Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 13 replies
  • Subscribers 40 subscribers
  • Views 2729 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Simple DNAT rule created with Server Access Assistant does not work

CarstenDE

Hi all,

I created a DNAT rule with Server Access Assistant under SFOS 18.0.5 but it does not work at all. Here are the screenshots of the rules:

NAT rule:

Firewall rule:

Service definition:

Here is the TCPDUMP. Out interface Port2_ppp for an internal destination IP looks surprising to me...  

Any help would be very appreciated as I am out of ideas.

Best regards

Carsten



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to CarstenDE

    Hi,

    why do you need an incoming rule to your home assist device, does it not connect through an external server that your application talks to?

    Ian

    XG115W - v20.0.3 MR-3 - on holiday

    XGS118 waiting for licence to installed - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
  • 0 in reply to rfcat_vk

    Hi,

    HomeAssistant is only an example as it is a webserver and I can simply check with browser if it works.

    Mainly I need port forwarding for a WireGuard VPN I would like to build up. I need to use WireGuard, as Sophos SSL VPN does not work. I can connect but the internal IPs are not reachable from VPN. I double checked all settings again and again according to the official How-Tos, but no success. Then I switched to WireGuard but now a simple port forwarding does not work, even though all the settings are exactly like in the docs.

    Best regards

    Carsten

  • 0 in reply to CarstenDE

    Hi,

    thank you for the details. Have you created a firewall rule allowing the traffic from the VPN IP range to your LAN range?

    Ian

    XG115W - v20.0.3 MR-3 - on holiday

    XGS118 waiting for licence to installed - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Yes, I did. It was not used. Something is wrong with my box.

    As you can see in the pcap above the natted packet is send to the WAN interface but not into LAN. I think that is the root cause. But how can I change that?

  • 0 in reply to CarstenDE

    That rule would need to be above the one that is directing the traffic to the WAN.

    Ian

    XG115W - v20.0.3 MR-3 - on holiday

    XGS118 waiting for licence to installed - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML