HelloI have searched and can see others have this issue, however none of the solutions have worked for me so far.I have followed the steps at https://docs.sophos.com/nsg/sophos-firewall/19.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/RulesAndPolicies/NATRules/RulesPoliciesCreateDNATAndFirewallRulesForInternalServers/index.html#specify-the-nat-rule-settings to create the following policies, with the intention of allowing WAN -> LAN traffic the specified ports:
Sophos Public Address is an IP 192.168.0.90
Valheim Server is an IP 172.16.50.110
The service 'Valheim' is defined as:
The packet captures I have been getting are as follows:
(apologies for drop-packet as an image and not plain text)
Any help would be greatly appreciated
Firewall Rule has to be Sophos_Public IP and your Server as Zone in Destination Section.
And the NAT Rule is not applied. The Service is off: You need to change the Source Port to 1:65500 to include the high ports.
Hi Lucar - thanks for your helpBetween your feedback (which I have implemented) and comparisons with the native DNAT wizard for creating rules, I've isolated a possible cause. There is another NAT rule, as shown below:
In the ordering shown above, the packets are rejected due to ACL violation. When I order my NAT rule on top, the packets are accepted - given that the default rule is for outbound traffic on PortB (my WAN port) this doesn't strike me as intended behavior, could it be a bug?\
In any instance, my issue should be resolved now, thanks again.EDIT: Tested this with the wizard-generated rules - in default order the packets are forwarded, if I place the default SNAT IPv4 rule on top the packets are dropped.
It's not bug but intended behavior.
Once your traffic will match any NAT rule, it won't traverse below.
Same applies to Firewall rule as well.
Senior Development Manager, Sophos Firewall
Hello SanketThanks for the explanation - I hadn't expected the traffic to match with the default rule.