Port forwarding - firewall log accepts packet, nothing in state table.
-
I am attempting to port forward UDP port 9001 to an inside address of 172.16.40.34, I have one static IP for my WAN interface. There are two internet hosts that need to connect to the inside NAT 172.16.40.34, both on UDP port 9001 that I noticed an entry in the firewall log accepting one host (HOST A), but the state table showing a connection for the other (HOST B). What am I doing wrong here?
NAT rule:
If Proto Ext. port range NAT IP Int. port range
WAN UDP 9001 172.16.40.34 9001Firewall rule:
Proto Source Port Destination Port Gateway
UDP * * 172.16.40.34 9001 *What I see in the firewall logs:
HOSTA = @79 pass in log quick on bce1 inet proto udp from any to 172.16.40.34 port = 9001 keep state label "USER_RULE: NAT "
no log entry for HOSTBWhat I see in the state table:
udp 172.16.40.34:9001 <- WANIP:9001 <- HOSTB:9001 MULTIPLE:MULTIPLE
udp HOSTB:9001 -> 172.16.40.34:9001 MULTIPLE:MULTIPLE
udp 172.16.40.34:9001 -> WANIP:27222 -> HOSTA:9001 SINGLE:NO_TRAFFIC -
I realized that I did not have outbound NAT static mapping the UDP ports, and appears all is well now that I enabled outbound manual NAT. I had to open all other ports to NAT as well (any to any) at the bottom of my NAT entries to get everything to work.