Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 2 subscribers
  • Views 1686 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port-forwarding ?

MLWALK3R
So been using the Firewall for a while now but i cannot make any ports open no matter what, Allowed them via firewall turned off IPS. Is there a guide to open ports so port scanner can see them ?


This thread was automatically locked due to age.
  • 0
    Hi, if you're trying to allow internet traffic to access your internal servers/services, you need firewall rules AND DNAT.

    see: How to Port Forward Service Ports with NAT: Astaro Security Gateway

    Barry
  • 0
    Did what it said but ports are still closed..
  • 0
    Maybe you're running into what I call Rule #4:

    When creating DNATs for traffic arriving from the internet, in "Going to:" always use the
    "(Address)" object created by WebAdmin when the interface or the Additional Address was defined.
    Using a regular Host object will cause the DNAT to fail as the packets won't qualify for the traffic selector.


    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    This is how i have done it 


  • 0
    Can you show a pic of the service you created and the definition for win-1. Also check the log files (IPS, Firewall log) for any dropped traffic when you are testing the DNAT.

    It shouldn't be an issue here, but it is a good practice to choose the External (WAN) Address definition instead of the External (WAN) Network as it could lead to issues if you had multiple addresses and DNATs.
  • 0
    Also, in a NAT rule, if you aren't changing something, best practice is to leave it blank.  In this case, since you're using a single port, it shoudln't be a problem, but it doesn't help anything.

    Since you selected 'Automatic firewall rule' in the NAT, Firewall rule #1 has no effect.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Cookie Information Banner