Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 1545 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port Forward/redirect

EKS
The Static IP that the firewall is seen by from the internet side is A.B.247.1
The DMZ is C.D.2.1
I want to forward A.B.247.1:80 to C.D.2.1:443
What I want to do is be able to access port 443 on the email server that is behind the firewall by using any computer on the internet to access a specified port on our website.


This thread was automatically locked due to age.
Parents
  • 0
    I am trying to do the exact same thing.  Want to forward Terminal services port from the firewall to an internal ip address.  I can't seem to get SNAT or DNAT to allow an internal ip as the destination.
  • 0 in reply to funkychicken
    I figured out how to do it.

    First create a service with whatever port it is (my case was terminal services port 3389)

    So under services I created  
    name                source       dest
    terminal-services  1024:65535   3389

    Then Under networks I defined the machine I wanted to connect to

    name        ip             subnet
    server     10.0.0.100     255.255.255.255

    So under DNAT
    pre dnat                       post dnat
    network   service             network   service
    external   terminal-services  server  terminal-services

    Then of course make sure you allow the host necessary to access that service in your Filters.

    Hope this helps.. worked for me!

    FunkyC
Reply
  • 0 in reply to funkychicken
    I figured out how to do it.

    First create a service with whatever port it is (my case was terminal services port 3389)

    So under services I created  
    name                source       dest
    terminal-services  1024:65535   3389

    Then Under networks I defined the machine I wanted to connect to

    name        ip             subnet
    server     10.0.0.100     255.255.255.255

    So under DNAT
    pre dnat                       post dnat
    network   service             network   service
    external   terminal-services  server  terminal-services

    Then of course make sure you allow the host necessary to access that service in your Filters.

    Hope this helps.. worked for me!

    FunkyC
Children
No Data
Unfiltered HTML