Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 5 subscribers
  • Views 50205 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNAT works for port 8080, does not work for port 80 (cloned rule)

Daniel xxx

Hi,

I have a very frustrating problem. I have a DNAT rule forwarding port 80 to our webserver, which does not work. When I clone the rule and swap port 80 with port 8080 it suddenly works.

I ticked Automatic firewall rule and Log initial packets and also enabled Log traffic in the auto-created firewall rule.

I tried to query the web server over port 80 and 8080.

The ONLY THING I see in the Firewall Live Log is the successful attempt to access port 8080. All access to port 80, which doesn't work, isn't even logged!

 

Edit: I moved rule #3 to position #1 but it didn't change anything. Web Protection > Web Filtering is OFF.



This thread was automatically locked due to age.
  • 0

    Hi,

    that seems like a bug.. I never experienced behaviour like this.

    Did you try deleting the NAT-Rule and creating a new one?

    If so i suggest contacting Sophos Support Staff.

     

    Regards,

     

    Ole

  • 0

    On the destination translation, shot in the dark.... my icon looks different. My destination translation is to a host ip4/ipv6.

    So I have:

    For traffic from: Any
    Using service: https
    Going to: Interface (one of the usable additional interface addresses bound to the WAN address)

    Change the destination to: Host (ip4/ipv6) internal address of host
    And the service to: leave blank

    Automatic firewall rule: Yes
    Log initial packets: Yes

  • 0 in reply to Louis-M

    @Ole, I suspect the same. We don't have Sophos Support and the technicians at my Vendor are all busy. So in the meantime I try to find an answer here.

     

    Louis,

    the icon is different, because I used a DNS host. The host is working, as shown in the port 8080 rule. This works by design. However, I created a ip-host just to be sure. Same issue, no change.

  • 0 in reply to Daniel xxx

    Quick update. I ran tcpdump on the sophos shell on all interfaces, listening on any communication from one of my internet servers. From that server i ran nmap only to figure out, that -- dropped or not -- any packet shows up EXCEPT packets to port 80 and 443. I think my ISP is messing with me.

  • 0 in reply to Daniel xxx

    TCPDump is great for this. Helped me out many a time as well as a good syslogger. Do you have any application control running?

    I had a right old polava due to having a http restriction sitting in there that was added from the interfaces on the main dashboard. Didn't show up in the fw gui logs

    Took me ages to discover it and thought I was going mad. There's a good thread on here called RULZ that details the order of thing being intercepted eg proxies before dnat's etc

    As you've eluded, certain ISP's can use a a firewall to block servers eg plusnet etc so it might be worth checking.

  • +1 in reply to Louis-M

    I confirmed it's not a Sophos problem, but the ISPs fault.

  • 0 in reply to Daniel xxx

    Glad you got it sorted. Out of interest, which ISP is it? Do they offer a control panel with a FW feature within it etc?

  • 0 in reply to Louis-M

    It's not sorted, unfortunately. It's Unitymedia in BW/Germany. They do not offer a control panel. They are also shifting the blame onto us (the customer), but I am very certain that the issue is not with us. They are telling us, we have a problem with our firewall, although not even a directly connected webserver with no firewall-software installed is not reachable via port 80. Very tedious discussion.

Unfiltered HTML