This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port Forwarding for VLAN Client

Hi,
I'm trying to port foward a RDP port to one of the VLAN PC.
The VLAN works fine as the PC can access to the internet without issues.
In addition, the UTM can ping to the PC as well.
I'm not sure where went wrong, please help.
Below is my NAT configurations:
New Service Definition
Name: RDP_53600
Type of Definition: TCP
Destination Port: 53600
Source Port: 1:65535

New NAT rule
Name: RDP-to-VLAN
Group: No group
Position: Bottom
Traffic Source: Any
Traffic Service: RDP_53600
Traffic Destination: External (address)
NAT Mode: DNAT (destination)
Destination: VLAN-PC
Destination Service: Microsoft Remote Desktop (RDP)

Thanks
Alex



This thread was automatically locked due to age.
Parents
  • Hi, Alex, and welcome to the UTM Community!

    My first guess would be that the "VLAN PC" definition violates #3 in Rulz.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • sorry for the late update.

    I managed to get the RDP NAT up.

    It's due to my internal network range begin 192.168.0.0/16 while the VLAN network is 192.168.100.0/24

    i think the UTM got confused where to route the packets to.
    The issue got resolved when i changed my VLAN network to 192.165.100.0/24!

    But now i have another issue =(

    The same settings does not work for a common public port.

    Name: Port-to-VLAN
    Group: No group
    Position: Bottom
    Traffic Source: Any
    Traffic Service: port_7332
    Traffic Destination: External (address)
    NAT Mode: DNAT (destination)
    Destination: VLAN-PC
    Destination Service: <blank>

    Moreover, the firewall log shows the initial packet in white/grey ... 

    please advice thanks!

  • Alex,

    192.165.100.0/24 is Volvo's public subnet.  A better approach to the problem would be to make your internal LAN a reasonable size.  If you want to use 192.168.x.0/24, pick an x >10.

    Cheers - Bob

    PS When asking a new question, please start a new thread with an appropriate title.  That will make it easier for others to find information about their problem.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Alex,

    192.165.100.0/24 is Volvo's public subnet.  A better approach to the problem would be to make your internal LAN a reasonable size.  If you want to use 192.168.x.0/24, pick an x >10.

    Cheers - Bob

    PS When asking a new question, please start a new thread with an appropriate title.  That will make it easier for others to find information about their problem.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data