Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 45 replies
  • Subscribers 3 subscribers
  • Views 370628 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot open any ports via NAT or firewall rule but existing ones work?

traderjay
Hi All - I am trying to enable remote access for the Plex server and it requires the opening of ports in the 32xx range. 

I enabled the following DNAT rule: TCP 1:65535 → 32400.

Unfortunately the port remains closed when testing using this site and on Plex Server's network config:
Open Port Check Tool

I tried a variety of port numbers and none of them seemed to work which is very baffling. As a last resort, I tried some common port used by RDP such as 3389 and the connection worked....

Lastly, I am also using the following rule on my UTM:

Internal (Network) -> any -> any

I've also reviewed the firewall log and below is the dropped packet:

2015:10:19-12:30:19 homestation ulogd[6592]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="ppp0" srcip="54.193.168.189" dstip="24.140.238.16" proto="6" length="60" tos="0x00" prec="0x00" ttl="47" srcport="2985" dstport="32400" tcpflags="SYN"


This thread was automatically locked due to age.
  • 0
    Try #4 in Rulz.  Any luck with that?


    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Hi Bob - thanks for replying to my thread. 

    Can you please explain to me: "in "Going to:" always use the "(Address)" object created by WebAdmin when the interface or the Additional Address was defined."

    What do you mean by "(Address)"

    Right now I have it setup the following manner:

    Matching Condition:
    For traffic from: Any
    Using Service: Plex (Opens port 1:65535 -> 32600)
    Going to: External (Wan Address)

    Action:
    Change the destination to: Plex Server IP
  • 0
    What do you mean by "(Address)"
    For each network on the UTM, there are three different definitions:  (Address), (Broadcast), and (Network).  Go to Definitions & Users > Network Definitions > Network Definitions to see this.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0
    If you're using the "External (Address)" object for 'Going to', then you might have a problem with #3 in Rulz.

    If you can't get it going, click on [Go Advanced] below and attach a picture of the Edit of the NAT rule with the Plex Server Host definition in Edit with 'Advanced' open.  Also copy and paste one or two related lines from the full Firewall log file (Not the Live Log).

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to Scott_Klassen
    Try #4 in Rulz.  Any luck with that?


    Cheers - Bob


    For each network on the UTM, there are three different definitions:  (Address), (Broadcast), and (Network).  Go to Definitions & Users > Network Definitions > Network Definitions to see this.


    Ahh got it...so in the network selection below, I should choose External (WAN) (Address):

    External (WAN) (Address)
    External (WAN) (Broadcast)
    External (WAN) (Network)
  • 0
    Ahh got it...so in the network selection below, I should choose External (WAN) (Address)
    You got it.  [:)]
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0 in reply to BAlfson
    If you're using the "External (Address)" object for 'Going to', then you might have a problem with #3 in Rulz.

    If you can't get it going, click on [Go Advanced] below and attach a picture of the Edit of the NAT rule with the Plex Server Host definition in Edit with 'Advanced' open.  Also copy and paste one or two related lines from the full Firewall log file (Not the Live Log).

    Cheers - Bob


    Here we go on the firewall log: 

    2015:10:20-13:56:48 homestation ulogd[12270]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="ppp0" srcip="107.20.89.142" dstip="69.165.161.58" proto="6" length="60" tos="0x00" prec="0x00" ttl="36" srcport="57776" dstport="32600" tcpflags="SYN" 

    2015:10:20-13:56:50 homestation ulogd[12270]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="ppp0" srcip="107.20.89.142" dstip="69.165.161.58" proto="6" length="60" tos="0x00" prec="0x00" ttl="36" srcport="57776" dstport="32600" tcpflags="SYN" 

    2015:10:20-13:56:52 homestation ulogd[12270]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="ppp0" srcip="107.20.89.142" dstip="69.165.161.58" proto="6" length="60" tos="0x00" prec="0x00" ttl="36" srcport="57776" dstport="32600" tcpflags="SYN" 
  • 0
    Two problems stand out:

    Under Action, you need to populate Change the Destination to with your internal Plex server (whatever you are forwarding these packets to) and leave And the service to blank.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0 in reply to Scott_Klassen
    Two problems stand out:

    Under Action, you need to populate Change the Destination to with your internal Plex server (whatever you are forwarding these packets to) and leave And the service to blank.


    Tried this and still no avail [:(]. I've attached my Plex server screenshot and server mapping...
  • 0
    The server mapping screenshot confuses me.  So, the unsolicited traffic is coming in from the WAN on port 32600 and the internal server is accepting the traffic on port 32400?

    May have to rely on what others have posted about Plex usage in the past as it looks to be a bit wonky:  Let me google that for you
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
Unfiltered HTML