Guest User!

You are not Sophos Staff.

Thread Info
  • Locked Locked
  • Replies 10 replies
  • Subscribers 5 subscribers
  • Views 24531 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to DNAT UDP port 80

MW

I have a client that has an application that requires a DNAT to port 80 via UDP.  Standard rule, External IP with a destination UDP port 80 maps to an internal IP.


But this doesn't work.  In fact, the packet filter rule never logs the UDP attempt at all.  At first we thought it was an application issue, so we changed the app to listen on UDP port 88.   We simply modify the service definition on the DNAT rule...and boom, it works and the packet is logged.


Change it back to UDP port 80....and nothing.  Behind the firewall, the application connects fine on port 80 UDP.

Because the packet isnt shown in the packet filter log it must be getting consumed by a service on the UTM.


Any ideas? 



This thread was automatically locked due to age.
Parents

  • Hi MW:

    are you solve this problem?

    Is add new service definition working for you?

    I have the same situation.

  • in reply to Josh Josh

    Are you on a home or business internet line? Most residential ISPs will block port 80 on the modem. If its business you have to call the provider to open port 80 on the modem. 

    --
    SCA/UTM/XG  Sophos Platinum Partner

  • in reply to jflex

    Hi Jaesii:

    Thanks for reply quickly.

    I am not sure if our ISPs is open my port. but i do the flowing test:

     

    1) our application use UDP port 80 and client computer is inside in company. Server is outside and use like AWS cloud server.
    2)  client send request to server with UDP 80 and then client get response message.
     
    we do the test like
     
    1) we use moble phone wifi network skip company network(skip firewall) program is working well.
    2) use company network Server can get message from client but client can not get response from server.
    3) if we change the server UDP port from 80 to 82 or 40010 or 8080 it is also work.
     
    I will also check our ISPs for UDP 80 port. But the question is I just want to visited server UDP 80 port. it should be not limited for ISPs.
     
    Thank a lot
Reply
  • in reply to jflex

    Hi Jaesii:

    Thanks for reply quickly.

    I am not sure if our ISPs is open my port. but i do the flowing test:

     

    1) our application use UDP port 80 and client computer is inside in company. Server is outside and use like AWS cloud server.
    2)  client send request to server with UDP 80 and then client get response message.
     
    we do the test like
     
    1) we use moble phone wifi network skip company network(skip firewall) program is working well.
    2) use company network Server can get message from client but client can not get response from server.
    3) if we change the server UDP port from 80 to 82 or 40010 or 8080 it is also work.
     
    I will also check our ISPs for UDP 80 port. But the question is I just want to visited server UDP 80 port. it should be not limited for ISPs.
     
    Thank a lot
Children
No Data
Unfiltered HTML