Hi,
I've spent a lot of time today trying to get 9.2 to route VNC connetions without any success. The goal is to access the pc whose ip is 192.168.0.7 from both the lan by entering 192.168.0.7:6907 in the vnc client, and by entering http://www.mywebsite.com:6907 from anywhere on the wan.
It works as expected on the lan side (the utm should not be involved with lan stuff).
While testing an a completely different isp circuit, all I get is timeouts.
There are no windows firewall rules in the way, plus it worked as expected before switching to Sophos from Microsoft TMG.
I was able to create a successful NAT to the web server that resides at 192.168.0.3. I basically modified a copy of the web server rule for the vnc, plus created a new one as well, and without success.
If I go to the "LiveLog" view, I can see the attempt... here it is...
01:59:17 Default DROP TCP 12.1xx.xx8.x4:60468 → 299.666.6.6:6907 [SYN] len=48 ttl=122 tos=0x00 srcmac=0:1e:***xx:4c:0 dstmac=6c:f0:49:ee:***xx
Not sure why its coming in on port 60468???
Below is my config:
DNAT RULE
Traffic selector: Any VNC - 6907 External (WAN) (Address)
Destination translation: SBWS-XP1
Automatic Firewall rule: YES
SERVICE DEF
Name: VNC - 6907
Type: TCP
DPort: 6907
SPort: 6907
NETWORK DEF
Name: SBWS-XP1
Type: Host
IPv4 Addr: 192.168.0.7
Interface: Any
Matching Conditions:
For Traffic from: ANY
Using Service: VNC - 6907
Going to: External (WAN) (Address) also tried (WAN) (Network)
Action:
Change dest to: SBWS-XP1
and the service to: empty
Auto Firewall rule is checked
Thanks for any pointers,
Stanley
This thread was automatically locked due to age.
