Guest User!

You are not Sophos Staff.

Thread Info
  • Locked Locked
  • Replies 10 replies
  • Subscribers 5 subscribers
  • Views 24536 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to DNAT UDP port 80

MW

I have a client that has an application that requires a DNAT to port 80 via UDP.  Standard rule, External IP with a destination UDP port 80 maps to an internal IP.


But this doesn't work.  In fact, the packet filter rule never logs the UDP attempt at all.  At first we thought it was an application issue, so we changed the app to listen on UDP port 88.   We simply modify the service definition on the DNAT rule...and boom, it works and the packet is logged.


Change it back to UDP port 80....and nothing.  Behind the firewall, the application connects fine on port 80 UDP.

Because the packet isnt shown in the packet filter log it must be getting consumed by a service on the UTM.


Any ideas? 



This thread was automatically locked due to age.
Parents

  • Hi MW:

    are you solve this problem?

    Is add new service definition working for you?

    I have the same situation.

  • in reply to Josh Josh

    We did not.

    We confirmed the issue on two different UTM models at two different locations.  We it wasn't a ITSP issue because a tcpdump shows the UDP packet hitting the external interface.

    As usual Sophos support was unhelpful with their long delays and request to "reboot" and try again.

     

    Eventually we just had to change the application port to a different UDP port.

     

    Now, with that said, we haven't tried it again in probably a year.  So it could have been fixed.  My guess was the packet was getting eaten by web application or other proxy service before hitting the NAT rules.

  • in reply to MW

    Thanks MW for response

    It is so said to hear that. I will continue to do some research on this problem once i fix the problem i will inform to you.

     

    Wish me and you both good luck.

Reply Children
No Data
Unfiltered HTML