This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port Forwarding

So i have been looking on some documentation on how to setup port forwarding on UTM 9. havent had much luck. I am assuming i need a NAT and Firewall rule to make this work.

What i need is the following.
Traffic from a group of specific IP's using port 22 to connect to a server on the internal side of the astaro.

Can anyone point me to some documentation or maybe give me some steps. I am sure this is fairly easy to do i am just not familiar enough with the way UTM does things yet

This thread was automatically locked due to age.

0 tomellis6680 over 12 years ago

Hi, if you add a D-NAT rule - from ANY using service 'port 22' to External WAN - redirected to 'chosen LAN side IP' then tick automatic firewall rule.

That'll do it
Cancel
Vote Up 0 Vote Down

Cancel
0 tomellis6680 over 12 years ago

I should've said instead of 'any' you'll need to created a new external IP pool of whomever you want to have access to the LAN side
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 12 years ago

Hi, deldran and tomellis, and welcome to the User BB!

Cool! Tom's already answering other folks questions the first day here.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 deldran over 12 years ago

Ok Tom i tried that and its still not working.  I tried making a putty connection through a different gateway we have and i never see it show up in the firewall log.

1st i made a new network group to include ip's that will use this rule
2nd i made the dnat rule that goes
    From -> EDI, service -> SSH to External 2
    Switch to Server, and SSH

I think the hiccup here might be that i am using 2 ports up uplink.  Multipath is turned on.  all our e-mail traffic goes out one port while web traffic goes out external 2 port.  I was going to make the destination to uplink ports but did not seee it as an option in the nat rule
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 12 years ago

Multipathing doesn't make any difference with the DNAT. Conntrack will cause the UTM to send responses from internal devices from the public IP that received the request.

I responded to a similar question yesterday: https://community.sophos.com/products/unified-threat-management/astaroorg/f/54/t/41171

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 deldran over 12 years ago in reply to BAlfson

I got it fixed the server needed a route. stupid pain medicine putting me in a fog today lol.

Thanks for the help
Cancel
Vote Up 0 Vote Down

Cancel