Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 5 subscribers
  • Views 1009 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to reach internal SFTP/SSH server externally.

WABGOR_DAVE

Hello again all,

I have a bit of a head scratcher.

Background:

I've setup a linux server, to feed out the odd occasional file and large transfer, to some of our customers/partners. At the moment, this was going to constitute just using OpenSSH running on Ubuntu, with no terminal/shell access for them. FTP Proxy is NOT used/on.

Issue:

Internal traffic comes in fine (IP), however external traffic (FQDN or IP) makes it as far as the firewall NAT rule and then "vanishes".

Setup:

Base Linux Server running OpenSSH with UFW enabled <==> Sophos UTM 9.707 (SNAT and DNAT rules enabled, with External IP tied to an interface) <==> Internal / External clients with Putty, WinSCP, FileZilla etc.

Where else can I check on the UTM to see what is blocking/preventing traffic from coming through?

Snaps:

Snip of FW log

Can ping Public IP from server:

UFW rules:



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to jprusch

    Hello Philipp!

    That is what I have done (along with even tailing the log from the terminal to make sure I didn't miss anything), as noted by the small snippit in my posting:

    I think the issue is after this portion.

    I'm beginning to think it is a "NAT translation" issue.  On the UFW log, I see the rest come in to port 22 from my internal IP destined for the internal IP of the server. It is almost like something I experienced many, many, many, years ago on a router at home, and I think the issue was called a hairpin turn?  I'll either have to test from a PC not inside our network, to rule out the scenario, or find out how I mitigated it on my router and see if I can apply it to the UTM.

    Edit: clarified "translation" into "NAT translation" as I realized after it may have come across me meaning language.