirect all the ports to the XG and let the XG filter the ports.

     

    Regards

    Viken

    XG Certified Architect

    Sophos Gold Partner - Reseller from Lyon, France

  • 0 in reply to FormerMember

    rewrite source address was unchecked.

     

    For packet capture, is source IP the server IP?

  • 0 in reply to VikenNajarian

    Thanks for your help.

    I disabled (maybe not correctly?) both firewall of the isp router.

    I already create 2 dmz one for 192.168.1.x and one for 192.168.0.x

  • +1 in reply to chris da5

    go in diagnostics >packet capture of XG, click on configure, and type : port 8100 (in "Enter BPF string") then save like this:

    then tick the "on" button and try to reach your public IP with port 8100 from the internet and see what happens on the packet capture, you should see things like this when you click on the "refresh" button:

    If the capture result is empty, this is because the traffic don't even reach your XG, so this is your ISP router that it is blocking the traffic before it reaches the XG.

    Viken

    XG Certified Architect

    Sophos Gold Partner - Reseller from Lyon, France

  • 0 in reply to VikenNajarian

    thanks! you right, the traffic dont even reach my xg.

    i'll investigate on isp routers thanks

Cookie Information Banner