Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 28 subscribers
  • Views 6300 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port Forward in v18 - am I missing something?

aaa kkk

Hi

So I’m trying to forward a port for SSH into a Linux box on my training system.

I’ve set up a new service for port 65535 nice and high and out of the way. I want to forward it to an internal server on 192.168.1.10 on port 22.

On v17 there was an option in the rule to do this. I don’t see this in v18 and what looks like it should be the right place which is on the nat rule page changing my custom ssh service port to PAT ssh just says "Original and translated services don't match.". Which is kind of the point?

Can we not port forward like this any more?

I don’t want to forward port 22 because I’m already using that for accessing this firewall remotely (locked down to my remote ip obviously)

Any pointers would be great

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    yes, you should be using a WAF rule and TCP 1:65535 22.

    Ian

  • 0 in reply to rfcat_vk

    Why waf rule? I'm trying to get an incoming ssh request on port 65535 on public ip of the firewall which should be forwarded to internal server on port 22.

  • 0 in reply to aaa kkk

    Hi,

    your issue is you cannot use the same port on the same address for two different devices.

    A solution which will improve your XG security.

    Create an account on the CM (free has 7 data retention limit), hat will allow you to setup TFA and manage your XG from anywhere.

    Disable the SSH accession the external XG interface.

    Create your firewall rule to allow access to your internal server but use the TCP 1:65535 to 22 service definition. Unless you control the outgoing network for your remote access you will not be able to restrict your remote SSH to only use 65535.

    Ian

  • 0 in reply to rfcat_vk

    You're totally missing the point, please don't take the ports I mentioned literally and take a look at the following screenshot from my v17:

     

    In the scenario above, if I ssh to my WAN ip to port 7890 from outside the network it will forward that request to internal server at 192.168.1.10 on port 22! 

     

    Now, in v18 you can not do this anymore, e.g if you want to map a port "1234" on wan IP to internal server 192.168.1.10 port "443 or any damn port" it will not let you! It throws an error:  "Original and translated services don't match."

     

    I hope you get it now.

Reply Children
No Data