DNAT Problem

Question

Hello.
I am trying to install a Rustdesk server in our office LAN. All works perfectly if I configure clients tu use private IP of the server (10.0.0.248); now I want to configure a DNAT in Sophos XGS using a secondary public IP address at our disposal.

1. I created a WAN Alias for the secondary public IP
2. I created an host for the Rustdesk server (RustSRV)
3. I created a service for the ports used by the Rustdesk Server: TCP 21115-21119 and UDP 21116
4. I created the DNAT rule that I attached, using the wizard.
5. I set the public IP of the Rustdesk Server on the clients, instead of the server private ip.

The PCs in the office LAN are unable to connect, giving an error on port 21116; however, if both PCs are outside the office, they work correctly.

What I'm going wrong?

In the DNAT rule summary, the outbound traffic from the internal server RustSRV uses the Primary IP address instead of the secondary one. Could this be the problem? Where can I change it?

Thanks for the support!

Added TAGs
[edited by: Raphael Alganes at 2:13 PM (GMT -8) on 21 Feb 2025]

LuCar Toni · Accepted Answer

Try a LAN to LAN Rule. Because your Server is in LAN (i assume), your LAN client need a firewall rule to allow it to be reachable via NAT.

Raphael Alganes · Answer

Hello, 
 Thanks for reaching out to Sophos Community 
 to confirm your issue, - when PCs in LAN try to access > the Server using its public IP but are unable and facing an error? 
 Fondartigianato said: The PCs in the office LAN are unable to connect, giving an error on port 21116 
 If it is, have you tried configuring a loopback rule: https://docs.sophos.com/nsg/sophos-firewall/21.0/help/en-us/webhelp/onlinehelp/AdministratorHelp/RulesAndPolicies/NATRules/NATDNATServerAccessAssistant/index.html#loopback-rule 
 Regards,

DNAT Problem

Top Replies