Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 15 replies
  • Answers 1 answer
  • Subscribers 31 subscribers
  • Views 23173 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNAT Setup not working

Maik Purwin

Hi,

i have installed latest XG 17.03 MR-3 as Nat Setup. I have Port1 for Lan (static) and Port2 for WAN (static). Routing from WAN is like that: WAN -> ISP Router -> XG -> Clients . I want to use DNAT for e.g. SSH to rewrite from Port 2222 to 22. I read DNAT Howto and set it up like this. It has worked one time, but since that any more. Firwall Rule is like that:

  • Source = WAN
  • Allowed Networks = Any
  • Blocking = empty
  • Destination = Server-IP (Client LAN)
  • Service = i created a new one for Port 2222
  • Rout to = Server-IP (Client LAN)
  • Port = 22
  • Zone = LAN
  • Change Port = unchecked
  • Default for advanced options, no masqu, no reflex rule
  • Firwall Logging = checked

I cant see any hint of Problems in Logs. Any help?

thx



This thread was automatically locked due to age.
Parents
  • 0

    Hello Maik,

     

    in my eyes there are two false settings:

    As "Destination" you must define the external WAN-IP of the xg, which will be contacted from the client outside.

    The second thing you must change is: You must set the portmapping by checking of "Change Destination Port(s)": 2222 to 22. This will be changing the destinationport from 2222 to 22.

     

    For me it should be look so:

    Source = WAN
    Allowed Networks = Any
    Blocking = empty
    Destination = WAN-Interface of XG, which in contacted from the client outside
    Service = i created a new one for Port 2222
    Forward to = Under "Protected Server" use the Server-IP (Client LAN)
    Mapped Port = 2222 to 22 (check the flag "Change Destination Port(s)")
    Protected Zone = LAN
    Change Port = checked
    Default for advanced options, no masqu, no reflex rule
    Firwall Logging = checked

    GOOD LUCK!

     

    Mario

Reply
  • 0

    Hello Maik,

     

    in my eyes there are two false settings:

    As "Destination" you must define the external WAN-IP of the xg, which will be contacted from the client outside.

    The second thing you must change is: You must set the portmapping by checking of "Change Destination Port(s)": 2222 to 22. This will be changing the destinationport from 2222 to 22.

     

    For me it should be look so:

    Source = WAN
    Allowed Networks = Any
    Blocking = empty
    Destination = WAN-Interface of XG, which in contacted from the client outside
    Service = i created a new one for Port 2222
    Forward to = Under "Protected Server" use the Server-IP (Client LAN)
    Mapped Port = 2222 to 22 (check the flag "Change Destination Port(s)")
    Protected Zone = LAN
    Change Port = checked
    Default for advanced options, no masqu, no reflex rule
    Firwall Logging = checked

    GOOD LUCK!

     

    Mario

Children
No Data