This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

port forwarding problem

Dear all,
can anyone figure out my problem?
I am using a ASG220, Release 6.200.
I want to make internal servers visible for administration purpose from the internet.
the tool is called Remote Administrator. default port 4899, but can be changed.
There is a description at http://www.radmin.com/index.php?lang_ui=en (english).

I'd like to do a port forwarding on one official ipaddress:

official-ip:4899 ----> internal-server1:4899
official-ip:4900 ----> internal-server2:4899
official-ip:4901 ----> internal-server3:4899
.....and so on.

On the Astaro box i set up the network and service definitions.
Packet filter rules are:
src: any --> service: 4899 --> allow --> dst: internal-server1
src: any --> service: 4900 --> allow --> dst: internal-server2
src: any --> service: 4901 --> allow --> dst: internal-server3
.....

But this is only working for the same service pair.
for example:
official-ip:4901 ----> internal-server3:4901

The nat-rules are:

rule-type --> dnat/snat
source--> any
destination address --> official-ip
service --> 4899
change source to --> :no change
change destination to --> internal-server1
service --> 4899

rule-type --> dnat/snat
source--> any
destination address --> official-ip
service --> 4900
change source to --> :no change
change destination to --> internal-server2
service --> 4899

rule-type --> dnat/snat
source--> any
destination address --> official-ip
service --> 4901
change source to --> :no change
change destination to --> internal-server3
service --> 4899

Can anyone help me on this issue?
thanks in advance

This thread was automatically locked due to age.

0 medic over 19 years ago

Hello schoetti

please check the protocol of your service! you can't
do a portmapping from UDP to TCP....
For example: if your Service with Port 4900 is configured to use TCP/UDP you can't map it to Port 4899 TCP!

Medic
Cancel
Vote Up 0 Vote Down

Cancel
0 schoetti over 19 years ago in reply to medic

Hello medic,

thanks for your answer, but all services are TCP.
schoetti
Cancel
Vote Up 0 Vote Down

Cancel
0 KKnecht over 19 years ago

Hi,
not quit sure, what your problem is, maybe missing some content details:
[ QUOTE ]
But this is only working for the same service pair.
for example:
official-ip:4901 ----> internal-server3:4901

[/ QUOTE ]
What do you mean by same service pair ??

Did you also set the necessary packet filter rules ?
From: Any Service:4899 To:Internal-Server-1
and so on ....
Cancel
Vote Up 0 Vote Down

Cancel
0 schoetti over 19 years ago in reply to KKnecht

Hi.
Just to make it more clear
this works:

official-ip:4899 ----> internal-server1:4899
official-ip:4900 ----> internal-server2:4900
official-ip:4901 ----> internal-server3:4901
.....and so on.

and this not (but it should):

official-ip:4899 ----> internal-server1:4899
official-ip:4900 ----> internal-server2:4899
official-ip:4901 ----> internal-server3:4899
.....and so on.

Thanks,
schoetti
Cancel
Vote Up 0 Vote Down

Cancel
0 fnacer over 19 years ago in reply to schoetti

I think Definitions > Services will allow you to do what you want to do.

Farid
Cancel
Vote Up 0 Vote Down

Cancel
0 schoetti over 19 years ago in reply to fnacer

Hi.
In which way?
I defined the services as
service1- TCP 1:65535 --> 4899
service2- TCP 1:65535 --> 4900
service3- TCP 1:65535 --> 4901
etc.
What am I doing wrong?

Thanks
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 19 years ago in reply to schoetti

It could also be that the application in use here does not like port translation, when implemented like that... I've had other apps that didn't in the past.
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 19 years ago

Your packetfilter rules are wrong...

Packetfiltering for the INT network comes after the NAT has happened, so your rules should all be for 4899 if that's what you're NATting to.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 schoetti over 19 years ago in reply to BarryG

Hi Barry.

Yes, I'm NATting to Port 4899.

Packet filter rules are:
src: any --> service: 4899 --> allow --> dst: internal-server1
src: any --> service: 4900 --> allow --> dst: internal-server2
src: any --> service: 4901 --> allow --> dst: internal-server3
.....

So, do I have to put in as well
src: any --> service: 4899 --> allow --> dst: internal-server1
src: any --> service: 4900 --> allow --> dst: internal-server2
src: any --> service: 4899 --> allow --> dst: internal-server2 service: 4901 --> allow --> dst: internal-server3
src: any --> service: 4899 --> allow --> dst: internal-server3
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 19 years ago in reply to schoetti

No, your ONLY rules for this should be:

src: any --> service: 4899 --> allow --> dst: internal-server1
src: any --> service: 4899 --> allow --> dst: internal-server2
src: any --> service: 4899 --> allow --> dst: internal-server3

Barry
Cancel
Vote Up 0 Vote Down

Cancel