Please help: All DNAT rules suddenly stopped working, affecting remote access and external access

Hi,

Sometimes a firmware upgrade effects the residing configurations in UTM. The first and foremost step after an update is to restore a backup from the previous version. Can you try that and update us if the issue resolves? 

Contrary to this, I am unable to understand why all the ports are mapped with the DNAT rule 3, always map required ports or have an additional IP on such requirement.

Thanks

I tried the restore process and I am still unable to access the server from outside of the network. Can you also clarify what do you mean by:

"Contrary to this, I am unable to understand why all the ports are mapped with the DNAT rule 3, always map required ports or have an additional IP on such requirement."

Just to confirm is the backup/restore tool accessed via this page and clicking on the highlighted green arrow:

I just get logged out of the UTM but I am not sure if the restore process is successful.

sadfa

Please help me out guys :( This is causing major issues. Will re-installing Sophos UTM and reloading the config help?

Hi,

Yes, you access the correct page to restore the config. After the successful restore, UTM will log out and you need to login again.

I think, I found the issue. In the no 1 DNAT rule, the going to object should be External WAN (address) instead of (network). PFA screenshot and configure the DNAT rule exactly.

Any help with that?

Hi sachingurung- It is still not working :( None of the ports are visible outside of the network...

Hi,

Take SSH to UTM and login as root. Execute,

tcpdump -nei any port 3389

and try to establish an RDP connection on homestation. Do you see any logs here? Please post them here.

Thanks

I don't see any logs at all and even tried with a few other ports :(

Actually how long does it take for the logs to appear?

here are additional capture data with port 3389

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
23:18:20.097947 Out 00:25:90:f4:54:60 ethertype IPv4 (0x0800), length 91: 192.168.0.10.3389 > 8.8.8.8.53: 158                                                                     
23:18:20.128167  In f0:f2:49:8c:75:b2 ethertype IPv4 (0x0800), length 107: 8.8.8.8.53 > 192.168.0.10.3389: 15                                                                    

 Hi,

If you see no logs for TCP dump on port 3389 then there is no request hitting UTM to access the server. Can you post a screenshot of the inside configuration of the DNAT rule and the host definitions defined in the policy?

Thanks

Jay the last capture you showed us is of a UDP port 53 request to Google DNS and the server's response.

Cheers - Bob

Jay the last capture you showed us is of a UDP port 53 request to Google DNS and the server's response.

Cheers - Bob

sachingurung & balfson - from the bottom of my heart I want to say THANK YOU for all the help! It turned out that that issue is caused by the ISP's Piece of crap modem that somehow reset itself to default and lost the bridge mode. So I am effectively in a double NAT situation without noticing it. The modem somehow lost the ability to bridge and I had it swapped out and now everything is working! I did do a re-image and restored previous setting the process is flawless.

How did I finally realize the issue? I tried to do a fresh UTM install and re-config things from scratch without much avail. Then with great sadness I decided to try another UTM called ClearOS and during the setup, it displayed the IP of my LAN and WAN port. The WAN IP is certainly not my public IP and thats how i realized it is not in bridge mode. ClearOS is just like a kid's toy vs the true enterprise grade Sophos UTM!

So happy to have everything back up and I knew Sophos with such stellar reputation wouldn't break something this simple through an update!

Hi,

You're welcome, please contact us for any further assistance. 

Thanks for choosing Sophos.

Not a problem and I am sure many home users are eternally thankful to Sophos for making the UTM free for home use! Other alternatives simply don't come close to the functionality and support!