Port Forwarding Problem
-
I've seen this issue addressed several times in the forums but haven't seen a solution.
There seems to be a scenario where NAT Port Forwarding does not work.
Here's what I have in my new firewall setup:
WAN interface: 173.167.79.113/28
Virtual IP: 173.167.79.125 (Proxy ARP)
Port Forward NAT Rule
Interface: WAN
Protocol: TCP
External Port: 9022
NAT IP: 173.167.79.125
Local Port SSH (22)I Auto Added firewall rule when creating the Port Forward
Outbound NAT: AutomaticGoal is to have port 9022 go to SSH on the specified IP address. This doesn't work.
-
Why is the "NAT IP" the same as the VIP in that case? It should have the external IP be the VIP, and the NAT IP should be the actual internal IP.
-
That was my transcribing mistake.
That part should have read:
Port Forward NAT Rule
Interface: WAN
External Address: 173.167.79.125
Protocol: TCP
External Port: 9022
NAT IP: 10.0.5.2
Local Port SSH (22) -
That should work fine, it did last I tried it. I do that on a VM with another VM behind it to hit ssh on the via outside:222 to inside:22
As long as the firewall rule matches up, it should work fine. Do some packet captures on WAN and LAN to see how the traffic is (or isn't) being translated and passed.
-
I'm not getting any packets captured at 179.167.79.125:9022
I've also turned on logging for the firewall rule but nothing shows.
-
Then a proxy ARP VIP may not work in your case. Have you tried IP Alias? CARP?
-
And the other proxy ARP VIPs do work?
If a packet capture showed no traffic coming into that port, then it wasn't being delivered from upstream. If it was a problem with the port forward or firewall rules, you'd see it in the packet capture on WAN but not going out on LAN.
-
Very interesting. I moved to another IP and it worked like a charm…
Thanks for the help!
