I am not sure if this is a route problem or a DNAT issue. I am trying to open up port 22 in the firewall by using a DNAT rule, but when I am testing to see if the port is open on destination server, its not working. I am using the website http://canyouseeme.org/ to perform the test port open check. The error the website is displaying is:
Error: I could not see your service on xx.xx.xx.xx on port (22)
Reason: No route to host.
When I test out other ports that should be closed, I get a different error from the website "Reason: Connection timed out". So it appears the DNAT is configured correctly, but still not sure why its not working.
When I test for port 22, in the live log of the firewall, i never see any lines with port 22 in the log. When I test with a random port that has not been opened with DNAT, I can see the firewall DROPing the TCP packet. I have every service turned off except the firewall. Any help would be greatly appreciated.
Thanks
I have included pictures of everything.
Network diagram
Network Protection -> Firewall -> Masquerading
Network = Internal (Network) 10.0.0.0/24
Interface = External (WAN)
Definitions & Users -> Service Definitions
Name = SSH
Type of definition = TCP
Destination port = 22
Source port: 1:65535
Network Protection -> Firewall -> NAT
Rule type:DNAT (destination)
Matching condition
For traffic from = Any IPv4
Using service = SSH
Going to = External (WAN) (Address)
Action
Change the destination to = rin-server
Automatic firewall rule = checked
Advanced = Log inital packets = checked
Definitions & Users -> Network Definitions
Name = rin-server
Type = Host
IPv4 address: 10.0.0.64
This thread was automatically locked due to age.