Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 5375 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NAT Port range not still not working

JasonCantos

Hi all,

 

I have created a NAT rule which is pointed to my Server using this protocol TCP/UDP 50000 - 50050 but i have checked it to this site http://www.yougetsignal.com/tools/open-ports/ and discovers that still some of the ports which is inside the range I defined is not working 

 

ex.

 

50001 - 50005 - Open (working)

50006 - 50009 - Closed (not working)

50010 - Working

50010 - 50050 closed (not working)

 

I created a services as details below

 

Service Definition

Type Definition: TCP/UDP

Destination Port: 50000:50050

Source Port: 1:65535

 

 

NAT Rule

Rule Type: Full NAT (Source+Destination)

For Traffic from: ANY

Using Service: <Service I Created>

Going To: External WAN Address < public IP>

Change the destination to: <Local Server IP Address>

Change the source to: Interna Address <Local Address of Sophos>

 

I am wondering only few ports are working from the range I defined.

 

Can you assist me regarding this?

 

Regards,

 

Jason

 

 

 



This thread was automatically locked due to age.
  • 0

    Hi Jason,

    you just need a DNAT:

    Traffic from: ANY

    Using Service: <your created Service>

    Going To: External WAN Address < public IP>

    Change the destination to: <Local Server IP Address>

     

    If it doesn't work, there must be an other problem. Is your UTM connected to a WAN router that can block the ports?

    Viele Grüße / Best Regards,
    Manu

    - CISO -
    - Sophos SCA & Partner-

  • 0 in reply to ManuelAbeledo

    Hi Manuel,

     

    some ports are working 50000-50005 I can see that they are open but the remaining I am still guessing why others not working which is included in the port range

     

    Yes my UTM directly connected to WAN router

  • 0

    Hi Jason,

    Show us a picture of the DNAT configuration and make sure the Destination Address is External (Address). Check in the packetfilter.log and see if any traffic is dropped which can give us an idea about which ports needs to be added.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • +1

    i think the destinationserver behind this NAT Rule currently don#t use the unreacheble ports.

    use "netstat -an" if you use a windows server to check if server currently has listener active at this ports.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Hi Dirkotte

     

    I guess you're right bcoz if some ports are working 50000 - 50005 meaning my config is correct it just so happen maybe the application they install is this particular ports are being used.

     

     

    Regards,

     

     

    Jason 

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML