Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 15 replies
  • Answers 1 answer
  • Subscribers 31 subscribers
  • Views 23158 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNAT Setup not working

Maik Purwin

Hi,

i have installed latest XG 17.03 MR-3 as Nat Setup. I have Port1 for Lan (static) and Port2 for WAN (static). Routing from WAN is like that: WAN -> ISP Router -> XG -> Clients . I want to use DNAT for e.g. SSH to rewrite from Port 2222 to 22. I read DNAT Howto and set it up like this. It has worked one time, but since that any more. Firwall Rule is like that:

  • Source = WAN
  • Allowed Networks = Any
  • Blocking = empty
  • Destination = Server-IP (Client LAN)
  • Service = i created a new one for Port 2222
  • Rout to = Server-IP (Client LAN)
  • Port = 22
  • Zone = LAN
  • Change Port = unchecked
  • Default for advanced options, no masqu, no reflex rule
  • Firwall Logging = checked

I cant see any hint of Problems in Logs. Any help?

thx



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Maik Purwin

    Hi Mark,

    tried to create a new service (protocol rule) and found as you did * translates which it didn't in earlier releases.

    Do you have 22 disabled in the XG access, I am not sure what the effect would be either way. I suspect you would need to disable 22 in XG external interface, my thoughts.

    Ian

  • 0 in reply to rfcat_vk

    Hi,

    ok. At all if i say * or enter the whole Portrange, it must work too.  Do we talk about Zones? Than SSH is active for LAN but not for WAN, but this is only the Access to XG. I want to DNAT from external e.g. Port 22222 to internal Port 22.

  • 0 in reply to Maik Purwin

    Hi  ,

     

    Can you share the snapshot of your firewall rule and network interface?

     

    Also let us know IP of Destination Host and Protected Server.

     

    Regards, Ronak.

  • 0 in reply to Ronak Sheth

    Hi,

    no screen, but configuration is on top and network is like that:       

    • Port1
    • LAN
    • Physikalisch
    • Verbunden
    • Automatisch ausgehandelt   
    • 192.168.0.4/255.255.255.0
    • Statisch
                     
    • Port2
    • WAN
    • Physikalisch
    • Verbunden
    • Automatisch ausgehandelt
    • 192.168.1.3/255.255.255.0
    • DHCP

    hope that helps.

  • 0 in reply to Maik Purwin

    Hello Maik,

    this changes a little bit.

    You don't have i public-ip on your wan-interface, instead you have a transfer-net between the isp-router and the xg.

    Therefore on the isp-router must be existing a portforwardingrule, which will be forward the traffic from the isp-router to the xg.
    In your case you need a portforwardingrule on the isp-router, which will be forward every traffic for the isp-router-wan-ip:2222 to xg-port2-ip:2222.

    And make sure, that the isp-router don't use ipv6 (e.g. with ds-lite) for his connection to the internet. In this case i mean (but i'm not sure), you don't have the possibility to connect your xg via public-ip from outside.

     

    Mario