Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 15 replies
  • Answers 1 answer
  • Subscribers 31 subscribers
  • Views 23170 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNAT Setup not working

Maik Purwin

Hi,

i have installed latest XG 17.03 MR-3 as Nat Setup. I have Port1 for Lan (static) and Port2 for WAN (static). Routing from WAN is like that: WAN -> ISP Router -> XG -> Clients . I want to use DNAT for e.g. SSH to rewrite from Port 2222 to 22. I read DNAT Howto and set it up like this. It has worked one time, but since that any more. Firwall Rule is like that:

  • Source = WAN
  • Allowed Networks = Any
  • Blocking = empty
  • Destination = Server-IP (Client LAN)
  • Service = i created a new one for Port 2222
  • Rout to = Server-IP (Client LAN)
  • Port = 22
  • Zone = LAN
  • Change Port = unchecked
  • Default for advanced options, no masqu, no reflex rule
  • Firwall Logging = checked

I cant see any hint of Problems in Logs. Any help?

thx



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Ronak Sheth

    Hi,

    no screen, but configuration is on top and network is like that:       

    • Port1
    • LAN
    • Physikalisch
    • Verbunden
    • Automatisch ausgehandelt   
    • 192.168.0.4/255.255.255.0
    • Statisch
                     
    • Port2
    • WAN
    • Physikalisch
    • Verbunden
    • Automatisch ausgehandelt
    • 192.168.1.3/255.255.255.0
    • DHCP

    hope that helps.

Children
  • 0 in reply to Maik Purwin

    Hello Maik,

    this changes a little bit.

    You don't have i public-ip on your wan-interface, instead you have a transfer-net between the isp-router and the xg.

    Therefore on the isp-router must be existing a portforwardingrule, which will be forward the traffic from the isp-router to the xg.
    In your case you need a portforwardingrule on the isp-router, which will be forward every traffic for the isp-router-wan-ip:2222 to xg-port2-ip:2222.

    And make sure, that the isp-router don't use ipv6 (e.g. with ds-lite) for his connection to the internet. In this case i mean (but i'm not sure), you don't have the possibility to connect your xg via public-ip from outside.

     

    Mario