Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 2 subscribers
  • Views 3015 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall blocks DNAT rule. New to UTM.

Dalew89
Hi All,

First of all I want to say what a great board this is, everyone seems to love helping which is awesome to see!! [:)]

I previously used pfSense and coming to this product is awesome, i am however having problems with DNAT rules. Despite putting in a DNAT rule from External to a host in my network the firewall still blocks the connection. 

I have a modem 10.0.0.1 and a nic on the UTM 10.0.2, the gateway for this i 10.0.0.1. The modem is set to DMZ to 10.0.0.2, all incoming connections go to 10.0.0.2. My internal network is 192.168.2.0-255. When i set a DNAT rule from Internet to 192.168.2.202 for port 22 the firewall live log shows 10.0.0.2:22 getting blocked. 

Ive attached two screenshots to show what i mean. The arrow points to my connection attempt (made from my phone)

No doubt this is a simple error im making, i am quite new to this and really would appreciate your help if you can.

Cheers
Dale


This thread was automatically locked due to age.
Parents
  • 0
    You have your DNAT rules wrong. You should configure them for traffic arriving at your external interface (not arriving at your internal machine). This would be something like:  External WAN (Address)   (Make sure to use the one with (Address) behind it).

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Reply
  • 0
    You have your DNAT rules wrong. You should configure them for traffic arriving at your external interface (not arriving at your internal machine). This would be something like:  External WAN (Address)   (Make sure to use the one with (Address) behind it).

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Children
No Data
Cookie Information Banner