My ISP/Srv Software have me cornered (can't change SrcPort in Software and ISP refuses to pass traffic on port 123 to me so replies never return), my FW appears to be the only way out. I can't seem to figure out how to get the NAT statement I want/need into the XG. Maybe there is a secret menu or console command that unlocks full nat control or I am totally overlooking something.
What I want to do:
SrcInt LAN
SrcIP 10.0.0.1
SrcPort 123
DstInt WAN
DstIP NTPServers
DstPort 123
UDP
NAT TO
SrcInt WAN
SrcIP WAN_INT_IP
SrcPort 15000
DstInt WAN
DstIP NTPServers
DstPort 123
UDP
Getting the SrcIP to change I have down, I can't figure out how to manipulate the source port. Outbound Masq just modifies SrcIP, if there is an option to randomized SrcPort I would be golden. So my second tactic was to write a Business Rule of the above reversing things where I listen on WAN_IP:15000 and translate to 10:0.0.1:123. That rule only works if I initiate the packet from my WAN, it does not work if I initiate from my LAN in the the expected use case. It appears outbound the XG does not fully apply the business rule and the source port and traffic passes the business rule but leaves as WAN_IP:123 to NTPServers:123 instead of the WAN_IP:15000 to NTPServers:123 I was hoping for. I tried every combination of checkbox on the business rule of reflexive and masq to no luck.
Any Ideas? hopefully I am overlooking something simple.
This thread was automatically locked due to age.
