Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall multiple NAT ports

    Scheduled Pinned Locked Moved NAT
    1 Posts 1 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Joolee
      last edited by

      I've got a ssh server running on a lan. port 8090 if forwarded to port 22 so outside clients can connect. I've run into a client that connects from behind a very restrictive firewall that won't allow connections to port 8022 but does allow connections to port 22.

      I want to allow only that client IP to connect to port 22.

      The problem with this situation is that if I make a NAT forward (without associated rule) for port 22 > port 22, the whole internet is allowed to connect to port 22 because the associated rule for the 8022 > 22 NAT rule accepts all connections to lan_ip:22

      It seems like NAT is applied before the firewall kicks in, isn't this a problem many people would run in to?

      (I've already worked around it by making the SSH server listen to 8022 and 22 while making 2 NAT forwards for 8022 > 8022 and 22 > 22. But that's not the point.)

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.